Private worker nodes

For additional security, you can now create Kubernetes clusters that have worker nodes in private subnets. These worker nodes are known as private worker nodes. For more information, see Creating a Kubernetes Cluster.

Private worker nodes have private IP addresses only (they do not have public IP addresses). A NAT gateway enables private worker nodes to initiate connections to the internet and receive responses. However, private worker nodes do not receive inbound connections initiated from the internet. They can only be accessed by other resources inside the VCN. If you do want to provide some external access to private worker nodes (for example, to use SSH for debugging purposes), Oracle recommends using bastion hosts. For more information, see Connecting to Worker Nodes in Private Subnets Using SSH.