Changes to Policies for Container Engine for Kubernetes

Oracle Container Engine for Kubernetes now supports more granular control of access to Oracle Cloud Infrastructure resources. To enable existing users and groups to continue to create and manage new and existing clusters, you have to add the following extra policy statements:

  • Allow group <group-name> to MANAGE instance-family in <location>
  • Allow group <group-name> to USE subnets in <location>
  • Allow group <group-name> to READ virtual-network-family in <location>
  • Allow group <group-name> to USE vnics in <location>
  • Allow group <group-name> to INSPECT compartments in <location>
  • Allow group <group-name> to MANAGE cluster-family in <location>

Note that you must add the extra policy statements before September 2, 2019. Attempting to create and manage new and existing clusters without the extra policy statements after that date will result in errors.

For more information, see Policy Configuration for Cluster Creation and Deployment.