4 Creating OKE Network Resources

The resource definitions in the following sections in this chapter create a working example set of network resources for workload clusters. Use this configuration as a guide when you create these resources. You can change the values of properties such as CIDR blocks and IP addresses. You should not change the values of properties such as the network protocol, the stateful setting, or the private/public setting.

See Workload Cluster Network Ports for Flannel Overlay Networking and Workload Cluster Network Ports for VCN-Native Pod Networking for specific ports that must be open for specific purposes.

Note:

If the appliance administration network is enabled, ask your system administrator to verify that the administration network and the data center network are configured to allow traffic to and from the cluster control plane. See Administration Network Configuration Notes in the Oracle Private Cloud Appliance Installation Guide.

This chapter describes how to create network resources for two networking types:

• Creating Flannel Overlay Network Resources

• Creating VCN-Native Pod Networking Resources

Public and Private Clusters summarizes which network resources you need to create a public cluster and which network resources you need to create a private cluster.

Pod Networking

The Kubernetes networking model assumes containers (pods) have unique and routable IP addresses within a cluster. In the Kubernetes networking model, pods use those IP addresses to communicate with other pods on the same node in a cluster or on a different node, with pods on other clusters, with the cluster's control plane nodes, with other services (such as storage services), and with the internet.

By default, pods accept traffic from any source. To enhance cluster security, control access to and from pods using security rules defined as part of network security groups (recommended) or security lists. The security rules apply to all pods in all the worker nodes connected to the pod subnet specified for a node pool. See Controlling Traffic with Network Security Groups and Controlling Traffic with Security Lists in the Oracle Private Cloud Appliance User Guide.