OCI Kubernetes Engine (OKE) support for Zero Trust Packet Routing

Kubernetes Engine now supports Zero Trust Packet Routing (ZPR) security attributes for selected cluster-related resources. You can assign ZPR security attributes to supported resources, including Kubernetes API endpoints, managed node VNICs, load balancers and network load balancers provisioned for Kubernetes services of type LoadBalancer, load balancers provisioned by the OCI native ingress controller, and File Storage mount targets created by the CSI volume plugin.

ZPR enables you to define fine-grained network access policies for traffic between protected OCI resources. ZPR works with existing network security controls, including network security groups, security lists, and Kubernetes network policies.

Note that assigning ZPR security attributes does not automatically allow traffic. You must also create ZPR policies that allow the required communication paths.

ZPR security attributes are supported for managed node pools and self-managed nodes in clusters that use the OCI VCN-Native Pod Networking CNI plugin. ZPR security attributes are not supported for virtual node pools or clusters that use the flannel CNI plugin.

For more information, see Adding Security Attributes to Cluster-Related Resources and Applying ZPR Policies