Banzai Cloud Pipeline requires the following authentication parameters for managing OKE clusters:
- Tenant OCID
- User’s OCID
- Compartment OCID
- API Key
- API Fingerprint
The instructions below describe how to set up authentication credentials and collect the authentication parameters for managing OKE clusters through Banzai Cloud Pipeline:
Log in 🔗︎
Log in to the management console via the following url: https://console.us-ashburn-1.oraclecloud.com/.
The OKE service doesn’t support federated user login yet, so please use a
username/passwordinstead of a SSO (Single Sign-On) login.
If your home region is not us-ashburn-1, you can subscribe to whichever home region you’d like at this page under the Regions section.
Create Compartment 🔗︎
To keep projects separate, we suggest that you create a new compartment. That way you’ll avoid conflicts with existing resources.
Click MENU and navigate to: Identity > Compartments > Create Compartment.
Note: you will need the compartment’s
OCIDin the future, so please save it.
The next step is to create a new OKE policy in the root compartment of your tenancy. Follow the links to: Identity > Policies > Create Policy
The policy statement should be:
allow service OKE to manage all-resources in tenancy
Generate API Token 🔗︎
Finally, to communicate with the Oracle API we need an API Token.
To generate the API key without a passphrase, use the following command:
Note: Create the
~/.ocidirectory if it does not exist.
openssl genrsa -out ~/.oci/oci_api_key.pem 2048
Change the file permissions like so:
chmod go-rwx ~/.oci/oci_api_key.pem
Use this command to obtain a single line string representation of the private key:
perl -pne 's/\n/\\n/' ~/.oci/oci_api_key.pem
To generate a public key:
openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
To generate a fingerprint, use this command:
openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c
That fingerprint will help to distinguish between different API keys. It should look like this:
Finally, upload the API key at: Identity > Users > User Details > API keys > Add Public Key
Paste the contents of the PEM public key
~/.oci/oci_api_key_public.pemin the dialog box and click Add.
The key’s fingerprint will be displayed (for example,
21:34:56:88:90:ac:cf:ef:12:34:56:78:90:ac:cf:ff). Note: You will also need your User’s OCID, so please save it.