Actions to Spin Up OKE Cluster and Interact with It

CE.

The question is asking for two actions that can be taken to spin up an Oracle Container Engine for Kubernetes (OKE) cluster and interact with it without storing any local API key and certificate or other local tools. Let's go through each answer option and explain if it meets the requirements:

A. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.

This option suggests creating a developer workstation on Oracle Cloud Infrastructure (OCI), installing Ansible and kubectl on it, and using the resource principal to authenticate against OCI API to create the OKE cluster. A resource principal is an OCI feature that allows a compute instance to authenticate against OCI services using its own credentials without the need for API keys, user certificates, or IAM users.

This option meets the requirements because it does not require any local tools or certificates to be stored on the laptop. However, it requires creating a compute instance on OCI, which may be an additional cost.

B. Develop your own code using OCI SDK to deploy the OKE cluster.

This option suggests using the OCI SDK to develop code to deploy the OKE cluster. The OCI SDK is a software development kit that provides APIs for interacting with OCI services.

While this option meets the requirement of not storing any local tools, it may be time-consuming and requires expertise in programming and the OCI SDK.

C. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.

This option suggests working on the OCI Cloud Shell, which is a browser-based shell environment provided by OCI that has built-in tools, including Ansible and kubectl. It also suggests using the OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using a built-in token.

This option meets the requirement of not storing any local tools or certificates on the laptop. However, it requires using the Cloud Shell and may have some limitations in terms of available tools and resources.

D. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.

This option suggests working on the OCI Cloud Shell and using built-in Ansible and kubectl to deploy the OKE cluster. It also suggests bringing in your own config file and certificate to authenticate against OCI API.

This option does not meet the requirement of not storing any local tools or certificates on the laptop, as it requires bringing in your own config file and certificate. It also has the same limitations as option C.

E. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

This option suggests creating a developer workstation on OCI, installing Ansible and kubectl on it, and using the instance principal to authenticate against OCI API to create the OKE cluster. The instance principal is similar to the resource principal, but it is associated with the compute instance's network interface rather than the compute instance itself.

This option meets the requirement of not storing any local tools or certificates on the laptop. However, it requires creating a compute instance on OCI, which may be an additional cost.

In summary, the two actions that meet the requirement of not storing any local tools or certificates on the laptop are:

• Use the OCI Cloud Shell to deploy the OKE cluster, authenticate using the built-in token (option C).
• Create a developer workstation on OCI, install Ansible and kubectl on it, and use the instance principal to authenticate against OCI API to create the OKE cluster (option E).