Access OKE Cluster - kubectl Setup
The OKE control plane is managed by Oracle and accessible via the public endpoint.
Kubectl Access
Section titled “Kubectl Access”The standard way to access the cluster is using the OCI CLI to generate a kubeconfig file.
Prerequisites
Section titled “Prerequisites”- OCI CLI installed and configured
kubectlinstalled
Generate Kubeconfig
Section titled “Generate Kubeconfig”# Get Cluster IDCLUSTER_ID=$(terraform -chdir=tf-oke output -raw cluster_id)REGION=$(terraform -chdir=tf-oke output -raw region)
# Generate kubeconfigoci ce cluster create-kubeconfig \ --cluster-id $CLUSTER_ID \ --file $HOME/.kube/config \ --region $REGION \ --token-version 2.0.0 \ --kube-endpoint PUBLIC_ENDPOINTVerify Access
Section titled “Verify Access”kubectl get nodesExpected output:
NAME STATUS ROLES AGE VERSION10.0.10.x Ready node 5m v1.32.110.0.10.y Ready node 5m v1.32.1Argo CD UI
Section titled “Argo CD UI”Via Public Ingress
Section titled “Via Public Ingress”If argocd-ingress is configured:
https://cd.<your-domain>Via Port Forward
Section titled “Via Port Forward”If ingress is not working, you can port-forward locally:
kubectl port-forward svc/argocd-server -n argocd 8080:443Open https://localhost:8080 in a browser.
Credentials
Section titled “Credentials”Username: admin
Password:
kubectl -n argocd get secret argocd-secret -o jsonpath='{.data.admin\.password}' | base64 -dNote: The secret name is argocd-secret and key is admin.password (synced via External Secrets), OR argocd-initial-admin-secret if using default install. Since we sync the password hash, Argo CD uses the updated password.
Troubleshooting
Section titled “Troubleshooting”Connection Refused
Section titled “Connection Refused”Ensure your IP address is allowed if you have restricted the cluster endpoint access (though Basic Cluster usually has public endpoint open by default or controlled by VCN security lists).
OCI CLI Errors
Section titled “OCI CLI Errors”Ensure your OCI config is correct:
oci setup repair