Container Engine for Kubernetes FAQ

FAQ topics

General questions

What is Oracle Cloud Infrastructure Container Engine for Kubernetes?

Container Engine for Kubernetes enables you to quickly create, manage and consume Kubernetes clusters that leverage underlying compute, network and storage services without the need to install and maintain complex supporting Kubernetes infrastructure.

What is the Basic cluster option in OKE?

If you create a new OKE cluster, you can choose a basic cluster that doesn't have a base fee for the control plane. However, this option doesn't include access to OKE features, such as virtual nodes and add-ons, as well as the SLA for the control plane.

Basic clusters are suitable for customers willing to take on more management responsibilities for their OKE clusters and don't require the advanced capabilities provided by enhanced OKE clusters. If you need more advanced management capabilities in the future, you can easily switch to enhanced OKE clusters.

When should I use Oracle Cloud Infrastructure Container Engine for Kubernetes?

You should use Container Engine for Kubernetes when you want to leverage Kubernetes to deploy and manage your Kubernetes based container applications. It allows you to combine the production grade container orchestration of standard upstream Kubernetes, with the control, security and high predictable performance of Oracle Cloud Infrastructure.

How is Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) priced?

OKE customers' charges are determined by computing, storage, networking, and other types of infrastructure resource consumption in their OKE clusters. The OCPU and memory resources allocated to OKE worker nodes are priced the same as OCI Compute instances for the chosen shape. Additionally, there is a base fee of $0.10 per cluster per hour, up to a maximum of $74.40 per month for the control plane, which comes with a financially guaranteed service level agreement (SLA).

Customers creating an OKE cluster can choose a basic cluster option, eliminating the nominal control plane fee. However, you will not have access to features, such as virtual nodes and add-ons, as well as the SLA for the control plane.

If virtual nodes are chosen for worker nodes, there is an extra fee of $0.015 per node per hour calculated based on the runtime usage of each virtual node.

Which regions provide the Oracle Cloud Infrastructure Container Engine for Kubernetes?

Container Engine for Kubernetes is supported on all regions as documented in Regions and Availability Domains.

What standards and regulations does OKE comply with?

OKE is compliant with a number of industry standards and regulations, including, but not limited to, FedRAMP High, ISO/IEC 27001, PCI DSS, SOC1/2/3, and more. For more information, please refer to the infrastructure compliance page.

Do I need to manage the control plane in Oracle Cloud Infrastructure Container Engine for Kubernetes?

You don't need to manage it yourself. OKE takes care of it. Whenever you create a Kubernetes cluster with OKE, the managed service automatically sets up and runs multiple control planes in different fault domains or availability domains (logical data centers) to ensure high availability. Ongoing management tasks related to the control plane, such as Kubernetes version upgrades, are also seamlessly handled by the service without interruption.

Does Oracle Cloud Infrastructure Container Engine for Kubernetes support standard upstream Kubernetes?

Yes. Kubernetes clusters are created with standard upstream Kubernetes versions. These versions are also certified against the Cloud Native Computing Foundation (CNCF) conformance program.

How does Oracle Cloud Infrastructure Container Engine for Kubernetes provide resiliency?

Oracle Cloud Infrastructure (OCI) automatically creates and manages multiple Kubernetes control planes across various fault domains and availability domains (logical data centers) when you create an OKE cluster. This is done to ensure that the managed Kubernetes control plane is highly available. Control plane operations, such as upgrading to newer versions of Kubernetes, can be performed without service interruptions. Additionally, the provisioned worker nodes are labeled with their availability domain and region, allowing you to use Kubernetes scheduling mechanisms when developing and deploying robust container-based applications.

Does Oracle Cloud Infrastructure Container Engine for Kubernetes support Kubernetes role-based access control (RBAC)?

Yes. Managed Kubernetes clusters are enabled with Kubernetes RBAC. Managed Kubernetes is also integrated with Oracle Identity and Access Management (IAM), enabling users with powerful controls over access to their clusters.

Can I deploy my Kubernetes cluster into an existing Virtual Cloud Network (VCN)?

Yes. You can deploy a managed Kubernetes cluster into an existing VCN, giving you a great degree of control over the use of underlying subnets, and security lists.

Can I deploy private Kubernetes clusters?

Yes. With OKE, your Kubernetes clusters are integrated in your virtual cloud network (VCN). Your cluster worker nodes, load balancers, and the Kubernetes API endpoint are part of a private or public subnet of your VCN. Regular VCN routing and firewall rules control the access to the Kubernetes API endpoint and make it accessible from a corporate network only, through a bastion host, or by specific platform services.

Can I deploy my Kubernetes cluster on Bare Metal Nodes?

Yes. You can deploy a managed Kubernetes cluster on pure bare metal Nodes. You can also leverage the concept of "node pools" (a set of nodes sharing a common node size / image) to create a cluster of both bare metal and virtual machines and target your Kubernetes workloads appropriately.

Is Oracle Cloud Infrastructure Container Engine for Kubernetes integrated with OCI Load Balancing and Block Storage?

Yes. Container Engine for Kubernetes allows users to expose Kubernetes services of type "LoadBalancer" and create Oracle load balancers. Users can also create Kubernetes Persistent Volumes and Persistent Volume Claims backed by Oracle Block Volumes.

Can I get access to my worker/cluster nodes?

When setting up a cluster, you can assign a public/private SSH key pair to managed and self-managed nodes. This allows you to use an SSH key pair to access your worker nodes. However, it's important to note that virtual nodes cannot be accessed via an SSH key pair, as they are fully managed by OKE.

Can I mix different node types in a single cluster?

It is possible to combine managed and self-managed nodes within a single OKE cluster. However, virtual nodes cannot be mixed with other node types in an OKE cluster.

When should I use virtual nodes, managed nodes, or self-managed nodes?

  • Virtual nodes
    Virtual nodes offer a serverless Kubernetes experience, making it an ideal choice if you prefer to focus on your application and avoid managing the underlying infrastructure. Virtual nodes relieve you of tasks related to managing worker nodes such as scaling, upgrading, patching, troubleshooting, and provisioning worker nodes.
  • Managed nodes
    Managed nodes are a good choice when you want customized configuration of your worker nodes, or you require a specific node shape that is unavailable with virtual nodes. Unlike virtual nodes, management of worker nodes is a shared responsibility model with OCI and the customer. While customers play a role in managing worker nodes, OKE simplifies the process through automated features such as on-demand cycling to automate the process of updating worker nodes, cluster self-healing of worker nodes upon detection of failure, autoscaling, and more.
  • Self-managed nodes
    Self-managed nodes provide access to specialized infrastructure, such as RDMA-enabled bare metal HPC/GPU instances or confidential compute shapes, making them well-suited for specific use cases that are unavailable with managed nodes. With self-managed nodes, customers are responsible for managing the worker nodes themselves.

    Self-managed nodes offer access to the underlying infrastructure, configuration options, and compute shapes that are currently unavailable to managed nodes. This includes RDMA-enabled bare metal HPC/GPU instances or Dedicated Virtual Machine hosts. With self-managed nodes, customers have the responsibility of managing the worker nodes themselves, without the automated features provided by managed nodes such as on-demand cycling, cluster self-healing for node failures, and autoscaling capabilities.

Which container runtime does Oracle Container Engine for Kubernetes (OKE) use?

Container Engine for Kubernetes uses CRI-O as its container runtime.

What are the storage options for virtual nodes?

At launch, OKE virtual nodes do not have persistent storage capabilities. However, after the initial launch, the service will introduce support for attaching persistent volumes backed by OCI Block Storage and OCI File Storage. If your Kubernetes application requires persistent storage, it is advisable to use OKE managed nodes. Workloads that require persistent storage can use managed nodes.

What compute shapes are supported by virtual nodes?

Virtual nodes are compatible with E3, E4, and A1 compute shapes, and new shapes are consistently added. If you need a shape that virtual nodes don't offer for your workloads, managed nodes can be used instead.

What are the available software packages with add-ons for lifecycle management?

The following software packages are available with add-ons for lifecycle management. New software packages are added regularly.