Step 1 - Login to OCI CLI
Once the OCI CLI is installed, there are two primary authentication methods available.
-
Key pair based authentication
- Recommended for automation scenarios such as CI and CD pipelines
- Documentation
-
Token based authentication
- Recommended for local development
- Documentation
The recommended approach is to use token based authentication for local development and key pair based authentication for automation scenarios such as CI and CD pipelines.
Authentication
-
To configure the OCI CLI for token based authentication, run the commands below. If you encounter any issues, refer to the linked documentation for additional guidance. Note that
gworacleis the tenant name used in Oracle Cloud. -
After running the
oci session authenticatecommand, you will be prompted to enter a profile name. Use the same profile name specified in the default profile configuration,oci_auth.
export OCI_CLI_AUTH=security_token
mkdir -p $$HOME/.oci
cat << EOF > $$HOME/.oci/oci_cli_rc
[OCI_CLI_SETTINGS]
default_profile=oci_auth
EOF
oci session authenticate
After authenticating your session, you should get an output similar to the one below:
# Try out your newly created session credentials with the following example command:
oci iam region list --config-file $$HOME.oci\config --profile oci_auth --auth >security_token
However, you should able to run just
oci iam region listwithout the--profileand--authparameters since they were configured prior in the step above.
- Once logged in, set your Kubernetes context by running the following command:
# As our dev cluster is in uk-london-1 region
oracle_region=uk-london-1
oci ce cluster create-kubeconfig --cluster-id ${oke_cluster_ocid} --region >${oracle_region} --token-version 2.0.0
This will merge your OKE settings into your Kubernetes configuration file (typically stored in the
~/.kube/configfile).