olcnectl certificates copy
[--cert-dir certificate-directory]
[{-h|--help}]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where:

--cert-dir certificate-directory

The directory to read or write key material generated by this utility. The default is <CURRENT_DIR>/certificates.

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl certificates distribute
[--byo-ca-cert certificate-path]
[--byo-ca-key key-path]
[--cert-dir certificate-directory]
[--cert-request-common-name common_name]
[--cert-request-country country]
[--cert-request-locality locality]
[--cert-request-organization organization]
[--cert-request-organization-unit organization-unit]
[--cert-request-state state]
[{-h|--help}]
[{-n|--nodes} nodes]
[--one-cert]
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where:

--byo-ca-cert certificate-path

The path to an existing public CA Certificate.

--byo-ca-key key-path

The path to an existing private key.

--cert-dir certificate-directory

The directory to read or write key material generated by this utility. The default is <CURRENT_DIR>/certificates.

--cert-request-common-name common_name

The Certificate Common Name suffix. The default is example.com.

--cert-request-country country

The two letter country code of the company, for example, US for the United States, GB for the United Kingdom and CN for China. The default is US.

--cert-request-locality locality

The name of the city where the company is located. The default is Redwood City.

--cert-request-organization organization

The name of the company. The default is OLCNE.

--cert-request-organization-unit organization-unit

The name of the department within the company. The default is OLCNE.

--cert-request-state state

The name of the state or province where the company is located. The default is California.

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

--one-cert

Sets whether to generate a single certificate that can be used to authenticate all the hosts. By default this option isn't set.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl certificates generate
[--byo-ca-cert certificate-path]
[--byo-ca-key key-path]
[--cert-dir certificate-directory]
[--cert-request-common-name common_name]
[--cert-request-country country]
[--cert-request-locality locality]
[--cert-request-organization organization]
[--cert-request-organization-unit organization-unit]
[--cert-request-state state]
[{-h|--help}]
{-n|--nodes} nodes
[--one-cert]

Where:

--byo-ca-cert certificate-path

The path to an existing public CA Certificate.

--byo-ca-key key-path

The path to an existing private key.

--cert-dir certificate-directory

The directory to read or write key material generated by this utility. The default is <CURRENT_DIR>/certificates.

--cert-request-common-name common_name

The Certificate Common Name suffix. The default is example.com.

--cert-request-country country

The two letter country code of the company, for example, US for the United States, GB for the United Kingdom and CN for China. The default is US.

--cert-request-locality locality

The name of the city where the company is located. The default is Redwood City.

--cert-request-organization organization

The name of the company. The default is OLCNE.

--cert-request-organization-unit organization-unit

The name of the department within the company. The default is OLCNE.

--cert-request-state state

The name of the state or province where the company is located. The default is California.

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

--one-cert

Sets whether to generate a single certificate that can be used to authenticate all the hosts. By default this option isn't set.

olcnectl completion 
shell
[--no-descriptions]
[{-h|--help}]

Where:

shell

The shell type. The options are:

• bash: Generates the command line completion script for the Bash shell.

• fish: Generates the command line completion script for the fish shell.

• powershell: Generates the command line completion script for PowerShell shell.

• zsh: Generates the command line completion script for the Zsh shell.

--no-descriptions

Disables completion descriptions in the generated script.

{-h|--help}

Lists information about the command and the available options.

This example generates a command line completion script for a Bash shell.

olcnectl completion bash 

olcnectl environment create 
{-E|--environment-name} environment_name 
[{-h|--help}]
[globals]

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-h|--help}

Lists information about the command and the available options.

Where globals is:

{-a|--api-server} api_server_address:8091

The Platform API Server for the environment. This is the host running the olcne-api-server service in an environment. The value of api_server_address is the IP address or hostname of the Platform API Server. The port number is the port on which the olcne-api-server service is available. The default port is 8091.

If a Platform API Server isn't specified, a local instance is used. If no local instance is set up, it's configured in the $HOME/.olcne/olcne.conf file.

For more information on setting the Platform API Server see Setting the Platform API Server.

This option maps to the $OLCNE_API_SERVER_BIN environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--config-file path

The location of a YAML file that contains the configuration information for the environments and modules. The filename extension must be either yaml or yml. When you use this option, any other command line options are ignored, except the --force option. Only the information contained in the configuration file is used.

--secret-manager-type {file|vault}

The secrets manager type. The options are file or vault. Use file for certificates saved on the nodes and use vault for certificates managed by Vault.

--update-config

Writes the global arguments for an environment to a local configuration file which is used for future calls to the Platform API Server. If this option hasn't been used before, global arguments must be specified for every Platform API Server call.

The global arguments configuration information is saved to $HOME/.olcne/olcne.conf on the local host.

If you use Vault to generate certificates for nodes, the certificate is saved to $HOME/.olcne/certificates/environment_name/ on the local host.

--olcne-ca-path ca_path

The path to a predefined Certificate Authority certificate, or the destination of the certificate if using a secrets manager to download the certificate. The default is /etc/olcne/certificates/ca.cert, or gathered from the local configuration if the --update-config option is used.

This option maps to the $OLCNE_SM_CA_PATH environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--olcne-node-cert-path node_cert_path

The path to a predefined certificate, or the a destination if using a secrets manager to download the certificate. The default is /etc/olcne/certificates/node.cert, or gathered from the local configuration if the --update-config option is used.

This option maps to the $OLCNE_SM_CERT_PATH environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--olcne-node-key-path node_key_path

The path to a predefined key, or the destination of the key if using a secrets manager to download the key. The default is /etc/olcne/certificates/node.key, or gathered from the local configuration if the --update-config option is used.

This option maps to the $OLCNE_SM_KEY_PATH environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--olcne-tls-cipher-suites ciphers

The TLS cipher suites to use for Oracle Cloud Native Environment services (the Platform Agent and Platform API Server). Enter one or more in a comma separated list. The options are:

• TLS_AES_128_GCM_SHA256

• TLS_AES_256_GCM_SHA384

• TLS_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_RSA_WITH_RC4_128_SHA

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA256

• TLS_RSA_WITH_AES_128_GCM_SHA256

• TLS_RSA_WITH_AES_256_CBC_SHA

• TLS_RSA_WITH_AES_256_GCM_SHA384

• TLS_RSA_WITH_RC4_128_SHA

For example:

--olcne-tls-cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

This option maps to the $OLCNE_TLS_CIPHER_SUITES environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--olcne-tls-max-version version

The TLS maximum version for Oracle Cloud Native Environment components. The default is VersionTLS12. Options are:

• VersionTLS10

• VersionTLS11

• VersionTLS12

• VersionTLS13

This option maps to the $OLCNE_TLS_MAX_VERSION environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--olcne-tls-min-version version

The TLS minimum version for Oracle Cloud Native Environment components. The default is VersionTLS12. Options are:

• VersionTLS10

• VersionTLS11

• VersionTLS12

• VersionTLS13

This option maps to the $OLCNE_TLS_MIN_VERSION environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting.

--vault-address vault_address

The IP address of the Vault instance. The default is https://127.0.0.1:8200, or gathered from the local configuration if the --update-config option is used.

--vault-cert-sans vault_cert_sans

Subject Alternative Names (SANs) to pass to Vault to generate the Oracle Cloud Native Environment certificate. The default is 127.0.0.1, or gathered from the local configuration if the --update-config option is used.

--vault-token vault_token

The Vault authentication token.

olcnectl environment delete 
{-E|--environment-name} environment_name
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl environment update 
olcne
{-E|--environment-name} environment_name
[{-N|--name} name] 
[{-h|--help}]
[globals] 

Where:

olcne

Specifies to update the Platform Agent on each node in an environment.

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

The Platform Agent is updated on only the nodes used in this module.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl environment report 
[{-E|--environment-name} environment_name]
[--children]
[--exclude pattern]
[--include pattern]
[--format {yaml|table}] 
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

--children

When added to the command, this option recursively displays the properties for all children of a module instance. The default value is false.

--exclude pattern

An RE2 regular expression selecting the properties to exclude from the report. This option might specify more than one property as a comma separated lists.

--include pattern

An RE2 regular expression selecting the properties to include in the report. This option might specify more than one property as a comma separated lists. By default, all properties are displayed. Using this option one or more times overrides this behavior.

--format {yaml|table}

To generate reports in YAML or table format, use this option. The default format is table.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module backup 
{-E|--environment-name} environment_name 
{-N|--name} name
[{-L|--log-level} type]
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module create 
{-E|--environment-name} environment_name 
{-M|--module} module 
{-N|--name} name
[{-h|--help}]
[module_args ...]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-M|--module} module

The module type to create in an environment. The value of module is the name of a module type. The available module types are:

• kubernetes

• calico

• multus

• oci-ccm

• metallb

• rook

• kubevirt

• operator-lifecycle-manager

• ingress-nginx

• istio

• prometheus

• grafana

• gluster (Deprecated)

• helm (Deprecated)

• oci-csi (Deprecated)

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-h|--help}

Lists information about the command and the available options.

Where module_args is:

The value of module_args is one or more arguments to configure a module in an environment.

module_args for the kubernetes module:

{-o|--apiserver-advertise-address} IP_address

The IP address on which to advertise the Kubernetes API server to members of the Kubernetes cluster. This address must be reachable by the cluster nodes. If no value is provided, the interface on the control plane node is used specified with the --control-plane-nodes argument.

This option isn't used in a highly available (HA) cluster with many control plane nodes.

Important:

This argument has been deprecated. Use the --control-plane-nodes argument instead.

{-b|--apiserver-bind-port} port

The Kubernetes API server bind port. The default is 6443.

{-B|--apiserver-bind-port-alt} port

The port on which the Kubernetes API server listens when you use a virtual IP address for the load balancer. The default is 6444. This is optional.

When you use a virtual IP address, the Kubernetes API server port is changed from the default of 6443 to 6444. The load balancer listens on port 6443 and receives the requests and passes them to the Kubernetes API server. To change the Kubernetes API server port in this situation from 6444, use this option.

{-e|--apiserver-cert-extra-sans} api_server_sans

The Subject Alternative Names (SANs) to use for the Kubernetes API server serving certificate. This value can contain both IP addresses and DNS names.

--compact {true|false}

Sets whether to allow non-system Kubernetes workloads to run on control plane nodes. The default is false.

If you set this to true, the Platform API Server does not taint the control plane nodes. This allows non-system Kubernetes workloads to be scheduled and run on control plane nodes.

Important:

For production environments, this option must be set to false (the default).

{-r|--container-registry} container_registry

The container registry that contains the Kubernetes images. Use container-registry.oracle.com/olcne to pull the Kubernetes images from the Oracle Container Registry.

If you don't provide this value, you're prompted for it by the Platform CLI.

{-c|--control-plane-nodes} nodes ...

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes, including the port number for the Platform Agent. For example, control1.example.com:8090,control2.example.com:8090.

If you don't provide this value, you're prompted for it by the Platform CLI.

{-x|--kube-proxy-mode} {userspace|iptables|ipvs}

The routing mode for the Kubernetes proxy. The default is iptables. The available proxy modes are:

• userspace: This is an older proxy mode.

• iptables: This is the fastest proxy mode. This is the default mode.

• ipvs: This is an experimental mode.

If no value is provided, the default of iptables is used. If the system's kernel or iptables version is insufficient, the userspace proxy is used.

{-v|--kube-version} version

The version of Kubernetes to install. The default is the latest version. For information on the latest version number, see Release Notes.

{-t|--kubeadm-token} token

The token to use for establishing bidirectional trust between Kubernetes nodes and control plane nodes. The format is [a-z0-9]{6}\.[a-z0-9]{16}, for example, abcdef.0123456789abcdef.

--kube-tls-cipher-suites ciphers

The TLS cipher suites to use for Kubernetes components. Enter one or more in a comma separated list. The options are:

• TLS_AES_128_GCM_SHA256

• TLS_AES_256_GCM_SHA384

• TLS_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

• TLS_ECDHE_RSA_WITH_RC4_128_SHA

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA256

• TLS_RSA_WITH_AES_128_GCM_SHA256

• TLS_RSA_WITH_AES_256_CBC_SHA

• TLS_RSA_WITH_AES_256_GCM_SHA384

• TLS_RSA_WITH_RC4_128_SHA

For example:

--kube-tls-cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

--kube-tls-min-version version

The TLS minimum version for Kubernetes components. The default is VersionTLS12. Options are:

• VersionTLS10

• VersionTLS11

• VersionTLS12

• VersionTLS13

{-l|--load-balancer} load_balancer

The Kubernetes API server load balancer hostname or IP address, and port. The default port is 6443. For example, 192.0.2.100:6443.

{-m|--master-nodes} nodes ...

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes, including the port number for the Platform Agent. For example, control1.example.com:8090,control2.example.com:8090.

If you don't provide this value, you're prompted for it by the Platform CLI.

Important:

This option is deprecated. Use the --control-plane-nodes option instead.

{-g|--nginx-image} container_location

The location for an NGINX container image to use in a highly available (HA) cluster with many control plane nodes. This is optional.

You can use this option if you don't provide a load balancer using the --load-balancer option. This option might be useful if you're using a mirrored container registry. For example:

--nginx-image mirror.example.com:5000/olcne/nginx:1.17.7

By default, podman is used to pull the NGINX image that's configured in /usr/libexec/pull_olcne_nginx. If you set the --nginx-image option to use another NGINX container image, the location of the image is written to /etc/olcne-nginx/image, and overrides the default image.

--node-labels label

Important:

This option, and the Oracle Cloud Infrastructure Container Storage Interface module (oci-csi) that required this option, is deprecated in Release 1.5.

The label to add to Kubernetes nodes on Oracle Cloud Infrastructure instances to set the Availability Domain for pods. This option is used with the Oracle Cloud Infrastructure Container Storage Interface module (oci-csi). The label format is:

failure-domain.beta.kubernetes.io/zone=region-identifier-AD-availability-domain-number

For example:

--node-labels failure-domain.beta.kubernetes.io/zone=US-ASHBURN-AD-1

For a list of the Availability Domains, see the Oracle Cloud Infrastructure documentation.

--node-ocids OCIDs

Important:

This option, and the Oracle Cloud Infrastructure Container Storage Interface module (oci-csi) that required this option, is deprecated in Release 1.5.

A comma separated list of Kubernetes nodes (both control plane and worker nodes) with their Oracle Cloud Identifiers (OCIDs). This option is used with the Oracle Cloud Infrastructure Container Storage Interface module (oci-csi). The format for the list is:

FQDN=OCID,...

For example:

--node-ocids control1.example.com=ocid1.instance...,worker1.example.com=ocid1.instance...,worker2.example.com=ocid1.instance...

For information about OCIDs, see the Oracle Cloud Infrastructure documentation.

{-p|--pod-cidr} pod_CIDR

The Kubernetes pod CIDR. The default is 10.244.0.0/16. This is the range from which each Kubernetes pod network interface is assigned an IP address.

{-n|--pod-network} {flannel|calico|none}

The network fabric for the Kubernetes cluster. The options are:

• flannel: Installs Flannel. This is the default.
• calico: Installs the Calico module. You must disable firewalld on all Kubernetes nodes to use this option.
• none: Doesn't install any network fabric.

{-P|--pod-network-iface} network_interface

The name of the network interface on the nodes to use for the Kubernetes data plane network communication. The data plane network is used by the pods running on Kubernetes. If you use regex to set the interface name, the first matching interface returned by the kernel is used. For example:

--pod-network-iface "ens[1-5]|eth5"

--selinux {enforcing|permissive}

Whether to use SELinux enforcing or permissive mode. permissive is the default.

Use this option if SELinux is set to enforcing on the control plane and worker nodes. SELinux is set to enforcing mode by default on the OS and is the recommended mode.

{-s|--service-cidr} service_CIDR

The Kubernetes service CIDR. The default is 10.96.0.0/12. This is the range from which each Kubernetes service is assigned an IP address.

{-i|--virtual-ip} virtual_ip

The virtual IP address for the load balancer. This is optional.

Use this option if you don't specify a load balancer using the --load-balancer option. When you specify a virtual IP address, it's used as the primary IP address for control plane nodes.

{-w|--worker-nodes} nodes ...

A comma separated list of the hostnames or IP addresses of the Kubernetes worker nodes, including the port number for the Platform Agent. If a worker node is behind a NAT gateway, use the public IP address for the node. The worker node's interface behind the NAT gateway must have an public IP address using the /32 subnet mask that's reachable by the Kubernetes cluster. The /32 subnet restricts the subnet to one IP address, so that all traffic from the Kubernetes cluster flows through this public IP address (for more information about configuring NAT, see Installation). The default port number is 8090. For example, worker1.example.com:8090,worker2.example.com:8090.

If you don't provide this value, you're prompted for it by the Platform CLI.

--restrict-service-externalip {true|false}

Sets whether to restrict access to external IP addresses for Kubernetes services. The default is true, which restricts access to external IP addresses.

This option deploys a Kubernetes service named externalip-validation-webhook-service to validate externalIPs set in Kubernetes service configuration files. Access to any external IP addresses is set in a Kubernetes service configuration file using the externalIPs option in the spec section.

--restrict-service-externalip-ca-cert path

The path to a CA certificate file for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/ca.cert.

--restrict-service-externalip-tls-cert path

The path to a CA certificate file for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/node.cert.

--restrict-service-externalip-tls-key path

The path to the private key for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/node.key.

--restrict-service-externalip-cidrs allowed_cidrs

Enter one or more comma separated CIDR blocks to allow only IP addresses from the specified CIDR blocks. For example, 192.0.2.0/24,198.51.100.0/24.

module_args for the calico module:

--calico-container-registry container_registry

The container image registry to use when deploying the Calico container image. The default is container-registry.oracle.com/olcne.

--calico-helm-module helm_module

The name of the helm module that the Calico module is to be associated with.

Important:

This option is deprecated. Use the --calico-kubernetes-module option instead.

--calico-kubernetes-module kubernetes_module

The name of the kubernetes module that the Calico module is to be associated with.

--calico-installation-config config-file-path

The path and location of a Calico configuration file.

--calico-namespace namespace

The Kubernetes namespace in which Calico components are deployed. The default is tigera-operator.

--calico-version version

The version of Calico to install. The default is the latest version. For information on the latest version number, see Release Notes.

module_args for the multus module:

--multus-config config-file-path

The path and location of a Multus configuration file.

--multus-container-registry container_registry

The container image registry to use when deploying the Multus container image. The default is container-registry.oracle.com/olcne.

--multus-helm-module helm_module

The name of the helm module that the Multus module is to be associated with.

Important:

This option is deprecated. Use the --multus-kubernetes-module option instead.

--multus-kubernetes-module kubernetes_module

The name of the kubernetes module that the Multus module is to be associated with.

--multus-namespace namespace

The Kubernetes namespace in which Multus components are deployed. The default is kube-system.

--multus-version version

The version of Multus to install. The default is the latest version. For information on the latest version number, see Release Notes.

module_args for the oci-ccm module:

--oci-ccm-helm-module helm_module

The name of the helm module that the Oracle Cloud Infrastructure Cloud Controller Manager module is to be associated with.

Important:

This option is deprecated. Use the --oci-ccm-kubernetes-module option instead.

--oci-ccm-kubernetes-module kubernetes_module

The name of the kubernetes module that the Oracle Cloud Infrastructure Cloud Controller Manager module is to be associated with.

--oci-tenancy OCID

The OCID for the Oracle Cloud Infrastructure tenancy.

--oci-region region_identifier

The Oracle Cloud Infrastructure region identifier. The default is us-ashburn-1.

For a list of the region identifiers, see the Oracle Cloud Infrastructure documentation.

--oci-compartment OCID

The OCID for the Oracle Cloud Infrastructure compartment.

--oci-user OCID

The OCID for the Oracle Cloud Infrastructure user.

--oci-private-key path

The location of the private key for the Oracle Cloud Infrastructure API signing key. The private key must be on the primary control plane node. The default is /root/.ssh/id_rsa.

Important:

This option is deprecated in Release 1.6.1. From Release 1.6.1 onwards, use the --oci-private-key-file option instead.

--oci-private-key-file path

The location of the private key for the Oracle Cloud Infrastructure API signing key.

Important:

The private key must be available on the operator node.

--oci-fingerprint fingerprint

The fingerprint of the public key for the Oracle Cloud Infrastructure API signing key.

--oci-passphrase passphrase

The passphrase for the private key for the Oracle Cloud Infrastructure API signing key, if one is set.

--oci-vcn OCID

The OCID for the Oracle Cloud Infrastructure Virtual Cloud Network on which the Kubernetes cluster is available.

--oci-lb-subnet1 OCID

The OCID of the regional subnet for the Oracle Cloud Infrastructure load balancer.

Or, the OCID of the first subnet of the two required availability domain specific subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-subnet2 OCID

The OCID of the second subnet of the two subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-security-mode {All|Frontend|None}

This option sets whether the Oracle Cloud Infrastructure Cloud Controller Manager module is to manage security lists for load balancer services. This option sets the configuration mode to use for security lists managed by the Kubernetes Cloud Controller Manager. The default is None.

For information on the security modes, see the Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure documentation.

--oci-use-instance-principals {true|false}

Sets whether to enable an instance to make API calls in Oracle Cloud Infrastructure services. The default is false.

--oci-container-registry container_registry

The container image registry to use when deploying the Oracle Cloud Infrastructure cloud provisioner image. The default is an empty string. The Platform API Server decides the correct repository for the version of the Oracle Cloud Infrastructure Cloud Controller Manager module that's to be installed. Or, you can use a private registry.

--ccm-container-registry container_registry

The container image registry to use when deploying the Oracle Cloud Infrastructure Cloud Controller Manager component images. The default is an empty string. The Platform API Server decides the correct repository for the version of the Oracle Cloud Infrastructure Cloud Controller Manager module that's to be installed. Or, you can use a private registry.

--oci-ccm-version version

The version of Oracle Cloud Infrastructure Cloud Controller Manager to install. The default is the latest version. For information on the latest version number, see Release Notes.

module_args for the metallb module:

--metallb-helm-module helm_module

The name of the helm module that MetalLB is to be associated with.

Important:

This option is deprecated. Use the --metallb-kubernetes-module option instead.

--metallb-kubernetes-module kubernetes_module

The name of the kubernetes module that the MetalLB module is to be associated with.

--metallb-config path

The location of the file that contains the configuration information for MetalLB. This file must be on operator node.

--metallb-namespace namespace

The Kubernetes namespace in which to install MetalLB. The default namespace is metallb-system.

--metallb-version version

The version of MetalLB to install. The default is the latest version. For information on the latest version number, see Release Notes.

--metallb-container-registry container_registry

The container image registry and optional tag to use when installing MetalLB. The default is container-registry.oracle.com/olcne.

module_args for the rook module:

--rook-kubernetes-module kubernetes_module

The name of the kubernetes module that the Rook module is to be associated with.

--rook-config path

The location of the file that contains the configuration information for Rook. This file must be on operator node.

--rook-namespace namespace

The Kubernetes namespace in which to install the Rook module. The default is rook.

--rook-version version

The version of Rook to install. The default is the latest version. For information on the latest version number, see Release Notes.

--rook-container-registry container_registry

The container image registry to use when deploying the Rook module. The default is container-registry.oracle.com/olcne.

module_args for the kubevirt module:

--kubevirt-kubernetes-module kubernetes_module

The name of the kubernetes module that the KubeVirt module is to be associated with.

--kubevirt-config path

The location of the file that contains the configuration information for KubeVirt, including the kubevirt.io/v1/KubeVirt object. This file must be on operator node.

--kubevirt-namespace namespace

The Kubernetes namespace in which to install the KubeVirt module. The default is kubevirt.

--kubevirt-version version

The version of KubeVirt to install. The default is the latest version. For information on the latest version number, see Release Notes.

--kubevirt-container-registry container_registry

The container image registry to use when deploying the KubeVirt module. The default is container-registry.oracle.com/olcne.

module_args for the operator-lifecycle-manager module:

--olm-helm-module helm_module

The name of the helm module that Operator Lifecycle Manager is to be associated with.

Important:

This option is deprecated. Use the --olm-kubernetes-module option instead.

--olm-kubernetes-module kubernetes_module

The name of the kubernetes module that the Operator Lifecycle Manager module is to be associated with.

--olm-version version

The version of Operator Lifecycle Manager to install. The default is the latest version. For information on the latest version number, see Release Notes.

--olm-container-registry container_registry

The container image registry to use when deploying the Operator Lifecycle Manager. The default is container-registry.oracle.com/olcne.

--olm-enable-operatorhub {true|false}

Sets whether to enable the Operator Lifecycle Manager to use the OperatorHub registry as a catalog source.

The default is true.

module_args for the ingress-nginx module:

--ingress-nginx-kubernetes-module kubernetes_module

The name of the kubernetes module that the NGINX Ingress Controller module is to be associated with.

--ingress-nginx-version version

The version of the NGINX Ingress Controller to install. The default is the latest version. For information on the latest version number, see Release Notes.

--ingress-nginx-container-registry container_registry

The container image registry to use when deploying the NGINX Ingress Controller. The default is container-registry.oracle.com/olcne.

--ingress-nginx-namespace namespace

The Kubernetes namespace in which to install the NGINX Ingress Controller module. The default is ingress-nginx.

--ingress-controller-service-annotations {annotation,...}

A comma separated list of annotations to be added to the external controller service to provision an Oracle Cloud Infrastructure load balancer.

For the full list of annotations you can include, see the upstream documentation at:

https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md

module_args for the istio module:

--istio-helm-module helm_module

The name of the helm module that Istio is to be associated with.

Important:

This option is deprecated. Use the --istio-kubernetes-module option instead.

--istio-kubernetes-module kubernetes_module

The name of the kubernetes module that the Istio module is to be assoingress-ngciated with.

--istio-version version

The version of Istio to install. The default is the latest version. For information on the latest version number, see Release Notes.

--istio-container-registry container_registry

The container image registry to use when deploying Istio. The default is container-registry.oracle.com/olcne.

--istio-enable-grafana {true|false}

Sets whether to deploy the Grafana module to visualize the metrics stored in Prometheus for Istio. The default is true.

--istio-enable-prometheus {true|false}

Sets whether to deploy the Prometheus module to store the metrics for Istio. The default is true.

--istio-mutual-tls {true|false}

Sets whether to enable Mutual Transport Layer Security (mTLS) for communication between the control plane pods for Istio, and for any pods deployed into the Istio service mesh.

The default is true.

Important:

We recommended this value isn't set to false, especially in production environments.

--istio-parent name

The name of the istio module to use with a custom profile. When used with the --istio-profile option, lets many instances of the istio module to attach Istio platform components to a single Istio control plane. When this option is set, the default Istio profile is replaced with the a mostly empty profile. The only contents of the profile are the container image hub location, and tags that correspond to the installed version of the istio module.

--istio-profile path

The path to the file that contains the spec section of an IstioOperator resource from the install.istio.io/v1alpha1 Kubernetes API. The values in this resource are laid over top of, and override, the default profile for Istio.

For information on the IstioOperator resource file, see the upstream Istio documentation.

module_args for the prometheus module:

--prometheus-helm-module helm_module

The name of the helm module that Prometheus is to be associated with.

Important:

This option is deprecated. Use the --prometheus-kubernetes-module option instead.

--prometheus-kubernetes-module kubernetes_module

The name of the kubernetes module that the Prometheus module is to be associated with.

--prometheus-version version

The version of Prometheus to install. The default is the latest version. For information on the latest version number, see Release Notes.

--prometheus-image container_registry

The container image registry and tag to use when installing Prometheus. The default is container-registry.oracle.com/olcne/prometheus.

--prometheus-namespace namespace

The Kubernetes namespace in which to install Prometheus. The default namespace is default.

--prometheus-persistent-storage {true|false}

If this value is false, Prometheus writes its data into an emptydir on the host where the pod is running. If the pod migrates, metric data is lost.

If this value is true, Prometheus requisitions a Kubernetes PersistentVolumeClaim so that its data persists, despite destruction, or migration of the pod.

The default is false.

--prometheus-alerting-rules path

The path to a configuration file for Prometheus alerts.

--prometheus-recording-rules path

The path to a configuration file for Prometheus recording rules.

--prometheus-scrape-configuration path

The path to a configuration file for Prometheus metrics scraping.

module_args for the grafana module:

--grafana-helm-module helm_module

The name of the helm module that Grafana is to be associated with.

Important:

This option is deprecated. Use the --grafana-kubernetes-module option instead.

--grafana-kubernetes-module kubernetes_module

The name of the kubernetes module that the Grafana module is to be associated with.

--grafana-version version

The version of Grafana to install. The default is the latest version. For information on the latest version number, see Release Notes.

--grafana-container-registry container_registry

The container image registry and tag to use when installing Grafana. The default is container-registry.oracle.com/olcne.

--grafana-namespace namespace

The Kubernetes namespace in which to install Grafana. The default namespace is default.

--grafana-dashboard-configmaps configmap

The name of the ConfigMap reference that contains the Grafana dashboards.

--grafana-dashboard-providers path

The location of the file that contains the configuration for the Grafana dashboard providers.

--grafana-datasources path

The location of the file that contains the configuration for the Grafana data sources.

--grafana-existing-sercret-name secret

The name of the existing secret containing the Grafana admin password.

--grafana-notifiers path

The location of the file that contains the configuration for the Grafana notifiers.

--grafana-pod-annotations annotations

A comma separated list of annotations to be added to the Grafana pods.

--grafana-pod-env env_vars

A comma separated list of environment variables to be passed to Grafana deployment pods.

--grafana-service-port port

The port number for the Grafana service. The default is 3000.

--grafana-service-type service

The service type to access Grafana. The default is ClusterIP.

module_args for the gluster module:

--gluster-helm-module helm_module

The name of the helm module that the Gluster Container Storage Interface module is to be associated with.

Important:

This option is deprecated. Use the --gluster-kubernetes-module option instead.

--gluster-kubernetes-module kubernetes_module

The name of the kubernetes module that the Gluster module is to be associated with.

--gluster-server-url URL

The URL of the Heketi API server endpoint. The default is http://127.0.0.1:8080.

--gluster-server-user user

The username of the Heketi server admin user. The default is admin.

--gluster-existing-secret-name secret

The name of the existing secret containing the admin password. The default is heketi-admin.

--gluster-secret-key secret

The secret containing the admin password. The default is secret.

--gluster-namespace namespace

The Kubernetes namespace in which to install the Gluster Container Storage Interface module. The default is default.

--gluster-sc-name class_name

The StorageClass name for the Glusterfs StorageClass. The default is hyperconverged.

--gluster-server-rest-auth {true|false}

Whether the Heketi API server accepts REST authorization. The default is true.

module_args for the helm module:

--helm-kubernetes-module kubernetes_module

The name of the kubernetes module that Helm is to be associated with. Each instance of Kubernetes can have one instance of Helm associated with it.

--helm-version version

The version of Helm to install. The default is the latest version. For information on the latest version number, see Release Notes.

module_args for the oci-csi module:

--oci-csi-helm-module helm_module

The name of the helm module that the Oracle Cloud Infrastructure Container Storage Interface module is to be associated with.

Important:

This option is deprecated. Use the --oci-ccm-kubernetes-module option instead.

--oci-tenancy OCID

The OCID for the Oracle Cloud Infrastructure tenancy.

--oci-region region_identifier

The Oracle Cloud Infrastructure region identifier. The default is us-ashburn-1.

For a list of the region identifiers, see the Oracle Cloud Infrastructure documentation.

--oci-compartment OCID

The OCID for the Oracle Cloud Infrastructure compartment.

--oci-user OCID

The OCID for the Oracle Cloud Infrastructure user.

--oci-private-key path

The location of the private key for the Oracle Cloud Infrastructure API signing key. This must be on the primary control plane node. The default is /root/.ssh/id_rsa.

Important:

The private key must be available on the primary control plane node. This is the first control plane node listed in the --control-plane-nodes option when you create the Kubernetes module.

--oci-fingerprint fingerprint

The fingerprint of the public key for the Oracle Cloud Infrastructure API signing key.

--oci-passphrase passphrase

The passphrase for the private key for the Oracle Cloud Infrastructure API signing key, if one is set.

--oci-vcn OCID

The OCID for the Oracle Cloud Infrastructure Virtual Cloud Network on which the Kubernetes cluster is available.

--oci-lb-subnet1 OCID

The OCID of the regional subnet for the Oracle Cloud Infrastructure load balancer.

Or, the OCID of the first subnet of the two required availability domain specific subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-subnet2 OCID

The OCID of the second subnet of the two subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-security-mode {All|Frontend|None}

This option sets whether the Oracle Cloud Infrastructure CSI plugin is to manage security lists for load balancer services. This option sets the configuration mode to use for security lists managed by the Kubernetes Cloud Controller Manager. The default is None.

For information on the security modes, see the Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure documentation.

--oci-container-registry container_registry

The container image registry to use when deploying the Oracle Cloud Infrastructure cloud provisioner image. The default is iad.ocir.io/oracle.

--csi-container-registry container_registry

The container image registry to use when deploying the CSI component images. The default is quay.io/k8scsi.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module install 
{-E|--environment-name} environment_name 
{-N|--name} name 
[{-g|--generate-scripts}]
[{-L|--log-level} type]
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-g|--generate-scripts}

Generates a set of scripts which contain the commands required to fix any set up errors for the nodes in a module. A script is created for each node in the module, saved to the local directory, and named hostname:8090.sh.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module instances 
{-E|--environment-name} environment_name
[{-h|--help}]
[globals]  

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module list 
{-E|--environment-name} environment_name
[{-h|--help}]
[globals]  

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module property get 
{-E|--environment-name} environment_name 
{-N|--name} name
{-P|--property} property_name
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-P|--property} property_name

The name of the property. You can get a list of the available properties using the olcnectl module property list command.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module property list 
{-E|--environment-name} environment_name 
{-N|--name} name
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module report 
{-E|--environment-name} environment_name 
[{-N|--name} name]
[--children]
[--exclude pattern]
[--include pattern]
[--format {yaml|table}] 
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment. When no name is specified, the output of the command contains information about all modules deployed in the selected environment.

--children

When added to the command, this option recursively displays the properties for all children of a module instance. The default value is false.

--exclude pattern

An RE2 regular expression selecting the properties to exclude from the report. This option might specify more than one property as a comma separated lists.

--include pattern

An RE2 regular expression selecting the properties to include in the report. This option might specify more than one property as a comma separated lists. By default, all properties are displayed. Using this option one or more times overrides this behavior.

--format {yaml|table}

To generate reports in YAML or table format, use this option. The default format is table.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module restore 
{-E|--environment-name} environment_name 
{-N|--name} name
[{-g|--generate-scripts}]
[{-F|--force}]
[{-L|--log-level} type]
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-g|--generate-scripts}

Generates a set of scripts which contain the commands required to fix any set up errors for the nodes in a module. A script is created for each node in the module, saved to the local directory, and named hostname:8090.sh.

{-F|--force}

Skips the confirmation prompt.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module uninstall 
{-E|--environment-name} environment_name 
{-N|--name} name
[{-F|--force}]
[{-L|--log-level} type]
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-F|--force}

Skips the confirmation prompt.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module update 
{-E|--environment-name} environment_name 
{-N|--name} name 
[{-g|--generate-scripts}]
[{-F|--force}]
[{-L|--log-level} type]
[{-h|--help}]
[module_args ...]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-g|--generate-scripts}

Generates a set of scripts which contain the commands required to fix any set up errors for the nodes in a module. A script is created for each node in the module, saved to the local directory, and named hostname:8090.sh.

{-F|--force}

Skips the confirmation prompt.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where module_args is:

The value of module_args is one or more arguments to update a module in an environment.

module_args for the kubernetes module:

{-k|--kube-version} version

Sets the Kubernetes version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

If this option isn't provided, any Kubernetes errata updates are installed.

{-r|--container-registry} container_registry

The container registry that contains the Kubernetes images when performing an update or upgrade. Use the Oracle Container Registry or a local registry to pull the Kubernetes images.

This option lets you update or upgrade using a different container registry. This option sets the default container registry during all later updates or upgrades and need only be used when changing the default container registry.

{-m|--master-nodes} nodes ...

A comma-separated list of the hostnames or IP addresses of the Kubernetes control plane nodes that are to remain in or be added to the Kubernetes cluster, including the port number for the Platform Agent. Any control plane nodes not included in this list are removed from the cluster. The nodes in this list are the nodes that are to be included in the cluster.

The default port number for the Platform Agent is 8090. For example, control1.example.com:8090,control2.example.com:8090.

Important:

This option is deprecated. Use the --control-plane-nodes option instead.

{-c|--control-plane-nodes} nodes ...

A comma-separated list of the hostnames or IP addresses of the Kubernetes control plane nodes that are to remain in or be added to the Kubernetes cluster, including the port number for the Platform Agent. Any control plane nodes not included in this list are removed from the cluster. The nodes in this list are the nodes that are to be included in the cluster.

The default port number for the Platform Agent is 8090. For example, control1.example.com:8090,control2.example.com:8090.

{-w|--worker-nodes} nodes ...

A comma-separated list of the hostnames or IP addresses of the Kubernetes worker nodes that are to remain in or be added to the Kubernetes cluster, including the port number for the Platform Agent. Any worker nodes not included in this list are removed from the cluster. The nodes in this list are the nodes that are to be included in the cluster.

The default port number for the Platform Agent is 8090. For example, worker1.example.com:8090,worker2.example.com:8090.

--compact {true|false}

Sets whether to let non-system Kubernetes workloads to run on control plane nodes. The default is false.

If you set this to true, the Platform API Server untaints control plane nodes if they're tainted. This lets non-system Kubernetes workloads to be scheduled and run on control plane nodes.

If you set this to false, the Platform API Server taints the control plane nodes if they're untainted. This prevents non-system Kubernetes workloads to be scheduled and run on control plane nodes.

Important:

For production environments, this option must be set to false (the default).

--nginx-image container_location

The location of the NGINX container image to update. This is optional.

This option pulls the NGINX container image from the container registry location you specify to update NGINX on the control plane nodes. For example:

--nginx-image container-registry.oracle.com/olcne/nginx:1.17.7

--helm-version version

Sets the Helm version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--restrict-service-externalip {true|false}

Sets whether to restrict access to external IP addresses for Kubernetes services. The default is true, which restricts access to external IP addresses.

This option deploys a Kubernetes service named externalip-validation-webhook-service to validate externalIPs set in Kubernetes service configuration files. Access to any external IP addresses is set in a Kubernetes service configuration file using the externalIPs option in the spec section.

--restrict-service-externalip-ca-cert path

The path to a CA certificate file for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/ca.cert.

--restrict-service-externalip-tls-cert path

The path to a CA certificate file for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/node.cert.

--restrict-service-externalip-tls-key path

The path to the private key for the externalip-validation-webhook-service application that's deployed when the --restrict-service-externalip option is set to true. For example, /etc/olcne/certificates/restrict_external_ip/node.key.

--restrict-service-externalip-cidrs allowed_cidrs

Enter one or more comma separated CIDR blocks to allow only IP addresses from the specified CIDR blocks. For example, 192.0.2.0/24,198.51.100.0/24.

--selinux {enforcing|permissive}

Whether to use SELinux enforcing or permissive mode. permissive is the default.

Use this option if SELinux is set to enforcing on the control plane and worker nodes. SELinux is set to enforcing mode by default on the OS and is the recommended mode.

module_args for the calico module:

--calico-version version

Sets the Calico version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--calico-container-registry container_registry

The container registry that contains the Calico images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the Calico images.

module_args for the multus module:

--multus-version version

Sets the Multus version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--multus-container-registry container_registry

The container registry that contains the Multus images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the Multus images.

module_args for the oci-ccm module:

--oci-ccm-version version

Sets the Oracle Cloud Infrastructure Cloud Controller Manager version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--oci-container-registry container_registry

The container image registry to use when updating the Oracle Cloud Infrastructure cloud provisioner image. The default is an empty string. The Platform API Server decides the correct repository for the version of the Oracle Cloud Infrastructure Cloud Controller Manager module that's to be upgrade. Or, you can use a private registry.

--ccm-container-registry container_registry

The container image registry to use when updating the Oracle Cloud Infrastructure Cloud Controller Manager component images. The default is an empty string. The Platform API Server decides the correct repository for the version of the Oracle Cloud Infrastructure Cloud Controller Manager module that's to be upgraded. Or, you can use a private registry.

--oci-lb-subnet1 OCID

The OCID of the regional subnet for the Oracle Cloud Infrastructure load balancer.

Or, the OCID of the first subnet of the two required availability domain specific subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-subnet2 OCID

The OCID of the second subnet of the two subnets for the Oracle Cloud Infrastructure load balancer. The subnets must be in separate availability domains.

--oci-lb-security-mode {All|Frontend|None}

This option sets whether the Oracle Cloud Infrastructure Cloud Controller Manager module is to manage security lists for load balancer services. This option sets the configuration mode to use for security lists managed by the Kubernetes Cloud Controller Manager. The default is None.

For information on the security modes, see the Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure documentation.

module_args for the rook module:

--rook-version version

Sets the Rook version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--rook-container-registry container_registry

The container image registry and optional tag to use when upgrading Rook. The default is container-registry.oracle.com/olcne.

module_args for the kubevirt module:

--kubevirt-version version

Sets the KubeVirt version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--kubevirt-config path

The location of the file that contains the configuration information for KubeVirt, including the kubevirt.io/v1/KubeVirt object. This file must be on operator node.

--kubevirt-container-registry container_registry

The container image registry and optional tag to use when upgrading KubeVirt. The default is container-registry.oracle.com/olcne.

module_args for the metallb module:

--metallb-version version

Sets the MetalLB version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--metallb-container-registry container_registry

The container image registry and optional tag to use when upgrading MetalLB. The default is container-registry.oracle.com/olcne.

module_args for the operator-lifecycle-manager module:

--olm-version version

Sets the Operator Lifecycle Manager version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

module_args for the ingress-nginx module:

--ingress-nginx-version version

Sets the NGINX Ingress Controller version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--ingress-nginx-container-registry container_registry

The container registry that contains the NGINX Ingress Controller images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the NGINX Ingress Controller images.

module_args for the istio module:

--istio-version version

Sets the Istio version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--istio-container-registry container_registry

The container registry that contains the Istio images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the Istio images.

module_args for the prometheus module:

--prometheus-version version

Sets the Prometheus version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--prometheus-container-registry container_registry

The container registry that contains the Prometheus images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the Prometheus images.

module_args for the grafana module:

--grafana-version version

Sets the Grafana version for the upgrade. The default is the latest version. For information on the latest version number, see Release Notes.

--grafana-container-registry container_registry

The container registry that contains the Grafana images when performing an update or upgrade. Use the Oracle Container Registry (the default) or a local registry to pull the Grafana images.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module validate 
{-E|--environment-name} environment_name 
{-N|--name} name 
[{-g|--generate-scripts}]
[{-L|--log-level} type]
[{-h|--help}]
[globals] 

Where:

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

{-g|--generate-scripts}

Generates a set of scripts which contain the commands required to fix any set up errors for the nodes in a module. A script is created for each node in the module, saved to the local directory, and named hostname:8090.sh.

{-L|--log-level} type

Sets the type of messages displayed by the Platform API Server. If you don't set this option, error messages are displayed by default. The options for type are:

• error: Displays error messages. This is the default type.

• warn: Displays warning messages.

• info: Displays information messages.

• debug: Displays all messages. This is the most detailed message level.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl module version 
{-E|--environment-name} environment_name 
[{--all | {-M|--module} module_name}]
[--print-subcomponents] 
[{-o|--output} {pretty|yaml|json}]
[{-h|--help}]
[globals]

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{--all | {-M|--module} module_name}

Specifies whether to print version information for all available modules, or for the specified module only. Options are:

• --all: Prints versions for all available modules.
• {-M|--module} module_name: Prints only the version of the module named module_name.

--print-subcomponents

Specifies that versions of the module subcomponents are also to be included in the output. This is optional.

{-o|--output} {pretty|yaml|json}

Prints the output in the specified format. The format options are pretty (human readable), yaml and json. The default is pretty. This is optional.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl node install-agent 
[{-h|--help}]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where:

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl node install-api-server 
[{-h|--help}]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where:

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl node install-certificates 
[{-c|--certificate} path]
[{-C|--certificate-authority-chain} path]
[{-h|--help}]
[{-K|--key} path]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where :

{-c|--certificate} path

The path to the node.cert certificate.

{-C|--certificate-authority-chain} path

The path to the ca.cert Certificate Authority certificate.

{-h|--help}

Lists information about the command and the available options.

{-K|--key} path

The path to the node.key key.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl node setup-kubernetes 
{-a|--api-server} api-server-address
[--control-plane-ha-nodes nodes ]
[{-c|--control-plane-nodes} nodes] 
[{-d|--debug}]
[{-h|--help}]
[{-m|--master-nodes} nodes] (Deprecated)
[{-n|--nodes} nodes]
[{-R|--remote-command} remote-command]
[{-r|--role} role]
[--selinux {permissive|enforcing}]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]
[{-w|--worker-nodes} nodes]
[{-y|--yes}]

Where:

{-a|--api-server} api-server-address

The hostname or IP address of the Platform API Server host.

{-c|--control-plane-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes. For example, control1.example.com,control2.example.com.

--control-plane-ha-nodes nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes in a High Availability cluster. For example, control1.example.com,control2.example.com,control3.example.com.

{-d|--debug}

Enable debug logging.

{-h|--help}

Lists information about the command and the available options.

{-m|--master-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes. For example, control1.example.com,control2.example.com,control3.example.com.

Note:

This argument has been deprecated. Use the --control-plane-nodes argument instead.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-r|--role} role

The role of a host. The roles are one of:

• api-server: The Platform API Server.

• control-plane: A Kubernetes control plane node for a cluster that has only one.

• control-plane-ha: A Kubernetes control plane node for a cluster that has more than one.

• worker: A Kubernetes worker node.

--selinux {permissive|enforcing}

Sets whether SELinux is to be set to enforcing or permissive. The default is permissive.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

{-w|--worker-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes worker nodes. For example, worker1.example.com,worker2.example.com.

{-y|--yes}

Sets whether to assume the answer to a confirmation prompt is affirmative (yes).

olcnectl node setup-package-repositories
[{-d|--debug}]
[{-h|--help}]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]

Where:

{-d|--debug}

Enable debug logging.

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

olcnectl node setup-platform 
{-a|--api-server} api-server-address
[--byo-ca-cert certificate-path]
[--byo-ca-key key-path]
[--cert-dir certificate-directory]
[--cert-request-common-name common_name]
[--cert-request-country country]
[--cert-request-locality locality]
[--cert-request-organization organization]
[--cert-request-organization-unit organization-unit]
[--cert-request-state state]
[--control-plane-ha-nodes nodes ]
[--control-plane-nodes nodes]
[{-d|--debug}]
[{-h|--help}]
[--http-proxy proxy-server]
[--https-proxy proxy-server]
[--no-proxy no_proxy]
[{-n|--nodes} nodes]
[--one-cert]
[{-R|--remote-command} remote-command]
[{-r|--role} role]
[--selinux {permissive|enforcing}]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]
[{-w|--worker-nodes} nodes]
[{-y|--yes}]

Where:

{-a|--api-server} api-server-address

The hostname or IP address of the Platform API Server host.

--byo-ca-cert certificate-path

The path to an existing public CA Certificate.

--byo-ca-key key-path

The path to an existing private key.

--cert-dir certificate-directory

The directory to read or write key material generated by this utility. The default is <CURRENT_DIR>/certificates.

--cert-request-common-name common_name

The Certificate Common Name suffix. The default is example.com.

--cert-request-country country

The two letter country code of the company, for example, US for the United States, GB for the United Kingdom and CN for China. The default is US.

--cert-request-locality locality

The name of the city where the company is located. The default is Redwood City.

--cert-request-organization organization

The name of the company. The default is OLCNE.

--cert-request-organization-unit organization-unit

The name of the department within the company. The default is OLCNE.

--cert-request-state state

The name of the state or province where the company is located. The default is California.

--control-plane-ha-nodes nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes in a High Availability cluster. For example, control1.example.com,control2.example.com,control3.example.com.

{-c|--control-plane-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes. For example, control1.example.com,control2.example.com.

{-d|--debug}

Enable debug logging.

{-h|--help}

Lists information about the command and the available options.

--http-proxy proxy-server

The location of the HTTP proxy server if required.

--https-proxy proxy-server

The location of the HTTPS proxy server if required.

--no-proxy no_proxy

The list of hosts for which to exclude from the proxy server settings.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

--one-cert

Sets whether to generate a single certificate that can be used to authenticate all the hosts. By default this option isn't set.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-r|--role} role

The role of a host. The roles are one of:

• api-server: The Platform API Server.

• control-plane: A Kubernetes control plane node for a cluster that has only one.

• control-plane-ha: A Kubernetes control plane node for a cluster that has more than one.

• worker: A Kubernetes worker node.

--selinux {permissive|enforcing}

Sets whether SELinux is to be set to enforcing or permissive. The default is permissive.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

{-w|--worker-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes worker nodes. For example, worker1.example.com,worker2.example.com.

{-y|--yes}

Sets whether to assume the answer to a confirmation prompt is affirmative (yes).

olcnectl node start-platform
[{-h|--help}]
{-n|--nodes} nodes
[{-R|--remote-command} remote-command]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]
[{-y|--yes}]

Where:

{-h|--help}

Lists information about the command and the available options.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

{-y|--yes}

Sets whether to assume the answer to a confirmation prompt is affirmative (yes).

olcnectl operation list 
[{-h|--help}]
[globals] 

Where:

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl operation logs 
{{-I|--operation-id} log_id}
[{-h|--help}]
[globals] 

Where:

{-I|--operation-id} log_id

The identifier for an operation.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl operation follow 
{{-I|--operation-id} log_id} 
[{-g|--generate-scripts}]
[{-h|--help}]
[globals] 

Where:

{-I|--operation-id} log_id

The identifier for an operation.

{-g|--generate-scripts}

Generates a set of scripts which contain the commands required to fix any set up errors for the nodes in a module. A script is created for each node in the module, saved to the local directory, and named hostname:8090.sh.

{-h|--help}

Lists information about the command and the available options.

Where globals is one or more of the global options as described in Using Global Flags.

olcnectl provision 
{-a|--api-server} api-server-address
[--byo-ca-cert certificate-path]
[--byo-ca-key key-path]
[--cert-dir certificate-directory]
[--cert-request-common-name common_name]
[--cert-request-country country]
[--cert-request-locality locality]
[--cert-request-organization organization]
[--cert-request-organization-unit organization-unit]
[--cert-request-state state]
[--config-file config-file-path]
[--container-registry registry]
{-c|--control-plane-nodes} nodes
[{-d|--debug}]
{-E|--environment-name} environment_name 
[{-h|--help}]
[--http-proxy proxy-server]
[--https-proxy proxy-server]
[--load-balancer load-balancer]
{-m|--master-nodes} nodes (Deprecated)
{-N|--name} name
[--no-proxy no_proxy]
[{-n|--nodes} nodes]
[--one-cert]
[{-R|--remote-command} remote-command]
[--restrict-service-externalip-cidrs allowed_cidrs]
[--selinux {permissive|enforcing}]
[{-i|--ssh-identity-file} file_location]
[{-l|--ssh-login-name} username]
[--timeout minutes]
[--virtual-ip IP_address]
{-w|--worker-nodes} nodes
[{-y|--yes}]

Where:

{-a|--api-server} api-server-address

The hostname or IP address of the Platform API Server host.

--byo-ca-cert certificate-path

The path to an existing public CA Certificate.

--byo-ca-key key-path

The path to an existing private key.

--cert-dir certificate-directory

The directory to read or write key material generated by this utility. The default is <CURRENT_DIR>/certificates.

--cert-request-common-name common_name

The Certificate Common Name suffix. The default is example.com.

--cert-request-country country

The two letter country code of the company, for example, US for the United States, GB for the United Kingdom and CN for China. The default is US.

--cert-request-locality locality

The name of the city where the company is located. The default is Redwood City.

--cert-request-organization organization

The name of the company. The default is OLCNE.

--cert-request-organization-unit organization-unit

The name of the department within the company. The default is OLCNE.

--cert-request-state state

The name of the state or province where the company is located. The default is California.

--config-file config-file-path

The path and location of an Oracle Cloud Native Environment configuration file.

--container-registry registry

The container registry from which to pull the Kubernetes container images. The default is container-registry.oracle.com/olcne.

{-c|--control-plane-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes. For example, control1.example.com,control2.example.com.

{-d|--debug}

Enable debug logging.

{-E|--environment-name} environment_name

The Oracle Cloud Native Environment. The value of environment_name is the name to use to identify an environment.

{-h|--help}

Lists information about the command and the available options.

--http-proxy proxy-server

The location of the HTTP proxy server if required.

--https-proxy proxy-server

The location of the HTTPS proxy server if required.

--load-balancer load-balancer

The location of the external load balancer if required.

{-m|--master-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes control plane nodes. For example, control1.example.com,control2.example.com,control3.example.com.

Note:

This argument has been deprecated. Use the --control-plane-nodes argument instead.

{-N|--name} name

The module name. The value of name is the name to use to identify a module in an environment.

--no-proxy no_proxy

The list of hosts for which to exclude from the proxy server settings.

{-n|--nodes} nodes

A comma separated list of the hostnames or IP addresses of nodes.

Sets the nodes on which to perform an action. Any nodes that aren't the local node use the command indicated by --remote-command to connect to the host (by default, ssh). If a node address resolves to the local system, all commands are run locally without using the remote command.

--one-cert

Sets whether to generate a single certificate that can be used to authenticate all the hosts. By default this option isn't set.

{-R|--remote-command} remote-command

Opens a connection to a remote host. The address of the host and the command are appended to the end of this command. For example:

ssh -i ~/.ssh/myidfile -l myuser

The default remote command is ssh.

--restrict-service-externalip-cidrs allowed_cidrs

Enter one or more comma separated CIDR blocks to allow only IP addresses from the specified CIDR blocks. For example, 192.0.2.0/24,198.51.100.0/24.

--selinux {permissive|enforcing}

Sets whether SELinux is to be set to enforcing or permissive. The default is permissive.

{-i|--ssh-identity-file} file_location

The location of the SSH identity file. If no value is specified, the OS defaults are used.

{-l|--ssh-login-name} username

The username to log in using SSH. The default is opc.

--timeout minutes

The number of minutes to set for command timeouts. The default is 40 minutes.

--virtual-ip IP_address

The virtual IP address to use for the internal load balancer.

{-w|--worker-nodes} nodes

A comma separated list of the hostnames or IP addresses of the Kubernetes worker nodes. For example, worker1.example.com,worker2.example.com.

{-y|--yes}

Sets whether to assume the answer to a confirmation prompt is affirmative (yes).

olcnectl template 
[{-h|--help}]

Where:

{-h|--help}

Lists information about the command and the available options.