Deploy Portefaix on Oracle Cloud Infrastructure

This guide shows you how to deploy a Portefaix platform on Oracle Cloud Infrastructure (OCI) using Oracle Container Engine for Kubernetes (OKE), OCI Object Storage for Terraform state, and a dedicated compartment for resource isolation.

Prerequisites

• OCI account with Administrator policy or equivalent IAM permissions
• OCI CLI configured with API signing keys — see the OCI API key setup guide
• Terraform ≥ 1.5, kubectl, and Helm installed locally

1. Configure your environment

. ./portefaix.sh oci

export OCI_TENANCY_ID="ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxxxxxxxx"
export OCI_USER_ID="ocid1.user.oc1..xxxxxxxxxxxxxxxxxxxxxxxx"
export OCI_REGION="eu-frankfurt-1"
export PORTEFAIX_ENV="staging"

Verify CLI access:

oci iam region list --output table

2. Create a dedicated compartment

OCI uses compartments to isolate resources. Create a dedicated compartment for Portefaix to keep billing and IAM policies clean:

oci iam compartment create \
  --compartment-id "$OCI_TENANCY_ID" \
  --name "portefaix-$PORTEFAIX_ENV" \
  --description "Portefaix platform - $PORTEFAIX_ENV environment"

export OCI_COMPARTMENT_ID="$(oci iam compartment list \
  --compartment-id "$OCI_TENANCY_ID" \
  --name "portefaix-$PORTEFAIX_ENV" \
  --query 'data[0].id' --raw-output)"

3. Create Terraform remote state storage

OCI Object Storage is S3-compatible when accessed with customer secret keys. Create a bucket for Terraform state, then generate S3-compatible credentials:

oci os bucket create \
  --compartment-id "$OCI_COMPARTMENT_ID" \
  --name portefaix-tfstate \
  --versioning Enabled

# Generate customer secret key for S3-compatible API access
oci iam customer-secret-key create \
  --user-id "$OCI_USER_ID" \
  --display-name "portefaix-terraform"

# Note the id and key from the output
export AWS_ACCESS_KEY_ID="<id from output>"
export AWS_SECRET_ACCESS_KEY="<key from output>"

4. Bootstrap the OCI organization with Terraform

cd portefaix-infrastructure/terraform/oci/root
cp terraform.tfvars.example terraform.tfvars

tenancy_ocid     = "ocid1.tenancy.oc1..xxx"
user_ocid        = "ocid1.user.oc1..xxx"
region           = "eu-frankfurt-1"
compartment_id   = "ocid1.compartment.oc1..xxx"

OCI_NAMESPACE="$(oci os ns get --query 'data' --raw-output)"

terraform init \
  -backend-config="bucket=portefaix-tfstate" \
  -backend-config="key=root/main.tfstate" \
  -backend-config="region=$OCI_REGION" \
  -backend-config="endpoint=https://$OCI_NAMESPACE.compat.objectstorage.$OCI_REGION.oraclecloud.com"

terraform plan -out=tfplan
terraform apply tfplan

5. Provision the OKE cluster with Terraform

cd portefaix-infrastructure/terraform/oci/oke
cp terraform.tfvars.example terraform.tfvars

tenancy_ocid     = "ocid1.tenancy.oc1..xxx"
region           = "eu-frankfurt-1"
compartment_id   = "ocid1.compartment.oc1..xxx"
cluster_name     = "portefaix-staging"
k8s_version      = "v1.31.1"
node_shape       = "VM.Standard.E4.Flex"
node_count       = 3

terraform plan -out=tfplan
terraform apply tfplan

6. Fetch cluster credentials

export CLUSTER_ID="$(terraform output -raw cluster_id)"

oci ce cluster create-kubeconfig \
  --cluster-id "$CLUSTER_ID" \
  --file "$HOME/.kube/portefaix-oci" \
  --region "$OCI_REGION" \
  --token-version 2.0.0 \
  --kube-endpoint PUBLIC_ENDPOINT

export KUBECONFIG="$HOME/.kube/portefaix-oci"

kubectl get nodes

7. Deploy Portefaix stacks via ArgoCD

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update

helm install argocd argo/argo-cd \
  --namespace argocd --create-namespace \
  --values portefaix-kubernetes/gitops/argocd/values-oci.yaml \
  --wait

kubectl apply -f portefaix-kubernetes/gitops/argocd/bootstrap/app-of-apps-oci-$PORTEFAIX_ENV.yaml

argocd app wait portefaix-bootstrap --health --timeout 600

Stacks available on OCI