Oracle Cloud (OCI) AutoScale
This guide will walk you through configuring autoscaling for Kasm Workspaces on Oracle Cloud. Autoscaling in Kasm Workspaces automatically provisions and destroys agents based on user demand, ensuring optimized resource utilization and cost efficiency.
Overview
Prerequisites
- Access to Digital Ocean: Ensure you have the appropriate access to your Oracle environment
- Kasm Workspaces Installed: A basic setup of Kasm Workspaces must already exist
- Understand Key Concepts:
- Zones: Logical groupings of Kasm services for geographical or organizational segmentation
- Pools: Logical groupings of Kasm Docker Agents and Server Pools for load balancing
- Plan Your Configuration:
- Understand your deployment zone requirements
- Configure your OCI environment
Setup your Oracle Cloud Environment
- Create an API Key on OCI: You need to create an API key so that Kasm can use it to talk to OCI on your behalf.
- Generate a key pair with OpenSSL
# create a directory for storing your key pair
mkdir -p ~/.oci
# create private key
openssl genrsa -out ~/.oci/oci_api_key.pem 2048
# create public key
openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem - Copy your public key
- Go your OCI dashboard -> Click on your Profile -> "User Settings" -> "API keys" -> "Add API Key"
- Select "Paste a public key" and paste your public key here and click "Add"
Add API Key to OCI - This will generate the "Public Key Fingerprint". Make a note of it as this value needs to be fed into Kasm later.
Public Key fingerprint - Generate a key pair with OpenSSL
Configure your Oracle Cloud details on Kasm
- Follow AutoScale Settings for Agent Pool or AutoScale Settings for Server Pool to create a new AutoScale config, or select Create New in VM Provider Configs if you already have one.
- Set Provider to Oracle Cloud
- Configure the following settings:
| Name | Description |
|---|---|
| Name | A name to use to identify the config. |
| User OCID | The OCID of the user to authenticate with the OCI API. (e.g ocid1.user.oc1..xyz). You can find this by going to your OCI dashboard -> Click on your Profile -> You can find your user OCID here. |
| Public Key Fingerprint | The public key fingerprint of the authenticated API user created in OCI. (e.g xx:yy:zz:11:22:33) |
| Private Key | The private key (PEM format) of the authenticated API user created in OCI. |
| Region | The OCI Region name. (e.g us-ashburn-1). See Regions for the list |
| Tenancy OCID | The Tenancy OCID for the OCI account. (e.g ocid1.tenancy.oc1..xyz) |
| Compartment OCID | The Compartment OCID where the auto-scaled agents will be placed. (e.g ocid1.compartment.oc1..xyx) |
| Network Security Group OCIDs (JSON) | A JSON list of Security Group OCIDs that will be assigned to the auto-scaled agents. (e.g ["ocid1.networksecuritygroup.oc1.iad.xxx","ocid1.networksecuritygroup.oc1.iad.yyy"]). To create or find existing Network Security Groups, go to your OCI dashboard -> "Network Security Groups". See Network Security Groups for more details |
| Max Instances | The maximum number of OCI compute instances to provision regardless of the need for available free slots. |
| Availability Domains (JSON) | A JSON list of availability domains where the OCI compute instances may be placed. (e.g ["BEol:US-ASHBURN-AD-1", "BEol:US-ASHBURN-AD-2"]). See Availability Domains for more details |
| Image OCID | The OCID of the Image to use when creating the compute instances. (e.g ocid1.image.oc1.iad.xyz) See OCI Image Families for the list |
| Shape | The name of the shape used for the created compute instances. (e.g VM.Standard.E4.Flex) See OCI Compute Shapes for the list |
| Flex CPUs | The number of OCPUs to assign the compute instance. This is only applicable when a Flex shape is used. |
| Burstable Base CPU Utilization | The baseline percentage of a CPU Core that can be use continuously on a burstable instance (Select 100% to use a non-burstable instance). Reference. |
| Flex Memory GB | The amount of memory (in GB) to assign the compute instance. This is only applicable when a Flex shape is used. |
| Boot Volume GB | The size (in GB) of the boot volume to assign the compute instance. |
| Boot Volume VPUs Per GB | The Volume Performance Units (VPUs) to assign to the boot volume. Values between 10 and 120 in mulitples of 10 are acceptable. 10 is the default and represents the Balanced profile. The higher the VPUs, the higher the volume performance and cost. Reference. |
| Custom Tags (JSON) | A Json dictionary of custom freeform tags to assigned the auto-scaled instances. e.g {"foo":"bar", "bin":"baz"} |
| Subnet OCID | The OCID of the Subnet where the auto-scaled instances will be placed. (e.g ocid1.subnet.oc1.iad.xyz) To create or find existing subnets, go to your OCI dashboard -> "Networking" -> "Virtual Cloud Networks" -> "Subnets" |
| SSH Public Key | The SSH public key to insert into the compute instances if you want to SSH into your instances. (e.g ssh-rsa XYABC) |
| Startup Script | When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent. Example scripts can be found on our GitHub repository |
| OCI Config Override | A JSON dictionary that can be used to customize attributes of the VM request. An OCI Model can be specified with the "OCI_MODEL_NAME" key. Reference: OCI Python Docs and Kasm Examples. |
- Submit the Provider Config
OCI Config Override Examples
Below are some OCI autoscale configurations that utilize the OCI Config Override.
Disable Legacy Instance Metadata Service
Disables instance metadata service v2 for additional security.
{
"launch_instance_details": {
"instance_options": {
"OCI_MODEL_NAME": "InstanceOptions",
"are_legacy_imds_endpoints_disabled": true
}
}
}
Enable Instance Agent Plugins
A list of available plugins can be retrieved by navigating to an existing instance's "Oracle Cloud Agent" config page. This example enables the "Vulnerability Scanning" plugin.
{
"launch_instance_details": {
"agent_config": {
"OCI_MODEL_NAME": "LaunchInstanceAgentConfigDetails",
"is_monitoring_disabled": false,
"is_management_disabled": false,
"are_all_plugins_disabled": false,
"plugins_config": [{
"OCI_MODEL_NAME": "InstanceAgentPluginConfigDetails",
"name": "Vulnerability Scanning",
"desired_state": "ENABLED"
}]
}
}
}
Test your Oracle Cloud Autoscaling setup
If you have configured non-zero Standby/Minimum Available Session values agents should start provisioning immediately. Otherwise, try launching multiple workspaces to increase resource utilization, prompting Kasm to autoscale new agents.
- Provision a Workspace
- Go to Workspaces > Registry
- Make multiple workspaces available
- Go to the Workspaces dashboard and launch sufficient workspace sessions to exceed your resource standby thresholds
- Monitor the provisioning of new agents by going to "Infrastructure" -> "Agents"
- Verify new VM instances in Proxmox
- Check Downscaling
- Terminate sessions to reduce resource usage
- Confirm that Kasm removes agents after the back-off period