Part 3 – Pre-req for Getting Started with Oracle managed Kubernetes Engine


Before you can use Container Engine for Kubernetes to create a Kubernetes cluster, you need to take care of the Prerequisites and there are quite a few of them:

Policy Requirement

Within the root compartment of your tenancy, a policy statement (allow service OKE to manage all-resources in tenancy) must be defined to give Container Engine for Kubernetes access to resources in the tenancy.

VCN Requirement

VCN must have five subnets defined:

  • Three subnets in which to deploy worker nodes. Each worker node subnet must be in a different availability domain. The worker node subnets must have different security lists to the load balancer subnets.
  • Two subnets to host load balancers. Each load balancer subnet must be in different availability domain. The load balancer subnets must have different security lists to the worker node subnets.

Security List Requirement

The VCN must have security lists defined for the worker node subnets and the load balancer subnets. The security list for the worker node subnets must have:

  • Stateless ingress and egress rules that allow all traffic between the different worker node subnets.
  • Stateless ingress and egress rules that allow all traffic between worker node subnets and load balancer subnets.
  • An egress rule that allows all outbound traffic to the internet
    Ingress rules to allow the Container Engine for Kubernetes service to access worker nodes on port 22 from and

Create Policy for Container Engine for Kubernetes

  1. Sign in to the console, on the Home page click Identity, then select Policies.
  2. Select the tenancy’s root compartment from the list on the left. Tenancy-name (root).
  3. Click Create Policy and enter the following:
    • Name: Enter a unique name for your policy such as “oke-service”
    • Description: Enter a description (for example, “oke-service-policy”)
    • Policy Versioning: Select Keep Policy Current
    • Statement: Enter the following policy statement:

 allow service OKE to manage all-resources in tenancy

  • Click Create.

Example Security Rules Configuration

Example Ingress Rules in a Security List for a Worker Node Subnet:


About Prasenjit Sarkar

Prasenjit Sarkar is a Product Manager at Oracle for their Public Cloud with primary focus on Cloud Strategy, Cloud Native Applications and API Platform. His primary focus is driving Oracle’s Cloud Computing business with commercial and public sector customers; helping to shape and deliver on a strategy to build broad use of Oracle’s Infrastructure as a Service (IaaS) offerings such as Compute, Storage, Network & Database as a Service. He is also responsible for developing public/private cloud integration strategies, customer’s Cloud Computing architecture vision, future state architectures, and implementable architecture roadmaps in the context of the public, private, and hybrid cloud computing solutions Oracle can offer.

Leave a Reply