{"id":51116616,"url":"https://github.com/oracle-devrel/oke-bastion","last_synced_at":"2026-06-24T22:30:43.183Z","repository":{"id":182341094,"uuid":"668342986","full_name":"oracle-devrel/oke-bastion","owner":"oracle-devrel","description":"oke-bastion","archived":false,"fork":false,"pushed_at":"2024-07-23T21:02:56.000Z","size":621,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-04-02T08:37:05.348Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-devrel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-19T15:21:16.000Z","updated_at":"2025-07-04T04:28:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"fc1bd2b7-7157-465e-8505-6900e4c2c37c","html_url":"https://github.com/oracle-devrel/oke-bastion","commit_stats":null,"previous_names":["oracle-devrel/oke-bastion"],"tags_count":0,"template":false,"template_full_name":"oracle-devrel/repo-template","purl":"pkg:github/oracle-devrel/oke-bastion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Foke-bastion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Foke-bastion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Foke-bastion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Foke-bastion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-devrel","download_url":"https://codeload.github.com/oracle-devrel/oke-bastion/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Foke-bastion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34752465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-24T02:00:07.484Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-24T22:30:43.107Z","updated_at":"2026-06-24T22:30:43.174Z","avatar_url":"https://github.com/oracle-devrel.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# oke-bastion - OKE deployment using Github Actions and Bastion session\n\n[![License: UPL](https://img.shields.io/badge/license-UPL-green)](https://img.shields.io/badge/license-UPL-green) [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=oracle-devrel_oke-bastion)](https://sonarcloud.io/dashboard?id=oracle-devrel_oke-bastion)\n\n\n## Introduction\nOracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. \n\nGitHub Actions workflows are automated processes defined in YAML format that are triggered in response to events in a GitHub repository. \n\nWorkflows can be used to build, test, and deploy applications, automate tasks, and perform various other actions in a GitHub repository.\n\nGitHub Actions workflows can be configured and managed within the repository's .github/workflows directory. Workflows can be triggered by events such as pushes to the repository, pull requests, scheduled intervals, or manual triggers.\n\n## Getting Started\nIn this example, the deployment process to a private OKE cluster is facilitated by a bastion session. This involves a series of steps that utilize bastion session(SSH port forwarding) and `kubectl` commands to carry out the deployment to the OKE cluster.\n\n1. Install OCI CLI tool\n2. Setup SSH - creates the  public and private key used for ssh \n3. Create Bastion Session - creates bastion session using the Bastion service\n4. Install kubectl\n5. Start SSH Tunnel to OKE Cluster - start port forwarding session to k8s private endpoint\n6. Configure OKE Cluster - setup kubeconfig for cluster access\n7. Deploy to OKE - using kubectl commands\n8. Delete basion session\n\n### Prerequisites\n\n1. Provision an OKE cluster with the Kubernetes API endpoint and worker nodes configured in a private subnet. Please note that the private Kubernetes API endpoint will be utilized for establishing the Bastion port forwarding session.\n\n2. Bastion service created using  OKE VCN as target VCN and OKE node subnet as Target subnet. \n\n## Required IAM Service Policy\n Please refer to the following links for required IAM service policy to be setup for accesing OKE cluster.\n\n[Policy Configuration for Cluster Creation and Deployment](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#Policy_Configuration_for_Cluster_Creation_and_Deployment).\n\n[Common Policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#top).\n\n\n## Configuration\n\n1. __Github Repository Secrets \u0026 Variables__ -  Please ensure that the following secrets are properly configured with the relevant values according to your specific setup. You can set up secrets by navigating from your repository -\u003e Settings --\u003e Secrets and Variables --\u003e Actions\n    e.g\n    ```\n    BASTION_HOST - host.bastion.us-ashburn-1.oci.oraclecloud.com\n    BASTION_OCID - ocid1.bastionsession.oc1.iad._______tg4xoxcetwov7p6nwsfhq5drxyqoize7x35hdboq\n    OCI_AUTH_TOKEN - TLPfxey6q-L\u003ewAxxxd3d\n    OCI_CLI_FINGERPRINT - 41:4c:da:51:fe:26:7d:2a:e7:dd:83:ba:7d:49:8d:04\n    OCI_CLI_KEY_CONTENT - Copy the private key file conetnt here\n    OCI_CLI_REGION - us-ashburn-1\n    OCI_CLI_TENANCY - ocid1.tenancy.oc1..aa____plkmid2untpzjcxrmbv4nowe74yb4lr6idtckwo4wyf7jh23be4q\n    OCI_CLI_USER - ocid1.user.oc1..aaa____lh7itlkx5ersopnkybww3rt3gymelaxftmofky6it6mtjmcz6w4q\n    ```\n![Repo Secrets](./images/repo_secrets.png)\n![Repo Variables](./images/repo_variables.png)\n\n2. __OKE Cluster__\n![Repo Secrets](./images/oke.png)\n\n3. __Bastion__\n![Repo Secrets](./images/bastion.png)\n\n## Deploy and Run\nTo incorporate the workflow file (ci.yaml) into your repository and tailor it to your requirements, follow these steps:\n\n1. Ensure the ci.yaml file is included in `.github/workflows` directory. \n\n2. Open the ci.yaml file and make the necessary customizations based on your specific needs. This may involve configuring build steps, defining tests, specifying deployment actions, or any other relevant adjustments.\n\n3. Save the changes to the ci.yaml file.\n\n4. Commit and push the modified ci.yaml file to your repository.\n\nOnce the changes are pushed, the workflow will be automatically triggered whenever code is pushed to the repository. This workflow acts as a framework for executing continuous integration tasks and can be further refined to suit your development processes and requirements.\n\n## Test\nYou can follow the steps below to test the deployment from the workflow run. This involves accessing the OKE cluster locally through an SSH port-forwarding session and verifying the deployment using `kubectl` commands.\n\n### Step 1: Configure OCI-CLI\n\nOn your local machine terminal, make sure oci-cli is installed using: \n\n`oci -v`\n\nIf not, follow the below link to install and setup OCI-CLI.\n\n`https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm`\n\n### Step 2: Create Bastion session\n\nCreate a port forwarding bastion session using the Bastion service created previously. Copy the SSH Command and start the SSH tunnel. Please keep this window open. \n\n__Example:__\n`ssh -i \u003cprivateKey\u003e -N -L \u003clocalPort\u003e:10.0.0.13:6443 -p 22 ocid1.bastionsession.oc1.ca-toronto-1.________amaaaaaantxkdlyawqe2________vap5n3exve76cpt3slm3w7spvyegyuqv2aar2flq@host.bastion.ca-toronto-1.oci.oraclecloud.com`\n\n### Step 3: Access Cluster \u0026 Verify deployment\nPlease use another terminal window and follwo the steps given below.\n\nPlease go to the cluster details page and click on \"Access Cluster\" button, and follwo the steps mentioned in the \"Local Access\" section:\n\nThis will setup the cluster access using kubeconfig file. While the SSH tunnel is to the private endpoint we can now test the deployment using the following commands.\n````\nkubectl get deployment -n nginx\nkubectl get pods -n nginx\n````\n\n## Notes/Issues\n\n* Ensure all the necessary IAM policies are in place to create and manage the OKE cluster successfully.\n* Verify that the Bastion service is created and accurately updated with the appropriate CIDR block allowlist.\n\n## URLs\n* Nothing at this time\n\n## Contributing\nThis project is open source.  Please submit your contributions by forking this repository and submitting a pull request!  Oracle appreciates any contributions that are made by the open source community.\n\n## License\nCopyright (c) 2024 Oracle and/or its affiliates.\n\nLicensed under the Universal Permissive License (UPL), Version 1.0.\n\nSee [LICENSE](LICENSE) for more details.\n\nORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.  FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-devrel%2Foke-bastion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-devrel%2Foke-bastion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-devrel%2Foke-bastion/lists"}