The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Chapter 5 Network Planes
This chapter contains information about the Oracle Cloud Native Environment management, control and data planes.
5.1 Management Plane
The management plane consists of the components that make up the Oracle Cloud Native Environment platform, that is, the Platform API Server, the Platform Agent, and the Platform CLI.
Communication between the components is secured using Transport Layer Security (TLS). You can configure the cipher suites to use for TLS for the management plane.
You can set up the X.509 certificates used for TLS before you create environment, or have a certificate management application, such as Vault, manage these for you.
5.2 Control Plane
The control plane contains the Kubernetes components and any load balancer.
Kubernetes has a sophisticated networking model with many options that allow users to finely tune the networking configuration. Oracle Cloud Native Environment simplifies the Kubernetes networking by setting network defaults that align closely with community best practices.
By default, all Kubernetes services are bound to the network interface that handles the default route for the system. The default route is set to the network interface used by the Platform Agent, and it is used for both the Kubernetes control plane and the data plane.
There are two motivations behind this choice. The first is that the Platform API Server always needs to be able to communicate with the Kubernetes API server. By making sure the Kubernetes API server is bound to the same interface as the Platform Agent, this condition is always met. Also, if nodes have multiple network interfaces, it will usually be the case that the sensitive networks are not the networks that Oracle Cloud Native Environment is using to communicate.
When deploying a highly available cluster having multiple control plane nodes with an internal load balancer, the Platform API Server uses the same network interface as was set to host the Kubernetes control plane services to host the virtual IP address.
5.3 Data Plane
The data plane is the network used by the pods running on Kubernetes.
The same algorithm for determining the default control plane interface is used when instantiating the Kubernetes pod network. That is, the network interface used by the Platform Agent is used for both the Kubernetes control plane and the data plane. In multi-network environments, this may not be the best choice. Oracle Cloud Native Environment allows you to customize the network interface used for pod networking when you create the Kubernetes module. When Flannel is brought up, it uses the network interface you specify for the pod network.