Infragate
BYON networking for OKE

BYON networking for OKE: bring your own VCN and subnets

A practical look at bring-your-own-network patterns for Oracle Kubernetes Engine and how Infragate keeps customer-owned OCI network resources under platform control.

Infragate by Solvia LabUpdated May 2, 20268 min read
Short version: Infragate is an OCI-native Internal Developer Platform for Oracle Kubernetes Engine teams that need governed self-service inside their own tenancy.

Why BYON exists

Enterprise OCI environments rarely start from an empty tenancy. Network teams usually already own compartments, VCNs, subnets, route tables, gateways, DNS, firewall paths, and VPN access. A Kubernetes platform that always creates a fresh network can conflict with those standards.

BYON means bring your own network. For OKE, it lets platform teams deploy clusters into approved OCI network patterns instead of forcing every cluster into a product-created VCN.

What BYON should not do

BYON should not mean an automation tool silently edits production network resources it does not own. Existing VCNs, subnets, route tables, security lists, and gateways are often shared and carefully governed.

Infragate treats supplied BYO resources as customer-owned boundaries. When users provide existing OCI resource OCIDs, the platform references those resources for cluster deployment patterns instead of taking broad ownership of them.

Common OKE network decisions

  • Whether the Kubernetes API endpoint is public, private, or restricted to approved CIDRs.
  • Whether workers use private subnets with NAT and Service Gateway egress.
  • Whether clusters share a compartment, use per-cluster compartments, or use a mixed model.
  • Whether the runner, VPN CIDRs, and corporate networks can reach TCP/6443.
  • Whether DRG, LPG, or VPN-first public endpoint restrictions are the right cost and scale tradeoff.

Infragate BYON guardrails

  • Advanced OCID fields validate expected OCI resource-type prefixes.
  • Autocomplete reduces copy-paste mistakes for compartments, VCNs, and subnets.
  • Existing compartment OCID alone reuses the compartment but does not auto-discover arbitrary networks.
  • Supplied BYO resources stay read-only from the Terraform ownership perspective.
  • Managed network mode can create dedicated public API endpoint subnet rules restricted to runner and VPN/corporate CIDRs.

Best-practice pattern

For production, treat Infragate as the controlled request layer and your network standards as the source of truth. Predefine the compartments, VCNs, route patterns, subnet types, and allowed API access CIDRs that cluster owners may use.

That lets application teams move quickly while network ownership remains explicit, auditable, and aligned with the enterprise OCI landing zone.

Evaluating OKE self-service for your OCI tenancy?Use these notes as a buying checklist, then compare them with the Infragate product page and docs.
View Infragate

Related Infragate resources

OKE self-service platformHow platform teams can offer governed Oracle Kubernetes Engine provisioning without handing every engineer Terraform, IAM, or OCI Console access. OKE kubeconfig accessHow governed kubeconfig delivery can reduce onboarding friction for Oracle Kubernetes Engine users while preserving access control and network boundaries. Internal Developer Platform for Oracle CloudWhat an OCI-native Internal Developer Platform should provide for teams standardizing Kubernetes operations on Oracle Cloud Infrastructure.