1. Concepts for Release 1.7
  2. Network Planes

5 Network Planes

This chapter contains information about the Oracle Cloud Native Environment management, control, and data planes.

Management Plane

The management plane consists of the components that make up the Oracle Cloud Native Environment platform: the Platform API Server, the Platform Agent, and the Platform CLI.

Communication between the components is secured using Transport Layer Security (TLS). You can configure the cipher suites to use for TLS for the management plane.

You can set up the X.509 certificates used for TLS before you create environment, or have a certificate management application, such as Vault, manage these for you.

Control Plane

The control plane contains the Kubernetes components and any load balancer.

Kubernetes has a sophisticated networking model with many options that lets users finely tune the networking configuration. Oracle Cloud Native Environment simplifies the Kubernetes networking by setting network defaults that align with community best practices.

By default, all Kubernetes services are bound to the network interface that handles the default route for the system. The default route is set to the network interface used by the Platform Agent, and is used for both the Kubernetes control plane and the data plane.

Two motivations are behind this choice. The first is that the Platform API Server always must always communicate with the Kubernetes API server. By making sure the Kubernetes API server is bound to the same interface as the Platform Agent, this condition is always met. Also, if nodes have many network interfaces, the sensitive networks aren't the networks that Oracle Cloud Native Environment uses to communicate.

When deploying a highly available cluster having many control plane nodes with an internal load balancer, the Platform API Server uses the same network interface as was set to host the Kubernetes control plane services to host the virtual IP address.

Data Plane

The data plane is the network used by the pods running on Kubernetes.

The same algorithm for to decide the default control plane interface is used when instantiating the Kubernetes pod network. The network interface used by the Platform Agent is used for both the Kubernetes control plane and the data plane. In environments with many networks, this might not be the best choice. Oracle Cloud Native Environment lets you customize the network interface used for pod networking when you create the Kubernetes module. When the CNI is brought up, it uses the network interface you specify for the pod network.

When you install Kubernetes, you can choose between Flannel or Calico as the CNI. You can also install Multus on top of Flannel or Calico to create a network bridge to pods.