OCI authentication (Oracle)

Banzai Cloud Pipeline requires the following authentication parameters for managing OKE clusters:

• Tenant OCID
• User’s OCID
• Compartment OCID
• API Key
• API Fingerprint

The instructions below describe how to set up authentication credentials and collect the authentication parameters for managing OKE clusters through Banzai Cloud Pipeline:

• Login to Oracle Cloud Infrastructure Console
• Create Compartment
• Generate API Token

Log in 🔗︎

Log in to the management console via the following url: https://console.us-ashburn-1.oraclecloud.com/.

The OKE service doesn’t support federated user login yet, so please use a username/password instead of a SSO (Single Sign-On) login.

If your home region is not us-ashburn-1, you can subscribe to whichever home region you’d like at this page under the Regions section.

Create Compartment 🔗︎

To keep projects separate, we suggest that you create a new compartment. That way you’ll avoid conflicts with existing resources.

Click MENU and navigate to: Identity > Compartments > Create Compartment.

Note: you will need the compartment’s OCID in the future, so please save it.

Policy 🔗︎

The next step is to create a new OKE policy in the root compartment of your tenancy. Follow the links to: Identity > Policies > Create Policy

The policy statement should be: allow service OKE to manage all-resources in tenancy

Generate API Token 🔗︎

Finally, to communicate with the Oracle API we need an API Token.

To generate the API key without a passphrase, use the following command:

Note: Create the ~/.oci directory if it does not exist.

openssl genrsa -out ~/.oci/oci_api_key.pem 2048

Change the file permissions like so:

chmod go-rwx ~/.oci/oci_api_key.pem

Use this command to obtain a single line string representation of the private key:

perl -pne 's/\n/\\n/' ~/.oci/oci_api_key.pem

To generate a public key:

openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

To generate a fingerprint, use this command:

openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c

That fingerprint will help to distinguish between different API keys. It should look like this:

21:34:56:88:90:ac:cf:ef:12:34:56:78:90:ac:cf:ff

Finally, upload the API key at: Identity > Users > User Details > API keys > Add Public Key

Paste the contents of the PEM public key ~/.oci/oci_api_key_public.pem in the dialog box and click Add.

The key’s fingerprint will be displayed (for example, 21:34:56:88:90:ac:cf:ef:12:34:56:78:90:ac:cf:ff). Note: You will also need your User’s OCID, so please save it.