Create a Cluster Dynamic Group and Policies
In your OCI tenancy that's associated with Compute Cloud@Customer, create a dynamic group and policies to authorize member instances to manage OKE resources.
You can create a cluster dynamic group and policies Using the Oracle Cloud Console. Or you can create the group and policies using Terraform scripts.
Using the Oracle Cloud Console
Create a Dynamic Group
-
Create a dynamic group.
For instructions, see Creating a Dynamic Group.
-
Enter the following matching rule to define the group:
tag.OraclePCA-OKE.cluster_id.value
All cluster nodes that have this tag are members of the dynamic group.
-
Create policies for the dynamic group.
See IAM Policies Overview and Creating a Policy.
The following are example policies for the dynamic group. In this example.
oke_dyn_grpis the name of the dynamic group andokeis the name of the compartment where resources are created. Note that all policy statements are for the same compartment. If clusters in this group require access to resources in other compartments, change the policy accordingly.allow dynamic-group oke_dyn_grp to manage file-family in compartment oke allow dynamic-group oke_dyn_grp to manage volume-family in compartment oke allow dynamic-group oke_dyn_grp to manage load-balancers in compartment oke allow dynamic-group oke_dyn_grp to manage instance-family in compartment oke allow dynamic-group oke_dyn_grp to manage virtual-network-family in compartment oke allow dynamic-group oke_dyn_grp to use tag-namespaces in compartment okeFor information about the purpose of the
use tag-namespacespolicy, see Exposing Containerized Applications.