Oracle Cloud Infrastructure Documentation

Creating OKE Network Resources

Learn about the required network resources for OCI Kubernetes Engine (OKE) on Compute Cloud@Customer.

The resource definitions in the following sections create a working example set of network resources for workload clusters. Use this configuration as a guide when you create these resources. You can change the values of properties such as CIDR blocks and IP addresses. Don't change the values of properties such as the network protocol, the stateful setting, or the private/public setting.

See Workload Cluster Network Ports for specific ports that must be open for specific purposes.

OKE Cluster Management Across Networks

Compute Cloud@Customer admin and data networks are configured for your environment by Oracle, when Oracle installs the Compute Cloud@Customer infrastructure in your data center.

The OKE service runs on the management nodes in the admin network, while the OKE clusters are deployed in the data network as shown in the following diagram.

A diagram showing the relationship between the admin and compute networks.

The management interface of an OKE cluster is port 6443 on its load balancer public IP address. This address is assigned from the data center IP range you reserved and configured as public IPs during the Compute Cloud@Customer infrastructure installation.

Because of the network segregation, traffic from the OKE service must exit the infrastructure through the admin network, and reenter through the data network to reach the OKE cluster.

Important

Your data center network infrastructure must allow traffic in both directions. Without the necessary firewall and routing rules, users can't deploy OKE clusters.

See Workload Cluster Network Ports for ports needed for OKE. For information about other network ports, see Network Port and Protocol Matrix.

Ways to Create the OKE Network Resources

Create the OKE network resources in one of the following ways:

Both methods result in the creation of the following resources in the same compartment:

  • VCN

  • Internet gateway

  • NAT gateway

  • Route rules

  • Security lists

  • Four subnets:

    • Worker

    • Worker load balancer

    • Control plane

    • Control plane load balancer