Installer Guides

Oracle Cloud (Self-Managed)

This guide explores and requirements and configuration setup needed for lightbeam deployment on self managed virtual machines as Kubernetes nodes.

Requirements

1. Compartment

  • Dedicated Compartment for LightBeam installation.

  • Dedicated User and Group for LightBeam installation and administration

    • Policy statement required for the group.

Allow group <group_name> to manage all-resources in compartment <compartment_name>

2. Networking (VCN & Subnets)

  • New VCN: Create a VCN with /24 CIDR Block. Example: 10.10.1.0/24

  • Subnets (Regional): Create a private subnet with – /24 CIDR Block for LightBeam Nodes Example: 10.10.1.0/24

3. Compute & Storage (Instances)

Master node

Worker nodes

Count

1 VM

3 VMs

Compute

4 vCPU, 8 GiB Memory

(VM.Standard.E4.Flex – 2 OCPUs, 8 GB Memory)

8 vCPU, 32 GiB Memory*

(VM.Standard.E4.Flex – 4 OCPUs, 32 GB Memory)

Local Storage

200GB on / with < 5ms latency

50 GB / and 500GB on /var with < 5ms latency

OS Flavor

Canonical Ubuntu 24.04

Canonical Ubuntu 24.04

Network

10Gbps b/w with internet Access to install dependent packages

10Gbps b/w with internet Access to install dependent packages

User Access

sudo

sudo

Note:

  • For performance configuration, the worker nodes can be sized with 24 vCPU and 64 GiB Memory.

4. NAT Gateway

  • NAT Gateway with public IP address (for outbound access)

  • Route rule: Add a route rule in our default routing rules which uses the nat gateway.

Create DNS A Record for the Master Node private IP address

5. Jumpbox

To access the master node we will need a public jumpbox vm either in the same VCN in a public subnet or in a different VCN in a public subnet which has been connected by VCN peering.

The jumpbox must be setup with ssh access to the master node.

Note: The Jumpbox VCN and the lightbeam cluster VCN must have non overlapping CIDRs.

Resource Creation

Compartment Creation:

  1. Create a compartment: Go to compartments page on oracle cloud console https://cloud.oracle.com/identity/compartments and click on create button.

  1. Fill in the compartment details: Give the compartment a name and choose the appropriate parent compartment and hit create.

VCN creation:

  1. Create a VCN: Go to vcns page on oracle cloud console https://cloud.oracle.com/networking/vcns. On the compartment filter select the compartment created for lightbeam and then hit create VCN.

  1. Fill in the VCN fields : Fill in the required fields for VCN and hit create -

    • Name: Choose the appropriate name for the VCN.

    • Create in Compartment: This should show the correct compartment.

    • IPv4 CIDR block: Add 10.10.1.0/24 to the CIDR block list.

    • Use DNS hostnames in this VCN: Checkbox must be enabled.

    • DNS label (optional): A dns label can be entered , otherwise vcn name is used.

Security List Creation:

  1. Create the security lists: On page of your created VCN go to security tab and click on create security list button.

  1. Fill in the security list details: We want below security lists with below names and information.

Default Security List

Since the default security rule already exists we want to update it with below rules.

Ingress Rules:

State
Source
Protocol/Dest. Port
Description

Stateful

10.10.1.0/24 (Worker Nodes CIDR)

All Protocols(All ports)

Needed for the worker nodes to be able to communicate with each other freely

Stateful

10.10.3.0/24 (Jumpbox CIDR)

TCP/22

Allow jumpbox to access the master/worker nodes through ssh.

Egress Rules:

State:
Destination
Protocol / Dest. Port
Description:

Stateful

0.0.0.0/0

All Protocols(All ports)

Allow worker nodes access to internet.

Route table creation:

  1. Create Route Tables: On the page of your created VCN go to routing tab and click on create route table.

  1. Fill in the route table details: We will need below route tables for our requirement with below names and details.

Default Route Table

Two route rule defined as follows:

  • Rule for traffic to internet:

    • Destination CIDR block: 0.0.0.0/0

    • Target Type: NAT Gateway

    • Target: lb-nat

  • Rule for traffic to jump box subnet in different VCN (Optional for VCN Peering):

    • Destination: 10.10.2.0/29 (Subnet mask for jump box subnet)

    • Target Type: Local Peering Gateway

    • Target: lb-peer-1

Subnet Creation:

  1. Create subnets: Go the vcns page and click on your created VCN. Then go to the subnets tab and hit create.

  1. Fill in the subnet details: We want 5 subnets for our requirement with the details as mentioned in the table other options can be left as default.

Name
CIDR block
Subnet Access
Security List
Route Table

lb-subnet

10.10.1.0/24

Private

default

default

public-lb-subnet (optional - required if we want the jumpbox to be in the same vcn)

10.10.3.0/24

Public

public-lb-seclist

lb-public-route

Instance Creation

Create the instances for master/worker nodes: Go to https://cloud.oracle.com/compute/instances page and choose the compartment where the lightbeam VCN is located. Click on create instance button.

  • Create the instances required as specified here: 3. Compute & Storage (Instances)

  • We need to download the ssh keys during instance creation for the master vm, the same public key can be uploaded during instance creation for worker nodes for us to be able to access it through ssh.

  • For the local storage we want allocate the storage on the boot volume as specified for the /var path on the block volume storage. Example below:

Jumpbox Creation

There are two ways we can approach jumpbox creation:

  1. Creation in the same VCN but in a public subnet

  2. Creation in a different VCN in a public subnet ( requires VCN peering)

Irrespective of the VCN its being created in we will need below resources created in jump box hosting VCN:

  1. Security list details: We want below security list with below names and information.

public-lb-seclist

Ingress Rules:

State:
Source
Protocol / Dest. Port
Description:

Stateful

34.198.104.197(Lightbeam IP)

TCP/22

Allow lightbeam jumpbox access through ssh

Egress Rules:

State:
Destination
Protocol / Dest. Port
Description:

Stateful

0.0.0.0/0

TCP/All

Allow jump box to access internet.

  1. Fill in the route table details: We will need below route table for our requirement with below names and details.

lb-public-route

One route rule defined as follows:

  • Allow jumpbox to be accessible from internet

    • Destination CIDR block: 0.0.0.0/0

    • Target Type: Internet Gateway

    • Target: public-lb-ig

  1. Create an internet gateway: We will need an internet gateway with name public-lb-ig for allowing jump box to be accessible from internet.

  2. Subnet details: We want a public subnet with 10.10.3.0/24 CIDR , for the same VCN as the cluster we need to add 10.10.3.0/24 to existing CIDR block range and then create the subnet. Otherwise a new VCN needs to be created with 10.10.3.0/24 CIDR block.

Name
CIDR block
Subnet Access
Security List
Route Table

public-lb-subnet (optional - required if we want the jumpbox to be in the same vcn)

10.10.3.0/24

Public

public-lb-seclist

lb-public-route

  1. Create a jumpbox: Go to https://cloud.oracle.com/compute/instances page and choose the compartment where the jump box VCN is located. Click on create instance button.

  • Fill in the instance details:

    • Name: Give an appropriate name ( Example: lightbeam-jumpbox).

    • Image section: Click on change image button and change image to Ubuntu and choose Canonical Ubuntu 24.04 as the flavor.

    • Shape section: Click on change shape and for Instance type -> Keep the default virtual machine selected.

    • Shape series: Choose AMD.

    • Shape name: VM.Standard.E4.Flex ( with 1 OCPU and 2 GB Memory )

  • Instance Security section: We can keep it default options.

  • Instance Networking section: fill in the details:

    • VNIC name: Give an appropriate name (Example: lightbeam-jumpbox-vnic)

    • Primary network: With Select existing virtual cloud network option selected choose the VCN & compartment where jump box VCN is created selected.

    • Subnet: With Select existing subnet option selected choose the jumpbox subnet.

    • We can keep other options default and in Add SSH keys keys section download the private key.

  • Other sections can be kept default and keep clicking next and our jumpbox will be created, and we can connect to it using ssh through its public ip.

VCN Peering for jumpbox ( Optional )

For the case where the jumpbox is situated in a different VCN we will need VCN pairing to be able to access the cluster nodes from the jumpbox. We will need to create below resources.

  1. Create a peering gateway: We need to create a peering gateway in both VCNs with below info

host VCN
Peering gateway name
Target VCN

Lightbeam cluster vcn

lb-peer-1

Jumpbox VCN

Jumpbox vcn

lb-peer-2

Lightbeam cluster vcn

Once both peering gateways are created we need to click on any one peering gateway menu and select establish peering connection.

Select the Virtual cloud compartment where the target VCN is situated and then the target VCN and select the local peering gateway compartment and the peering gateway you want to use and hit establish peering connection which will result in the VCN getting connected through peering with a result below.

This will complete the Architecture setup and we can proceed with Kubeadm cluster setup.

PreviousOracle Cloud (OKE)NextIntegration and Setup

Last updated