Oracle Container Native Platform
What is the Oracle Container Native Platform?
The Oracle Container Native Platform is an open source, and community driven solution that includes a managed container registry (Oracle Cloud Infrastructure Registry), and a managed Kubernetes service (Oracle Container Engine). The platform leverages Oracle Cloud Infrastructure for high performance, high availability, security and reliability. Oracle plans to add Oracle Container Functions and Oracle Container Microservices to the platform in the near future.
With this platform, Oracle provides a complete and enterprise-grade suite of cloud services to build, deploy, and operate container-native microservices and serverless applications. As developers rapidly adopt container-native technologies for new cloud-native applications and for migrated traditional applications, they are becoming increasingly concerned about getting locked in by their cloud vendors and their application development platform vendors. Moreover, they are seeking the true hybrid cloud, using the same stack in any cloud and on-premises. The Oracle Container Native Platform prevents vendor lock-in by adopting open source standards, and supporting community-driven development of the platform so that its components can run in any cloud environment.
Read more here.
Frequently Asked Questions about Oracle Container Engine (OKE)
What is Oracle Cloud Infrastructure Container Engine for Kubernetes?
Container Engine for Kubernetes enables you to quickly create, manage and consume Kubernetes Clusters that leverage underlying compute, network and storage services without the need to install and maintain complex supporting Kubernetes infrastructure.
When should I use Oracle Cloud Infrastructure Container Engine for Kubernetes?
You should use Container Engine for Kubernetes when you want to leverage Kubernetes to deploy and manage your Kubernetes based container applications. It allows you to combine the production grade container orchestration of standard upstream Kubernetes, with the control, security and high predictable performance of Oracle Cloud Infrastructure.
How is Oracle Cloud Infrastructure Container Engine for Kubernetes priced?
There is no dedicated charge for Container Engine for Kubernetes. You only pay for the resources you use for the underlying compute, storage and network used by your Kubernetes clusters. In addition, you are only charged for the "worker" nodes running in your tenancy, your master nodes are run in Oracle's managed tenancy for you.
Which regions provide the Oracle Cloud Infrastructure Container Engine for Kubernetes?
Do I need to manage my master nodes in Oracle Cloud Infrastructure Container Engine?
No. When you create a managed Kubernetes cluster, Oracle creates and manages a set of master nodes in the Oracle control plane on your behalf (and associated Kubernetes infrastructure such as etcd nodes) to ensure you have a highly available managed Kubernetes control plane. You can also seamlessly upgrade these master nodes to new versions of Kubernetes with zero downtime.
Does Oracle Cloud Infrastructure Container Engine for Kubernetes support standard upstream Kubernetes?
Yes. Kubernetes clusters are created with standard upstream Kubernetes versions. These versions are also certified against the Cloud Native Computing Foundation (CNCF) conformance program.
Does Oracle Cloud Infrastructure Container Engine for Kubernetes support Kubernetes role-based access control (RBAC)?
Yes. Managed Kubernetes clusters are enabled with Kubernetes RBAC. Managed Kubernetes is also integrated with Oracle Identity and Access Management (IAM), enabling users with powerful controls over access to their clusters.
Can I deploy my Kubernetes Cluster into an existing Virtual Cloud Network (VCN)?
Yes. You can deploy a managed Kubernetes cluster into an existing VCN, giving you a great degree of control over the use of underlying subnets, and security lists.
Can I deploy my Kubernetes Cluster on Bare Metal Nodes?
Yes. You can deploy a managed Kubernetes cluster on pure bare metal Nodes. You can also leverage the concept of "node pools" (a set of nodes sharing a common node size / image) to create a cluster of both bare metal and virtual machines and target your Kubernetes workloads appropriately.
Is Oracle Cloud Infrastructure Container Engine for Kubernetes integrated with OCI Load Balancing and Block Storage?
Yes. Container Engine for Kubernetes allows users to expose Kubernetes services of type "LoadBalancer" and create Oracle load balancers. Users can also create Kubernetes Persistent Volumes and Persistent Volume Claims backed by Oracle Block Volumes.
Can I get access to my worker / cluster nodes?
Yes. When you create a cluster, you can provide a public/private SSH key pair in order to SSH into your worker nodes if desired.
Do the worker / cluster nodes run Docker?
Yes. Worker nodes run the standard Docker runtime, so that users can leverage familiar Docker commands.
Frequently Asked Questions about Oracle Cloud Infrastructure Registry (OCIR)
What is OCIR?
OCIR or Oracle Cloud Infrastructure Registry is a Docker v2 compatible Docker image registry.
When should I use OCIR?
OCIR is best used to store Docker images you will utilize in Containerized Applications, such as those that you deploy with Container Engine for Kubernetes.
How can I get started with OCIR?
It's easy, just create an Auth Token via your user settings and login with the Docker CLI. See the registry documentation.
Why are the regional names/urls used in OCIR different from the rest of Oracle Cloud Infrastructure, such as us-phoenix-1.oraclecloud.com vs phx.ocir.io?
Docker users are familiar with short urls to push and pull images. Other cloud providers also use shortened URLs. We wanted to make sure that usage of OCIR conforms to these user expectations.
Are each of the regional instances of OCIR distinct from each other?
Yes, each of the regional instances are distinct. You communicate with each independently. Best practice suggests you use the regional instance closest to where you are deploying your containers.
What are the regional urls?
The regional URLs align with the nearby airports. phx.ocir.io; iad.ocir.io; lhr.ocir.io; fra.ocir.io.
Do I need to use the complete path to an image, when pushing or pulling it?
Yes, you need to specify the entire path, in this format: .ocir.io///:tag, for example: phx.ocir.io/tenancy-foo/project01/nginx:latest.
Why aren't compartments used with OCIR?
Docker users are used to a repository based structure for their container registries. Administrators can limit access to a particular repo path, both for read-only (pull only) and push/pull. Adding compartments would add an unnecessary level of complexity to this simple concept.
What are the limits (quotas) for OCIR and are they regional or global?
Quotas are 500 repos total and 500 images per repo PER region.
Can repos be public?
Yes, an administrator of the tenancy can make any repo public. This means that if a user has the complete path to the image, they can pull it, with no authentication needed. Note, that the user will not be able to see the Oracle Cloud Infrastructure console page, they will just be able to pull the image.
I push many images per day as part of my CI/CD process, is there a feature to help eliminate the clutter of old images?
Yes, with our auto-cleanup feature, you can set retention policies, so for example, if an image is not pulled in x days, it is automatically deleted.
Can I create a service account so that others outside my tenancy can pull an image from one of my repos?
Yes, create a user for that service account and an "Auth Token" (formerly Swift Password), which can be revoked at any time. Put that user in a group that supports your use case, via policy, such as read only and limited to a particular repo path. See Policies to Control Repository Access documentation.