Oracle recommends not exposing any administrative, RMI, or T3 channels outside the Kubernetes cluster unless absolutely necessary. If exposing any of these channels, limit access using controls like security lists or set up a Bastion to provide access.
When accessing T3 or RMI based channels, the preferred approach is to
kubectl exec into
the Kubernetes Pod and then run
wlst, or set up Bastion access and then run
wlst from the Bastion host to connect to the Kubernetes cluster.
Also, consider a private VPN if you need use cross-domain T3 access between clouds, data centers, and such.