OKE Kubernetes on Oracle Cloud Free Tier

Kubernetes on Oracle Cloud Always Free tier using managed control plane and GitOps.

Get Started View on GitHub

Components

OKE Basic Cluster

Managed Kubernetes control plane. Two ARM-based worker nodes.

4 OCPUs + 24GB RAM

Ampere A1 ARM instances. Two worker nodes with 2 OCPU and 12GB RAM each.

GitOps with ArgoCD

All resources deployed via Git. App-of-Apps pattern for managing applications.

Security

OCI Vault for secrets, Let’s Encrypt TLS certificates, Bearer token authentication.

Architecture Overview

flowchart TB
    subgraph Internet
        User((Users))
        GitHub[(GitHub<br/>GitOps Repo)]
    end

    subgraph OCI["Oracle Cloud Infrastructure (Always Free)"]
        LB[Load Balancer<br/>10 Mbps]

        subgraph OKE["OKE Basic Cluster"]
            subgraph CP["Control Plane (Managed)"]
                API[Kubernetes API]
            end

            subgraph Workers["Worker Nodes (2x ARM)"]
                subgraph Node1["Node 1: 2 OCPU / 12GB"]
                    ArgoCD[ArgoCD]
                    Envoy[Envoy Gateway]
                    ESO[External Secrets]
                    CertMgr[Cert Manager]
                end

                subgraph Node2["Node 2: 2 OCPU / 12GB"]
                    Gemma[Gemma LLM]
                    Docs[Documentation]
                    Apps[Your Apps]
                end
            end
        end

        Vault[(OCI Vault)]
        DNS[External DNS]
    end

    subgraph External
        CF[Cloudflare DNS]
        LE[Let's Encrypt]
        HF[HuggingFace]
    end

    User -->|HTTPS| LB
    LB --> Envoy
    GitHub -->|Sync| ArgoCD
    ArgoCD --> Workers
    Vault --> ESO
    DNS --> CF
    CertMgr --> LE
    Gemma -.-> HF

Stack

Component	Technology	Purpose
Infrastructure	Terraform	Declarative OCI resource provisioning
Kubernetes	OKE Basic	Free managed control plane
GitOps	ArgoCD	Continuous deployment from Git
Ingress	Envoy Gateway	Gateway API with load balancing
DNS	External DNS + Cloudflare	Automatic DNS record management
TLS	Cert Manager + Let’s Encrypt	Automatic certificate issuance
Secrets	External Secrets + OCI Vault	Secure secret synchronization
LLM	llama.cpp + Gemma 3 1B	Self-hosted AI with OpenAI API

Quick Start

git clone https://github.com/nsudhanva/k8s-oracle.git
cd k8s-oracle/tf-oke

cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your OCI credentials

terraform init
terraform plan
terraform apply

Why OKE over K3s?

	OKE Basic	K3s on VM
Control Plane	Managed (Free)	Self-managed on VM
Worker Resources	Full 4 OCPU / 24GB	Reduced by control plane overhead
Maintenance	Oracle handles upgrades	Manual upgrades required
Storage	OCI Block Volume CSI	Local path provisioner
Networking	OCI VCN integration	Manual CNI setup

Live Demo

This documentation site runs on the cluster. Try the self-hosted LLM:

curl https://gemma.k8s.sudhanva.me/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gemma","messages":[{"role":"user","content":"Hello!"}]}'

Explore

Prerequisites What you need before starting

Installation Step-by-step deployment guide

Architecture How all components work together

Gemma LLM Self-hosted AI with OpenAI-compatible API

Secrets Management OCI Vault integration

Adding Apps Deploy your own applications