Creating Network Resources for OKE
Learn about the required network resources for Container Engine for Kubernetes on Compute Cloud@Customer.
The resource definitions in the following sections create a working example set of network resources for workload clusters. Use this configuration as a guide when you create these resources. You can change the values of properties such as CIDR blocks and IP addresses. Don't change the values of properties such as the network protocol, the stateful setting, or the private/public setting. See Workload Cluster Network Ports for specific ports that must be open for specific purposes.
OKE Cluster Management Across Networks
The OKE control plane runs on the management nodes in the administration network, while the OKE clusters are deployed in the data network. The management interface of an OKE cluster is port 6443 on its load balancer public IP address. This address is assigned from the data center IP range you reserved and configured as public IPs during the Compute Cloud@Customer infrastructure installation.
Because of the network segregation, traffic from the OKE control plane must exit the infrastructure through the administration network, and reenter through the data network to reach the OKE cluster.
Your data center network infrastructure must allow traffic in both directions. Without the necessary firewall and routing rules, users can't deploy OKE clusters.
The following illustration shows traffic between the admin and compute networks.