Requirements
This guide covers deploying a standalone LogScale cluster on OKE
(dr=""). The deployment provisions a single cluster with no DR
infrastructure.
Prerequisites
Software Requirements:
| Software | Minimum Version | Purpose |
|---|---|---|
| Terraform | >= 1.12.2 | Infrastructure provisioning |
| kubectl | >= 1.28 | Kubernetes cluster management |
| OCI CLI | Latest | OCI authentication and management |
| jq | Latest | JSON processing for verification scripts |
Terraform Providers (installed
automatically by terraform init):
| Software | Minimum Version | Purpose |
|---|---|---|
| oci (oracle/oci) | ~> 8.1.0 | OCI Resource Manager resources |
| kubernetes | >= 2.36.0 | Kubernetes resources (namespaces, secrets) |
| helm | >= 2.13.2, < 3.0.0 | Helm chart deployments (Falcon LogScale Collector, operators) |
| random | >= 3.7.0 | Random name prefixes, encryption key generation |
| local | >= 2.4.0 | Local file generation (kubeconfig) |
| null | >= 3.2.0 | Provisioners for Docker build/push |
| time | >= 0.9.1 | Time-based resource management |
| cloudinit | >= 2.2.0 | Cloud-init configuration for worker nodes |
OCI Account Requirements
OCI tenancy with billing enabled
Access to one or more OCI regions (e.g., us-chicago-1 and us-ashburn-1)
Compartment created for LogScale resources
OCI API key authentication configured (key file + fingerprint + tenancy OCID + user OCID)
IAM Permissions
The following OCI IAM policies are required for the deploying user/service principal:
| Policy | Purpose |
|---|---|
manage clusters in compartment
| OKE cluster creation and management |
manage node-pools in compartment
| Node pool lifecycle management |
manage virtual-network-family in compartment
| VCN, subnets, NSGs, NAT Gateway |
manage object-family in compartment
| Object Storage buckets, S3 credentials |
manage bastion-family in compartment
| OCI Bastion Service for private cluster access |
Infrastructure Prerequisites
The following infrastructure is created
automatically by module.oci-core during
deployment:
Virtual Cloud Network (VCN) with dedicated subnets per availability domain
Network Security Groups (NSGs) for API endpoint, worker nodes, and load balancer
Internet Gateway for public subnet routing (load balancer)
NAT Gateway for outbound internet access from private worker nodes
Service Gateway for access to OCI services without traversing the internet
Bastion subnet (when
provision_bastion = true)Cluster endpoint subnet and load balancer subnet
User action required before deployment:
SSL/TLS certificates available, or plan to use cert-manager (deployed automatically by
module.logscale). Whenpublic_lb_cidrsrestricts access, DNS-01 validation viamodule.cert-manager-oci-webhookis requiredOCI worker node image OCID (
worker_image_id) for your chosen region. Find the latest Oracle Linux image:
oci compute image list --compartment-id <compartment-ocid> \
--operating-system "Oracle Linux" --shape "VM.Standard.E4.Flex" \
--sort-by TIMECREATED --sort-order DESC --limit 5 \
--query 'data[].{Name:"display-name",OCID:id}' --output table
SSH key pair generated for bastion and worker node access
(ssh_public_key_path,
ssh_private_key_path)
Object Storage Bucket Naming Convention
Bucket names are derived deterministically from cluster_name
via locals.tf:
Pattern:
${cluster_name}-logscale-dataThe
resource_name_prefixlocal is set to var.cluster_name
| Cluster | Bucket Name Example |
|---|---|
Standalone (cluster_name = "logscale-prod")
|
logscale-prod-logscale-data
|
The bucket name is exported as a Terraform output
(storage_bucket_name) and is intended to be consumed
via terraform_remote_state. The namespace is
auto-discovered from the tenancy via
data.oci_objectstorage_namespace.this.
Pre-Deployment Checklist
Terraform backend (OCI Object Storage state bucket) accessible
OCI identity and backend reachability confirmed:
oci iam user get --user-id $OCI_USER_OCID
oci os ns get
terraform versionWorker node image OCID (
worker_image_id) identified for the target regionSSH key pair generated and paths configured (
ssh_public_key_path,ssh_private_key_path)