Creating Cloud-init Scripts for Self-managed Nodes
Find out how to create the cloud-init script for a self-managed node that you want to add to an enhanced cluster created with Kubernetes Engine.
When creating a self-managed node to add to an enhanced cluster, you have to provide a cloud-init script that specifies the cluster's Kubernetes API private endpoint and base64-encoded CA certificate.
To create the cloud-init script for a self-managed node:
- Obtain the Kubernetes API private endpoint of the enhanced cluster to which you want to add the self- managed node using the Console or the CLI:
- Using the Console:
- On the Clusters list page, select the name of the enhanced cluster to which you want to add the self-managed node. If you need help finding the list page or the cluster, see Listing Clusters.
On the Cluster Details page, the Kubernetes API private endpoint is shown, including the port number. For example,
10.0.103.170:6443 - Make a note of the cluster's Kubernetes API private endpoint, without the port number. For example,
10.0.103.170
- On the Clusters list page, select the name of the enhanced cluster to which you want to add the self-managed node. If you need help finding the list page or the cluster, see Listing Clusters.
- Using the CLI:
- Enter:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --kube-endpoint PRIVATE_ENDPOINT --file - \ | grep -oE "https://[0-9\.]+:6443" \ | sed -E 's^https://([0-9\.]+):.*^\1^'The
grepcommand extracts the URL of the cluster endpoint from the output of thece cluster create-kubeconfigcommand. Thesedcommand removes the protocol and port information from the cluster endpoint's URL to leave just the IP address. - Make a note of the cluster's Kubernetes API private endpoint. For example,
10.0.103.170
- Enter:
- Using the Console:
- Obtain the cluster's base64-encoded CA certificate from the cluster's kubeconfig file using the Console or the CLI:
- Using the Console:
- On the Cluster Details page, make a note of the cluster's OCID. For example,
ocid1.cluster.oc1.phx.aaaaaaaa______ivq - Select Access Cluster.
- In the Access Your Cluster dialog, select Cloud Shell Access, and select Launch Cloud Shell.
- In the Cloud Shell window, enter the following command:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --file - | grep -oE "LS0t.*"where:
<cluster-ocid>is the value of the--cluster-idparameter shown in step 2 in the Access Your Cluster dialog.<region-identifier>is the value of the--regionparameter shown in step 2 in the Access Your Cluster dialog.
For example:
oci ce cluster create-kubeconfig --cluster-id ocid1.cluster.oc1.phx.aaaaaaaa______ivq --region us-phoenix-1 --file - | grep -oE "LS0t.*"The base64-encoded CA certificate is shown in the Cloud Shell window as a long alphanumeric string starting with the characters
LS0t. - Make a note of the cluster's base64-encoded CA certificate.
- On the Cluster Details page, make a note of the cluster's OCID. For example,
- Using the CLI:
- Enter:
oci ce cluster create-kubeconfig --cluster-id <cluster-ocid> --region <region-identifier> --file - | grep -oE "LS0t.*"The base64-encoded CA certificate is shown in the Cloud Shell window as a long alphanumeric string starting with the characters
LS0t. - Make a note of the cluster's base64-encoded CA certificate.
- Enter:
- Using the Console:
- Create the cloud-init script as follows:
- In a text editor of your choice, create a new text file.
- Copy and paste the following script into the file:
#!/usr/bin/env bash bash /etc/oke/oke-install.sh \ --apiserver-endpoint "<cluster-endpoint>" \ --kubelet-ca-cert "<base64-encoded-certificate>"where:
<cluster-endpoint>is the cluster's Kubernetes API private endpoint that you obtained earlier (without the port number). For example,10.0.103.170<base64-encoded-certificate>is the cluster's base64-encoded CA certificate that you obtained earlier (starting with the charactersLS0t).
For example:
#!/usr/bin/env bash bash /etc/oke/oke-install.sh \ --apiserver-endpoint "10.0.103.170" \ --kubelet-ca-cert "LS0t______UtLS0tLQo=" - Save the text file for use when you create the self-managed node.