Provision OKE on Oracle Cloud - Step by Step Guide
flowchart LR
subgraph Step1["1. Provision"]
TF[terraform apply]
end
subgraph Step2["2. Push"]
Git[git push]
end
subgraph Step3["3. Wait"]
Boot[Cloud-init<br/>Bootstrap]
end
subgraph Step4["4. Verify"]
Check[kubectl get nodes]
end
TF --> Git --> Boot --> Check
Provisioning
Section titled “Provisioning”After creating terraform.tfvars, run Terraform to provision the infrastructure:
cd tf-oketerraform initterraform applysequenceDiagram
participant You as Developer
participant TF as Terraform
participant OCI as OCI API
participant OKE as OKE Cluster
You->>TF: terraform apply
TF->>OCI: Create VCN
TF->>OCI: Create Subnets
TF->>OCI: Create OKE Cluster
TF->>OCI: Create Node Pool
OCI->>OKE: Provision Control Plane
OCI->>OKE: Provision Worker Nodes
TF->>You: Output Cluster Details
Note over OKE: Cluster creation takes ~10-15m
Terraform creates the OCI networking, OKE cluster, and node pool, then generates Kubernetes manifests in the argocd/ directory.
Push Manifests
Section titled “Push Manifests”The generated manifests must be committed to your repository for Argo CD to sync them:
cd ..git add argocd/git commit -m "Configure cluster manifests"git pushflowchart LR
TF[Terraform] -->|generates| Manifests[argocd/]
Manifests -->|git push| GH[GitHub]
GH -->|syncs| Argo[Argo CD]
Argo -->|deploys| Cluster[OKE Cluster]
Bootstrapping
Section titled “Bootstrapping”The OKE cluster control plane is managed by Oracle. Once Terraform completes, the cluster is active, but we need to configure kubectl and install Argo CD.
-
Configure kubectl:
Terminal window oci ce cluster create-kubeconfig \--cluster-id $(terraform output -raw cluster_id) \--file $HOME/.kube/config \--region $(terraform output -raw region) \--token-version 2.0.0 \--kube-endpoint PUBLIC_ENDPOINT -
Install Argo CD:
Terminal window kubectl create namespace argocdkubectl apply -n argocd --server-side -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.1/manifests/install.yamlkubectl apply -f ../argocd/applications.yaml
Allow approximately five minutes for Argo CD to initialize and begin syncing applications.
Verification
Section titled “Verification”Check Nodes
Section titled “Check Nodes”kubectl get nodesExpected output:
NAME STATUS ROLES AGE VERSION10.0.10.x Ready node 5m v1.35.210.0.10.y Ready node 5m v1.35.2Check Applications
Section titled “Check Applications”kubectl get applications -n argocdExpected output:
NAME SYNC STATUS HEALTH STATUSargocd-ingress Synced Healthycert-manager Synced Healthydocs-app Synced Healthyenvoy-gateway Synced Healthyexternal-dns Synced Healthyexternal-secrets Synced Healthygateway-api-crds Synced Healthyhomer-app Synced Healthyk3s-docs-app Synced Healthymanaged-secrets Synced Healthymetrics-server Synced Healthyopenclaw-app Synced Healthyopenclaw-operator Synced HealthyCheck Pods
Section titled “Check Pods”kubectl get pods -AAll pods should be Running except for completed Job pods.
Verify DNS and TLS
Section titled “Verify DNS and TLS”After a few minutes, test the deployed application:
dig +short k8s.yourdomain.comcurl -I https://k8s.yourdomain.comTroubleshooting First Deploy
Section titled “Troubleshooting First Deploy”Applications Stuck in Unknown/OutOfSync
Section titled “Applications Stuck in Unknown/OutOfSync”If ArgoCD applications remain in Unknown status after initial deploy, force a hard refresh:
for app in gateway-api-crds cert-manager external-dns external-secrets envoy-gateway managed-secrets argocd-ingress docs-app homer-app k3s-docs-app openclaw-operator openclaw-app metrics-server; do kubectl patch app $app -n argocd --type merge -p '{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' sleep 5doneHTTPS Verification
Section titled “HTTPS Verification”After all applications are synced, verify HTTPS works:
curl -I https://k8s.yourdomain.comcurl -I https://cd.k8s.yourdomain.comBoth should return HTTP/2 200. HTTP requests should redirect with 301:
curl -I http://k8s.yourdomain.comSee Common Issues for more solutions.