by Velucid ⏲ May 18, 2021
OCI OKE(Oracle Kubernetes Engine) 따라하기
OCI OKE 운영을 위한 기본 환경 구성
OCI OKE에 애플리케이션 배포하기
Bastion 서버에 OCI CLI를 설치하고, API Key를 통해 OCI Endpoint와 연동하는 과정을 보여줍니다.
OCI CLI 설치를 위해서는 yum을 통한 외부 접속(https)이 필요합니다. 이를 위해서 Bastion 서버의 Linux 방화벽을 에서도 https 접속을 허용해야 합니다.
- OKE 관리용 Bastion Server 구축 단계에서 외부 접속을 위한 OCI Security List는 이미 설정이 되어 있음
- Security List에 의해 최소한의 접근만 허용되기 때문에, Linux 방화벽은 http/https의 전 포트를 오픈
[opc@k8s-manager ~]$ sudo firewall-cmd --permanent --add-service=http
[opc@k8s-manager ~]$ sudo firewall-cmd --permanent --add-service=https
xxxxxxxxxx
[opc@k8s-manager ~]$ sudo firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
참고: Linux 방화벽 명령어
xxxxxxxxxx
1) 방화벽 상태 점검
$ sudo firewall-cmd --state
2) 방화벽 시작/중지
$ sudo systemctl start firewalld
$ sudo systemctl stop firewalld
3) 방화벽 활성화/비활성화
$ sudo systemctl disable firewalld
$ sudo systemctl enable firewalld
yum을 통해 OCI CLI를 설치합니다.
접속 오류가 나오는 경우에는, Internet Gateway 연결(routetable) 및 Security List의 재 점검 필요
xxxxxxxxxx
$ sudo yum install python36-oci-cli
x[opc@k8s-manager ~]$ sudo yum install python36-oci-cli
Loaded plugins: langpacks, ulninfo
...
ol7_oci_included/x86_64/primary_db | 563 kB 00:00
...
(15/15): ol7_latest/x86_64/primary_db | 35 MB 00:00
...
Transaction Summary
================================================================================
Install 1 Package (+14 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 24 M
Is this ok [y/d/N]: y
Downloading packages:
...
(16/16): python36-tzlocal-1.2-3.el7.noarch.rpm | 27 kB 00:00
--------------------------------------------------------------------------------
Total 33 MB/s | 24 MB 00:00
...
Installed:
python36-oci-cli.noarch 0:2.22.1-1.el7
Dependency Installed:
...
python36-tzlocal.noarch 0:1.2-3.el7
Dependency Updated:
python36-oci-sdk.x86_64 0:2.35.0-1.el7
Complete!
xxxxxxxxxx
[opc@k8s-manager ~]$ sudo pip3 install oci-cli --upgrade
Collecting oci-cli
Downloading https://files.pythonhosted.org/packages/21/3f/0c6c1ecd17e85d6f6f7284586a83aaa49c9f3f66e304492756557a63157a/oci_cli-2.24.1-py2.py3-none-any.whl (15.4MB)
100% |████████████████████████████████| 15.4MB 129kB/s
...
Successfully installed PyYAML-5.3.1 certifi-2020.12.5 cffi-1.14.5 cryptography-3.3.2 oci-2.37.0 oci-cli-2.24.1 pyOpenSSL-19.1.0 pycparser-2.20 python-dateutil-2.8.1 pytz-2021.1
xxxxxxxxxx
...
xxxxxxxxxx
[opc@k8s-manager ~]$ oci -version
2.24.1
[opc@k8s-manager ~]$ pip3 list | grep oci
oci (2.37.0)
oci-cli (2.24.1)
oci-utils (0.11.6)
OCI Private Key 파일 생성
xxxxxxxxxx
[opc@k8s-manager ~]$ cat ~/.oci/oci-api-key.pem
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCM0f479yz9fpSa
zpcGmA4LqgoJmMBDs7IkCdQwXjs9xaLDOH605K4lSiLuM1RuULWIXwiJoPLiB5sn
...
u8rLxXRHdM4o4jsbPLQlVeH1DSQ75uDD4/MeYHmbovN3Bz5AOmf8Inh6dwfzB0yF
CHX9f3XK9W6GgJXZdBEBZQ==
-----END PRIVATE KEY-----
OCI Configuration File 생성
xxxxxxxxxx
[opc@k8s-manager ~]$ cat ~/.oci/config
[DEFAULT]
user=ocid1.user.oc1..aaaaaaaai*************************vinumq
fingerprint=b2:ae:bd:33:d1**********************:2e:47
tenancy=ocid1.tenancy.oc1..aaaaaa********************pqmmsgxihlbcemkklrsqa
region=ap-seoul-1
key_file=~/.oci/oci-api-key.pem
Configuration File 접근 권한 변경
xxxxxxxxxx
[opc@k8s-manager ~]$ oci setup repair-file-permissions --file ~/.oci/config
[opc@k8s-manager ~]$ oci setup repair-file-permissions --file ~/.oci/oci-api-key.pem
xxxxxxxxxx
[opc@k8s-manager ~]$ oci iam region list | grep -B 1 -E "seoul|chun"
"key": "ICN",
"name": "ap-seoul-1"
--
"key": "YNY",
"name": "ap-chuncheon-1"
참고자료
- OCI Doc : OCI CLI Setting Up