Permissions required by the Container Engine for Kubernetes service are created automatically
- Services: Kubernetes Engine
- Release Date: March 12, 2020
Previously, you had to define identity policies to grant the Container Engine for Kubernetes service the necessary permissions to create and manage clusters. The necessary identity policies are now created automatically in your tenancy.
In particular, note that you no longer have to define the 'Allow service OKE to manage all-resources in tenancy' policy to enable the Container Engine for Kubernetes service to perform operations on clusters. If this identity policy already exists, Oracle recommends that you delete it.
Note that you still have to configure identity policies to allow clusters to access certain cloud infrastructure resources. For more information, see Policy Configuration for Cluster Creation and Deployment.
07 March 2024: Release note reworded to clarify that it is identity policies for the Container Engine for Kubernetes service that are created automatically. Identity policies for clusters are still required.