Creating an OKE VCN
On Compute Cloud@Customer, to configure OKE, create a VCN, and a public route and a private route.
Create the following resources in the order listed:
- Create the VCN
- Create a Private Route Table
- Create a Public Route Table
- Modify the VCN Default Security List
Create the VCN
To create the VCN, follow the instructions in Creating a VCN, and use the parameters listed in this section. For Terraform input, see Example Terraform Scripts for Network Resources.
Subnets are created later, and described in subsequent sections.
For this example, use the following input to create the VCN. The VCN covers one contiguous CIDR block. The CIDR block can't be changed after the VCN is created.
Compute Cloud@Customer Console property |
CLI property |
---|---|
|
|
Note the OCID of the new VCN for use later. In the examples in this guide, this VCN
OCID is ocid1.vcn.oke_vcn_id
.
Create a Private Route Table
Create a NAT gateway, and edit the default route table to reference the NAT gateway. This enables traffic to go outside the VCN but not to the internet (for example, to your data center).
- Create a NAT Gateway
-
To create the NAT gateway, use the instructions in Configuring a NAT Gateway. For Terraform input, see Example Terraform Scripts for Network Resources.
Note the name and OCID of the NAT gateway for assignment to the private route rule.
- Create a Private Route Rule
-
Modify the default route table, using the following input to create a private route rule that references the NAT gateway that was created in the preceding step. See Updating Route Table Rules.
Compute Cloud@Customer Console property
CLI property
-
Display name: Default - private
Route rule
-
Target Type: NAT Gateway
-
NAT Gateway: Name of the NAT gateway that was created in the preceding step
-
CIDR Block: 0.0.0.0/0
-
Description: OKE private route rule
-
--rt-id
:ocid1.routetable.default_routetable_id
-
--display-name
: Default - private
--route-rules
-
networkEntityId
: OCID of the NAT gateway that was created in the preceding step -
destinationType
:CIDR_BLOCK
-
destination
:0.0.0.0/0
-
description
: OKE private route rule
Note the name and OCID of this route table for assignment to private subnets.
-
Create a Public Route Table
Create an Internet gateway and a route table with a route rule that references the Internet gateway. This enables internet access for OKE nodes.
- Create an Internet Gateway
-
To create the internet gateway, use the instructions in Configuring an Internet Gateway. For Terraform input, see Example Terraform Scripts for Network Resources.
Note the name and OCID of the internet gateway for assignment to the public route rule.
- Create a Public Route Rule
-
Create a public route rule for the internet gateway you just created. To create a route table, use the instructions in Creating a Route Table. For Terraform input, see Example Terraform Scripts for Network Resources.
For this example, use the following input to create the route table with a public route rule that references the internet gateway that was created in the preceding step.
Compute Cloud@Customer Console property
CLI property
-
Name: public
Route rule
-
Target Type: Internet Gateway
-
Internet Gateway: Name of the internet gateway that was created in the preceding step
-
CIDR Block: 0.0.0.0/0
-
Description: OKE public route rule
-
--vcn-id
:ocid1.vcn.oke_vcn_id
-
--display-name
: public
--route-rules
-
networkEntityId
: OCID of the internet gateway that was created in the preceding step -
destinationType
:CIDR_BLOCK
-
destination
:0.0.0.0/0
-
description
: OKE public route rule
-
Modify the VCN Default Security List
To modify a security list, see Updating a Security List. For Terraform input, see Example Terraform Scripts for Network Resources.
Delete all the default rules, then create the rules shown in the following table.
Compute Cloud@Customer Console property |
CLI property |
---|---|
|
|
One egress security rule:
|
One egress security rule:
|
Three ingress security rules: |
Three ingress security rules:
|
Ingress Rule 1
|
Ingress Rule 1
|
Ingress Rule 2
|
Ingress Rule 2
|
Ingress Rule 3
|
Ingress Rule 3
|
Note the name and OCID of this default security list for assignment to subnets.
Next Step: