To integrate your Oracle Cloud Account (OCI) with the Cloud8 Platform, you need to provide an access credential in your account settings with us.
Check out how to generate an OCI credential in the official Documentation .
Once the credential has been generated, we need the following parameters:
- user: ex: ocid1.user.oc1……
- tenancy: ex: ocid1.tenancy.oc1…..
- region: Sao Paulo, Ausburn, etc
- pem: text file with key, starts with “—–BEGIN RSA PRIVATE KEY—–“
- fingerprint: fingerprint of the key
For IAM: https://console.sa-saopaulo-1.oraclecloud.com/identity/policies
define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group __MYGROUP__ to read all-resources in tenancy
endorse group __MYGROUP__ to read objects in tenancy usage-report
NOTE: To process the costs it is necessary to maintain the tenancy code above as it is from Oracle itself)
Specific permissions for automations #
Power on / off / upgrade / downgrade instances #
Allow group __MYGROUP__ to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}
Backup #
Allow group __MYGROUP__ to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}
MySQL – Turn on / off #
Allow group __MYGROUP__ to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}
DbSystems – on / off #
Allow group __MYGROUP__ to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}
Manage Tags #
Allow group __MYGROUP__ to use tag-namespaces in tenancy
OKE Cluster NodePools – on / off #
Allow group __MYGROUP__ to use subnets in tenancy
Allow group __MYGROUP__ to use vnics in tenancy
Allow group __MYGROUP__ to manage instance-family in tenancy
NOTES:
1) The ‘manage instance-family‘ permission is required for NodePools .
2) To avoid mixing with non- Kubernetes instances , we recommend using ‘in compartment‘ instead of the entire tenancy.
Instance Pools – on / off / scale (zero / +1) #
Allow group __MYGROUP__ to use instance-pools in tenancy
Allow group __MYGROUP__ to manage compute-management-family in tenancy
NOTE: The ‘compute-management-family‘ permission is required for scaling Instance Pools.
Auto Scaling Groups Policy #
Allow group __MYGROUP__ to use auto-scaling-configurations in tenancy
Allow group __MYGROUP__ to manage auto-scaling-configurations in tenancy