Prime EDMOracle Cloud Infrastructure (OCI) Deployment Guide
Prerequisites
Before deploying to Oracle Container Engine for Kubernetes (OKE), ensure you have:
- OCI CLI installed and configured
- Kubernetes CLI (
kubectl) installed - Helm 3.x installed
Cluster Setup
- Create an OKE cluster through OCI Console or CLI:
bash
oci ce cluster create \
--name prime-edm-cluster \
--compartment-id ocid1.compartment.oc1.. \
--vcn-id ocid1.vcn.oc1.. \
--kubernetes-version v1.24.0- Get kubeconfig:
bash
oci ce cluster create-kubeconfig \
--cluster-id ocid1.cluster.oc1.. \
--file ~/.kube/config \
--region us-ashburn-1Installing Prime EDM Charts
- Add the Helm repository:
bash
helm repo add prime-edm https://charts.acx-sandbox.net --username $USER --password $PASSWORD
helm repo update- Create OCI-specific values:
yaml
# oci-values.yaml
global:
provider: oci
region: us-ashburn-1
storage:
class: oci-bv
serviceAccount:
annotations:
oci.oraclecloud.com/instance-principal: "true"
ingress:
annotations:
kubernetes.io/ingress.class: nginx- Install the chart:
bash
helm install prime-edm prime-edm/prime-edm -f oci-values.yamlOCI-Specific Configuration
Storage Classes
OCI provides several storage options:
yaml
storage:
# Block Volume
class: oci-bv
# File Storage
# class: oci-fssLoad Balancer
Using OCI Load Balancer:
yaml
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/oci-load-balancer-shape: flexible
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"Identity and Security
Configure instance principals:
yaml
serviceAccount:
create: true
annotations:
oci.oraclecloud.com/instance-principal: "true"Secrets Management
OCI Vault Setup
- Create a Vault:
bash
oci vault create \
--compartment-id <compartment-id> \
--display-name prime-edm-vault \
--vault-type DEFAULT- Create a Key:
bash
oci vault key create \
--compartment-id <compartment-id> \
--display-name prime-edm-key \
--key-shape '{"algorithm":"AES","length":32}' \
--vault-id <vault-id>- Install External Secrets Operator:
bash
helm repo add external-secrets https://charts.external-secrets.io
helm repo update
helm install external-secrets \
external-secrets/external-secrets \
--namespace external-secrets \
--create-namespace \
--set installCRDs=true- Create SecretStore:
yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: oci-backend
spec:
provider:
oracle:
region: us-ashburn-1
vault:
vaultId: <vault-id>
auth:
user:
tenancy: <tenancy-ocid>
user: <user-ocid>
key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
fingerprint: <key-fingerprint>- Create ExternalSecret:
yaml
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: database-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: oci-backend
kind: SecretStore
target:
name: db-credentials
data:
- secretKey: username
remoteRef:
key: ocid1.vaultsecret.oc1...
- secretKey: password
remoteRef:
key: ocid1.vaultsecret.oc1...Monitoring
OCI Monitoring Integration
Enable OCI monitoring:
yaml
monitoring:
ociMonitoring:
enabled: true
compartmentId: ocid1.compartment.oc1..Best Practices
- Use node selectors:
yaml
nodeSelector:
oci.oraclecloud.com/fault-domain: "FAULT-DOMAIN-1"- Configure resource limits:
yaml
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi- Enable auto-scaling:
yaml
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 80Troubleshooting
Common issues and solutions:
Load balancer issues:
- Check security lists
- Verify subnet configuration
- Validate health checks
Storage problems:
- Confirm storage class exists
- Check PVC status
- Verify compartment permissions
Identity issues:
- Check instance principal setup
- Verify dynamic group rules
- Validate IAM policies