Core Networking: Subnet¶
Manage OCI core networking resources from Kubernetes. This page is generated from checked-in package metadata, CRD schemas, and sample manifests.
Resource Snapshot¶
| Field | Value |
|---|---|
| Service | core |
| Resource | Subnet |
| API Version | core.oracle.com/v1beta1 |
| Package | Core Networking |
| Support Status | Preview |
| Latest Released Version | v2.0.0-alpha |
| Install Namespace | oci-service-operator-core-network-system |
Quick Links¶
- Resource Guide Index
- Setup Guide
- Package Page
- API Reference
- Spec Reference
- Status Reference
- Rendered Sample (
config/samples/core_v1beta1_subnet.yaml)
Spec Fields¶
This summary shows the top-level spec fields. Use the full API reference for nested fields, defaults, and enum values.
| Field | Description | Type | Required |
|---|---|---|---|
availabilityDomain |
Controls whether the subnet is regional or specific to an availability domain. Oracle recommends creating regional subnets because they're more flexible and make it easier to implement failover across availability domains. Originally, AD-specific subnets were the only kind available to use. To create a regional subnet, omit this attribute. Then any resources later created in this subnet (such as a Compute instance) can be created in any availability domain in the region. To instead create an AD-specific subnet, set this attribute to the availability domain you want this subnet to be in. Then any resources later created in this subnet can only be created in that availability domain. Example: Uocm:PHX-AD-1 |
string |
No |
cidrBlock |
The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. Example: 10.0.1.0/24 |
string |
No |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment to contain the subnet. | string |
Yes |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No |
dhcpOptionsId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the set of DHCP options the subnet will use. If you don't provide a value, the subnet uses the VCN's default set of DHCP options. | string |
No |
displayName |
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. | string |
No |
dnsLabel |
A DNS label for the subnet, used in conjunction with the VNIC's hostname and VCN's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example, bminstance1.subnet123.vcn1.oraclevcn.com). Must be an alphanumeric string that begins with a letter and is unique within the VCN. The value cannot be changed. This value must be set if you want to use the Internet and VCN Resolver to resolve the hostnames of instances in the subnet. It can only be set if the VCN itself was created with a DNS label. For more information, see DNS in Your Virtual Cloud Network (https://docs.oracle.com/iaas/Content/Network/Concepts/dns.htm). Example: subnet123 |
string |
No |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No |
ipv4CidrBlocks |
The list of all IPv4 CIDR blocks for the subnet that meets the following criteria: - Ipv4 CIDR blocks must be valid. - Multiple Ipv4 CIDR blocks must not overlap each other or the on-premises network CIDR block. - The number of prefixes must not exceed the limit of IPv4 prefixes allowed to a subnet. | list[string] |
No |
ipv6CidrBlock |
Use this to enable IPv6 addressing for this subnet. The VCN must be enabled for IPv6. You can't change this subnet characteristic later. All subnets are /64 in size. The subnet portion of the IPv6 address is the fourth hextet from the left (1111 in the following example). For important details about IPv6 addressing in a VCN, see IPv6 Addresses (https://docs.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). Example: 2001:0db8:0123:1111::/64 |
string |
No |
ipv6CidrBlocks |
The list of all IPv6 prefixes (Oracle allocated IPv6 GUA, ULA or private IPv6 prefixes, BYOIPv6 prefixes) for the subnet that meets the following criteria: - The prefixes must be valid. - Multiple prefixes must not overlap each other or the on-premises network prefix. - The number of prefixes must not exceed the limit of IPv6 prefixes allowed to a subnet. | list[string] |
No |
prohibitInternetIngress |
Whether to disallow ingress internet traffic to VNICs within this subnet. Defaults to false. For IPv6, if prohibitInternetIngress is set to true, internet access is not allowed for any IPv6s assigned to VNICs in the subnet. Otherwise, ingress internet traffic is allowed by default. prohibitPublicIpOnVnic will be set to the value of prohibitInternetIngress to dictate IPv4 behavior in this subnet. Only one or the other flag should be specified. Example: true |
boolean |
No |
prohibitPublicIpOnVnic |
Whether VNICs within this subnet can have public IP addresses. Defaults to false, which means VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with the assignPublicIp flag in CreateVnicDetails). If prohibitPublicIpOnVnic is set to true, VNICs created in this subnet cannot have public IP addresses (that is, it's a private subnet). If you intend to use an IPv6 prefix, you should use the flag prohibitInternetIngress to specify ingress internet traffic behavior of the subnet. Example: true |
boolean |
No |
routeTableId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the route table the subnet will use. If you don't provide a value, the subnet uses the VCN's default route table. | string |
No |
securityListIds |
The OCIDs of the security list or lists the subnet will use. If you don't provide a value, the subnet uses the VCN's default security list. Remember that security lists are associated with the subnet, but the rules are applied to the individual VNICs in the subnet. | list[string] |
No |
vcnId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the VCN to contain the subnet. | string |
Yes |
Status Fields¶
This summary shows the top-level status fields. Use the full API reference for nested fields, defaults, and enum values.
| Field | Description | Type | Required |
|---|---|---|---|
availabilityDomain |
The subnet's availability domain. This attribute will be null if this is a regional subnet instead of an AD-specific subnet. Oracle recommends creating regional subnets. Example: Uocm:PHX-AD-1 |
string |
No |
cidrBlock |
The subnet's CIDR block. Example: 10.0.1.0/24 |
string |
No |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the subnet. | string |
No |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No |
dhcpOptionsId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the set of DHCP options that the subnet uses. | string |
No |
displayName |
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. | string |
No |
dnsLabel |
A DNS label for the subnet, used in conjunction with the VNIC's hostname and VCN's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example, bminstance1.subnet123.vcn1.oraclevcn.com). Must be an alphanumeric string that begins with a letter and is unique within the VCN. The value cannot be changed. The absence of this parameter means the Internet and VCN Resolver will not resolve hostnames of instances in this subnet. For more information, see DNS in Your Virtual Cloud Network (https://docs.oracle.com/iaas/Content/Network/Concepts/dns.htm). Example: subnet123 |
string |
No |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No |
id |
The subnet's Oracle ID (OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm)). | string |
No |
ipv4CidrBlocks |
The list of all IPv4 CIDR blocks for the subnet that meets the following criteria: - Ipv4 CIDR blocks must be valid. - Multiple Ipv4 CIDR blocks must not overlap each other or the on-premises network CIDR block. - The number of prefixes must not exceed the limit of IPv4 prefixes allowed to a subnet. | list[string] |
No |
ipv6CidrBlock |
For an IPv6-enabled subnet, this is the IPv6 prefix for the subnet's IP address space. The subnet size is always /64. See IPv6 Addresses (https://docs.oracle.com/iaas/Content/Network/Concepts/ipv6.htm). Example: 2001:0db8:0123:1111::/64 |
string |
No |
ipv6CidrBlocks |
The list of all IPv6 prefixes (Oracle allocated IPv6 GUA, ULA or private IPv6 prefixes, BYOIPv6 prefixes) for the subnet. | list[string] |
No |
ipv6VirtualRouterIp |
For an IPv6-enabled subnet, this is the IPv6 address of the virtual router. Example: 2001:0db8:0123:1111:89ab:cdef:1234:5678 |
string |
No |
lifecycleState |
The subnet's current state. | string |
No |
prohibitInternetIngress |
Whether to disallow ingress internet traffic to VNICs within this subnet. Defaults to false. For IPV4, prohibitInternetIngress behaves similarly to prohibitPublicIpOnVnic. If it is set to false, VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with the assignPublicIp flag in CreateVnicDetails). If prohibitInternetIngress is set to true, VNICs created in this subnet cannot have public IP addresses (that is, it's a privatesubnet). For IPv6, if prohibitInternetIngress is set to true, internet access is not allowed for any IPv6s assigned to VNICs in the subnet. Otherwise, ingress internet traffic is allowed by default. Example: true |
boolean |
No |
prohibitPublicIpOnVnic |
Whether VNICs within this subnet can have public IP addresses. Defaults to false, which means VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with the assignPublicIp flag in CreateVnicDetails). If prohibitPublicIpOnVnic is set to true, VNICs created in this subnet cannot have public IP addresses (that is, it's a private subnet). Example: true |
boolean |
No |
routeTableId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the route table that the subnet uses. | string |
No |
securityListIds |
The OCIDs of the security list or lists that the subnet uses. Remember that security lists are associated with the subnet, but the rules are applied to the individual VNICs in the subnet. | list[string] |
No |
status |
- | object |
Yes |
subnetDomainName |
The subnet's domain name, which consists of the subnet's DNS label, the VCN's DNS label, and the oraclevcn.com domain. For more information, see DNS in Your Virtual Cloud Network (https://docs.oracle.com/iaas/Content/Network/Concepts/dns.htm). Example: subnet123.vcn1.oraclevcn.com |
string |
No |
timeCreated |
The date and time the subnet was created, in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No |
vcnId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the VCN the subnet is in. | string |
No |
virtualRouterIp |
The IP address of the virtual router. Example: 10.0.14.1 |
string |
No |
virtualRouterMac |
The MAC address of the virtual router. Example: 00:00:00:00:00:01 |
string |
No |
Sample Manifest¶
This example is generated from the checked-in sample manifest at config/samples/core_v1beta1_subnet.yaml. Replace placeholder values before applying it.
#
# Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#
#
# Replace the OCI identifiers below before running e2e.
# Update metadata.name and spec.displayName if you want to force a fresh create
# instead of reusing an existing Subnet with the same display name in the same VCN.
# This starter sample creates a regional private subnet.
#
apiVersion: core.oracle.com/v1beta1
kind: Subnet
metadata:
name: subnet-sample
spec:
cidrBlock: 10.0.1.0/24
compartmentId: ocid1.compartment.oc1..exampleuniqueID
vcnId: ocid1.vcn.oc1..exampleuniqueID
displayName: "private-subnet-sample"
dnsLabel: "privsubnet"
prohibitPublicIpOnVnic: true
routeTableId: ocid1.routetable.oc1..exampleuniqueID
securityListIds:
- ocid1.securitylist.oc1..exampleuniqueID