Table of contents
Open Table of contents
Oracle Cloud
계정 생성
무료 계정으로 A1 ARM Compute 생성 시 Out of Capacity 에러로 인해 유료 계정으로 전환이 필요합니다. 유료 계정으로 전환 후에도 Free tier 한도 내에서 무료로 사용 가능하며 몇 개월간 사용했을 때 Loadbalancer 오생성으로 $1 정도 청구된 것 외에는 별도로 청구된 항목은 없으니 안심하셔도 될 것 같습니다.
OCI CLI 설치
# For macOS
$ brew update && brew install oci-cli
# For Linux
$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"OCI CLI 설정
$ oci setup configTerraform
설치
OS 및 Architecture에 맞게 Terraform을 설치해 줍니다.
# For macOS
$ brew tap hashicorp/tap
$ brew inistall hashicorp/tap/terraform
# For Linux (Ubuntu/Debian)
$ wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
$ sudo apt update && sudo apt install terraform스크립트 작성
프로젝트 디렉터리와 파일을 생성합니다.
$ mkdir terraform-oke
$ cd terraform-oke
$ touch terraform.tfvars provider.tf network.tf oke.tf variables.tfterraform.tfvars
# terraform.tfvars
user_ocid = "your_user_ocid"
fingerprint = "your_fingerprint"
tenancy_ocid = "your_tenancy_ocid"
region = "your_region"
private_key_path = "your_private_key_path"
compartment_id = "your_compartment_id"
kubernetes_version = "v1.33.1"variables.tf
# Variables
variable "tenancy_ocid" { type = string }
variable "user_ocid" { type = string }
variable "private_key_path" { type = string }
variable "fingerprint" { type = string }
variable "region" { type = string }
variable "compartment_id" { type = string }
variable "kubernetes_version" { type = string }provider.tf
# provider.tf
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
private_key_path = var.private_key_path
fingerprint = var.fingerprint
region = var.region
}
data "oci_identity_availability_domains" "ads" {
compartment_id = var.compartment_id
}network.tf
# network.tf
module "vcn" {
source = "oracle-terraform-modules/vcn/oci"
compartment_id = var.compartment_id
region = var.region
internet_gateway_route_rules = null
local_peering_gateways = null
nat_gateway_route_rules = null
vcn_name = "oke-vcn"
vcn_dns_label = "okevcn"
vcn_cidrs = ["10.0.0.0/16"]
create_internet_gateway = true
create_nat_gateway = true
create_service_gateway = true
}
resource "oci_core_subnet" "vcn_private_subnet" {
compartment_id = var.compartment_id
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.1.0/24"
route_table_id = module.vcn.nat_route_id
security_list_ids = [oci_core_security_list.private_subnet_sl.id]
display_name = "oke-private-subnet"
prohibit_public_ip_on_vnic = true
}
resource "oci_core_subnet" "vcn_public_subnet" {
compartment_id = var.compartment_id
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.0.0/24"
route_table_id = module.vcn.ig_route_id
security_list_ids = [oci_core_security_list.public_subnet_sl.id]
display_name = "oke-public-subnet"
}
resource "oci_core_security_list" "private_subnet_sl" {
compartment_id = var.compartment_id
vcn_id = module.vcn.vcn_id
display_name = "oke-private-subnet-sl"
egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "all"
}
}
resource "oci_core_security_list" "public_subnet_sl" {
compartment_id = var.compartment_id
vcn_id = module.vcn.vcn_id
display_name = "oke-public-subnet-sl"
egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 6443
max = 6443
}
}
}oke.tf
resource "oci_containerengine_cluster" "k8s_cluster" {
compartment_id = var.compartment_id
kubernetes_version = var.kubernetes_version
name = "oke-cluster"
vcn_id = module.vcn.vcn_id
endpoint_config {
is_public_ip_enabled = true
subnet_id = oci_core_subnet.vcn_public_subnet.id
}
options {
add_ons {
is_kubernetes_dashboard_enabled = false
is_tiller_enabled = false
}
kubernetes_network_config {
pods_cidr = "10.244.0.0/16"
services_cidr = "10.96.0.0/16"
}
service_lb_subnet_ids = [oci_core_subnet.vcn_public_subnet.id]
}
}
resource "oci_containerengine_node_pool" "k8s_node_pool" {
cluster_id = oci_containerengine_cluster.k8s_cluster.id
compartment_id = var.compartment_id
kubernetes_version = var.kubernetes_version
name = "oke-node-pool"
node_config_details {
placement_configs {
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
subnet_id = oci_core_subnet.vcn_private_subnet.id
}
size = 2
}
node_shape = "VM.Standard.A1.Flex"
node_shape_config {
memory_in_gbs = 12
ocpus = 2
}
node_source_details {
image_id = "ocid1.image.oc1.ap-chuncheon-1.aaaaaaaaz43gw2wl7w4zxvzoqxgw2ximip5uzrzoecstdrafotl566qp4hta" # Chuncheon Oracle-Linux-8.10-aarch64-2025.05.19-0
source_type = "image"
boot_volume_size_in_gbs = 100
}
initial_node_labels {
key = "name"
value = "oke-cluster"
}
}실행
스크립트 작성을 완료하였으면 아래 명령어를 수행해 OKE 클러스터를 프로비저닝 합니다.
$ terraform init
$ terraform plan
$ terraform apply자원회수
클러스터를 삭제하고 싶으면 아래 명령어를 이용해 자원을 회수할 수 있습니다.
$ terraform destroyOKE cluster 연결
클러스터 생성이 완료되었으면 OCI CLI를 설치한 서버에서 클러스터에 연결할 수 있습니다.
oci ce cluster create-kubeconfig --cluster-id {your-cluster-id} --file $HOME/.kube/config --region {your-region} --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT