Banzai Cloud Pipeline requires the following authentication parameters for managing OKE clusters:

  • Tenant OCID
  • User’s OCID
  • Compartment OCID
  • API Key
  • API Fingerprint

The instructions below describe how to set up authentication credentials and collect the authentication parameters for managing OKE clusters through Banzai Cloud Pipeline:

Log in

Log in to the management console via the following url: https://console.us-ashburn-1.oraclecloud.com/. >The OKE service doesn’t support federated user login yet, so please use a username/password instead of a SSO (Single Sign-On) login.

login

If your home region is not us-ashburn-1, you can subscribe to whichever home region you’d like at this page under the Regions section.

Create Compartment

To keep projects separate, we suggest that you create a new compartment. That way you’ll avoid conflicts with existing resources.

Click MENU and navigate to: Identity > Compartments > Create Compartment.

Compartments


Compartment

Note: you will need the compartment’s OCID in the future, so please save it.

Policy

The next step is to create a new OKE policy in the root compartment of your tenancy. Follow the links to: Identity > Policies > Create Policy

Policy

The policy statement should be: allow service OKE to manage all-resources in tenancy

Policy

Generate API Token

Finally, to communicate with the Oracle API we need an API Token.

To generate the API key without a passphrase, use the following command:

Note: create ~/.oci directory if it does not exist

openssl genrsa -out ~/.oci/oci_api_key.pem 2048

Change the file permissions like so:

chmod go-rwx ~/.oci/oci_api_key.pem

Use this command to obtain a single line string representation of the private key:

perl -pne 's/\n/\\n/' ~/.oci/oci_api_key.pem

To generate a public key:

openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

To generate a fingerprint, use this command:

openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c

That fingerprint will help to distinguish between different API keys. It should look like this:

21:34:56:88:90:ac:cf:ef:12:34:56:78:90:ac:cf:ff

Finally, upload the API key at: Identity > Users > User Details > API keys > Add Public Key > Paste the contents of the PEM public key ~/.oci/oci_api_key_public.pem in the dialog box and click Add.

Login

The key’s fingerprint will be displayed (for example, 21:34:56:88:90:ac:cf:ef:12:34:56:78:90:ac:cf:ff). Note: You will also need your User’s OCID, so please save it.