Search
Close this search box.
View Categories

Credential for OCI (Oracle Cloud)

1 min read

To integrate your Oracle Cloud Account (OCI) with the Cloud8 Platform, you need to provide an access credential in your account settings with us. 
Check out how to generate an OCI credential in the official Documentation .

Once the credential has been generated, we need the following parameters:

  • user: ex: ocid1.user.oc1……
  • tenancy: ex: ocid1.tenancy.oc1…..
  • region: Sao Paulo, Ausburn, etc
  • pem: text file with key, starts with “—–BEGIN RSA PRIVATE KEY—–
  • fingerprint: fingerprint of the key

For IAM:  https://console.sa-saopaulo-1.oraclecloud.com/identity/policies

define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group __MYGROUP__ to read all-resources in tenancy
endorse group __MYGROUP__ to read objects in tenancy usage-report

NOTE: To process the costs it is necessary to maintain the tenancy code above as it is from Oracle itself)

Specific permissions for automations #

Power on / off / upgrade / downgrade instances #

Allow group __MYGROUP__ to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}

Backup #

Allow group __MYGROUP__ to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}

MySQL – Turn on / off #

Allow group __MYGROUP__ to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}

DbSystems – on / off #

Allow group __MYGROUP__ to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}

Manage Tags #

Allow group __MYGROUP__ to use tag-namespaces in tenancy

OKE Cluster NodePools – on / off #

Allow group __MYGROUP__ to use subnets in tenancy
Allow group __MYGROUP__ to use vnics in tenancy
Allow group __MYGROUP__ to manage instance-family in tenancy

NOTES:
1) The ‘manage instance-family‘ permission is required for NodePools .
2) To avoid mixing with non- Kubernetes instances , we recommend using ‘in compartment‘ instead of the entire tenancy.

Instance Pools – on / off / scale (zero / +1) #

Allow group __MYGROUP__ to use instance-pools in tenancy
Allow group __MYGROUP__ to manage compute-management-family in tenancy

NOTE: The ‘compute-management-family‘ permission is required for scaling Instance Pools.

Auto Scaling Groups Policy #

Allow group __MYGROUP__ to use auto-scaling-configurations in tenancy
Allow group __MYGROUP__ to manage auto-scaling-configurations in tenancy