Containers and Kubernetes

Get Involved. Join the Conversation.


  • Abhishek Af Gupta

    what is the difference between management node and worker node?

    Management node is for orchestration purposes and the worker nodes are where your Docker containers actually run

    Is management node for Docker management platform (like k8s or Mesos)?

    Sort of.. management node has the necessary components for orchestrating the Docker containers which run on the worker nodes

    Is it necessary to add more management nodes and how?

    Not as of now. Each OCC instance has ONE management node and one or more worker nodes



  • Sergio Fantin


    Thanks Robert!

    See the FAQ entry at

    Robert Wunderlich

    Product Strategy Director


  • Mike Raab


    The ability to add and subsequently remove Compute VMs / Worker Nodes has been implemented for version 17.2.3 of Oracle Container Cloud Service instances, which was made available on 6 May 2017.

  • Adolganov

    the cloud tooling chain in your ID domain is misbehaving then.

    One thing that was giving problems in the past is special characters in the passwords: maybe try to change your id domain password, NOT using characters like #, ! and such. Just stick to the letters and numbers and see if this helps.


  • Janardan Singh

    It is giving this error
    "instance.create.message.orchestrationsCreateFailedMsg: Unexpected error 401. [005JY8PtVOH3z015Rvt1id0000eu00027O] "

  • Janardan Singh

    My password only consists of capital , small alphabets and numbers.

    I don't know what the root cause is.

  • Adolganov

    Are you able to create regular Compute instances in this identity domain?


  • Vikram Kimyani

    try "6" , I think you are using ACCS and after the upgrade to 6 is got a bit fussy, this one was the one that works for me.

      "runtime":{"majorVersion" : "6"}

  • Liana Lixandru

    The Node version is 0.12 so your manifest should look like this:





      "command": "node server.js",

      "mode": "rolling"


  • Abhishek Af Gupta

    SSH access to OCC worker nodes is now enabled. Please check this (March 2017 update) - Oracle® Cloud What's New for Oracle Container Cloud Service

  • Raviraj Murdeshwar

    Hi Jon,

    For current AIACS Dev and QA environment, I am using standalone servers for docker deployment.

    AIACS build artifacts consist of

    1. product jar file
    2. environment specific config files
    3. environment specific keytab files for Hadoop.

    In order to have generic docker image for dev and qa environment, we do not package above build artifacts as part of Docker and load it via volume mapping.

    In such cases, how can we deploy above build artifacts on docker host ?

    is it possible to provision shared file-system per resource pool where we can download the build artifacts ?

    I was trying to go through the OCCS documentation and could not find any loadbalancer information.

    I want to deploy 2 instances of product A using OCCS per host (on each host in the pool) rule, if prodcuct A crashed on Machine 1, will OCCS provide any fail over capabilities to switch to Machiine 2 ir it will just try to restart product A on Machine 1 ?

    Thanks ..


  • Jon Reeve

    Hi there,

    we don't allow SSH access to the worker nodes today but it it something we are working on.  Some options for mapping external config data include: use of environment variables; leveraging the built in service discovery - key/value store; or leveraging object storage to to store configuration artifacts.



  • Gianni Ceresa

    Alex-D__CSC wrote:

    You should be able to tighten the DBCS security, limiting the incoming 1251 traffic to the public IP addresses of your containers

    That's the minimum I would be looking for (I still didn't entered the 30 trial as it's only 30 days, so I want to make sure to have lot of free time before to enter it ). But ideally I would expect something smarter like a button "intra-cloud" access based on the services I currently have in my account.

  • Adolganov

    Actually in the case where your DBCS and OCCS belong to the same subscription account and the same identity domain, you can make them easily communicate both ways: the only thing needed is to include your DBCS compute instance and Container Worker instance(s) in the same Security List. Almost as easy as one button click .

    If they aren't in the same identity domain, you'll have to add the Security Apps (that define port ranges) and Security Rules (that define firewall rules) to allow the communication. A little bit more involved but not complicated really.


  • Adolganov

    My understanding is you don't have to open the TCP 1251 access to the "everybody". This blog post was showing the easiest (and the least secure) way to connect between two services.

    You should be able to tighten the DBCS security, limiting the incoming 1251 traffic to the public IP addresses of your containers