Creating OKE Network Resources
Learn about the required network resources for Kubernetes Engine (OKE) on Compute Cloud@Customer.
The resource definitions in the following sections create a working example set of network resources for workload clusters. Use this configuration as a guide when you create these resources. You can change the values of properties such as CIDR blocks and IP addresses. Don't change the values of properties such as the network protocol, the stateful setting, or the private/public setting.
See Workload Cluster Network Ports (Flannel Overlay) and Workload Cluster Network Ports (VCN-Native Pod) for specific ports that must be open for specific purposes.
You can create network resources for two networking types:
Public and Private Clusters summarizes which network resources you need to create a public cluster and which network resources you need to create a private cluster.
Pod Networking
The Kubernetes networking model assumes containers (pods) have unique and routable IP addresses within a cluster. In the Kubernetes networking model, pods use those IP addresses to communicate with other pods on the same node in a cluster or on a different node, with pods on other clusters, with the cluster's control plane nodes, with other services (such as storage services), and with the internet.
By default, pods accept traffic from any source. To enhance cluster security, control access to and from pods using security rules defined as part of network security groups (recommended) or security lists. The security rules apply to all pods in all the worker nodes connected to the pod subnet specified for a node pool. See Controlling Traffic with Network Security Groups and Controlling Traffic with Security Lists.