Creating Cloud-init Scripts for Self-managed Nodes
Find out how to create the cloud-init script for a self-managed node that you want to add to an enhanced cluster created with Kubernetes Engine.
When creating a self-managed node to add to an enhanced cluster, you have to provide a cloud-init script that specifies the cluster's Kubernetes API private endpoint and base64-encoded CA certificate.
To create the cloud-init script for a self-managed node:
- Obtain the Kubernetes API private endpoint of the enhanced cluster to which you want to add the self- managed node using the Console or the CLI:
- Using the Console:
- Open the navigation menu and click Developer Services. Under Containers & Artifacts, click Kubernetes Clusters (OKE).
- On the Cluster List page, click the name of the enhanced cluster to which you want to add the self-managed node.
On the Cluster Details page, the Kubernetes API private endpoint is shown, including the port number. For example,
10.0.103.170:6443
- Make a note of the cluster's Kubernetes API private endpoint, without the port number. For example,
10.0.103.170
- Using the CLI:
- Enter:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --kube-endpoint PRIVATE_ENDPOINT --file - \ | grep -oE "https://[0-9\.]+:6443" \ | sed -E 's^https://([0-9\.]+):.*^\1^'
The
grep
command extracts the URL of the cluster endpoint from the output of thece cluster create-kubeconfig
command. Thesed
command removes the protocol and port information from the cluster endpoint's URL to leave just the IP address. - Make a note of the cluster's Kubernetes API private endpoint. For example,
10.0.103.170
- Enter:
- Using the Console:
- Obtain the cluster's base64-encoded CA certificate from the cluster's kubeconfig file using the Console or the CLI:
- Using the Console:
- On the Cluster Details page, make a note of the cluster's OCID. For example,
ocid1.cluster.oc1.phx.aaaaaaaa______ivq
- Click Access Cluster.
- In the Access Your Cluster dialog, click Cloud Shell Access, and click Launch Cloud Shell.
- In the Cloud Shell window, enter the following command:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --file - | grep -oE "LS0t.*"
where:
<cluster-ocid>
is the value of the--cluster-id
parameter shown in step 2 in the Access Your Cluster dialog.<region-identifier>
is the value of the--region
parameter shown in step 2 in the Access Your Cluster dialog.
For example:
oci ce cluster create-kubeconfig --cluster-id ocid1.cluster.oc1.phx.aaaaaaaa______ivq --region us-phoenix-1 --file - | grep -oE "LS0t.*"
The base64-encoded CA certificate is shown in the Cloud Shell window as a long alphanumeric string starting with the characters
LS0t
. - Make a note of the cluster's base64-encoded CA certificate.
- On the Cluster Details page, make a note of the cluster's OCID. For example,
- Using the CLI:
- Enter:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --file - | grep -oE "LS0t.*"
The base64-encoded CA certificate is shown in the Cloud Shell window as a long alphanumeric string starting with the characters
LS0t
. - Make a note of the cluster's base64-encoded CA certificate.
- Enter:
- Using the Console:
- Create the cloud-init script as follows:
- In a text editor of your choice, create a new text file.
- Copy and paste the following script into the file:
#!/usr/bin/env bash bash /etc/oke/oke-install.sh \ --apiserver-endpoint "<cluster-endpoint>" \ --kubelet-ca-cert "<base64-encoded-certificate>"
where:
<cluster-endpoint>
is the cluster's Kubernetes API private endpoint that you obtained earlier (without the port number). For example,10.0.103.170
<base64-encoded-certificate>
is the cluster's base64-encoded CA certificate that you obtained earlier (starting with the charactersLS0t
).
For example:
#!/usr/bin/env bash bash /etc/oke/oke-install.sh \ --apiserver-endpoint "10.0.103.170" \ --kubelet-ca-cert "LS0t______UtLS0tLQo="
- Save the text file for use when you create the self-managed node.