Communication between the components is secured using Transport Layer Security (TLS). You can configure the cipher suites to use for TLS for the management plane.

You can set up the X.509 certificates used for TLS before you create a cluster, or use private, automatically generated, certificates.

The control plane contains the Kubernetes components and any load balancer.

Kubernetes has a sophisticated networking model with many options that lets users finely tune the networking configuration. Oracle CNE simplifies the Kubernetes networking by setting network defaults that align with community best practices. By default, all Kubernetes services are bound to the network interface that handles the default route for the system. The default route is used for both the Kubernetes control plane and the data plane.

The data plane is the network used by the pods running on Kubernetes.

The same algorithm to decide the default control plane interface is used when instantiating the Kubernetes pod network. The network interface is used for both the Kubernetes control plane and the data plane. In environments with many networks, this might not be the best choice. Oracle CNE lets you customize the network interface used for pod networking when you create the Kubernetes module. When the CNI is brought up, it uses the network interface you specify for the pod network.