Managed Kubernetes Data Plane

The Kubernetes® data plane is composed of cluster’s worker nodes. With UpCloud’s Managed Kubernetes, worker nodes are deployed through cluster node groups. These nodes run customer workloads and are managed by the control plane.

Node groups

Users have full control of their data plane configuration. allowing them to arrange worker nodes in groups with varying Cloud Server plans.

Node groups can be configured to use any pre-defined Cloud Server plan. For more information, see Cloud Server pricing for more details.

Node groups can be scaled horizontally by adding or removing nodes.


When creating a new node group, users have the option to select Anti-affinity in the Advanced settings. If enabled, nodes in this group are aimed to be placed on separate compute hosts.

Please note that the anti-affinity policy is considered a “best effort” and enabling it does not fully guarantee that the nodes will end up on different hardware.

Network connectivity

UpCloud’s Managed Kubernetes is pre-configured with and optimised to use Cilium as the Container Networking Interface (CNI) plugin.

Data plane worker nodes are connected via Private networks made available in the same zone as the Managed Kubernetes cluster.

Requirements are:

  • One Private network per Kubernetes cluster is required.
  • Only one cluster can be connected to any one Private network at the same time.
  • The Private network cannot be changed after cluster creation.

Network CIDR ranges

When creating the cluster, please make sure your network configuration does overlap with the following CIDR ranges:

  • Control Plane CIDR:
  • Service CIDR:
  • Forwarder CIDR:
  • Utility CIDR (per cluster zone):
    • fi-hel1:
    • uk-lon1:
    • us-chi1:
    • de-fra1:
    • nl-ams1:
    • fi-hel2:
    • es-mad1:
    • us-sjo1:
    • us-nyc1:
    • sg-sin1:
    • pl-waw1:
    • au-syd1:
    • se-sto1:

Private node groups

Optionally, cluster can be created by assigning only private IP addresses to the cluster worker nodes. Cluster nodes are then not accessible from the Internet and all services have to be exposed through a Load Balancer.

The worker nodes require Internet access to operate correctly. As a requirement, the selected SDN network has to have a SDN router and a NAT Gateway configured. See Gateway services for more information.

Accessing worker nodes over SSH

Node groups support the use of SSH keys for accessing worker nodes. These can be configured in the Advanced settings, only upon node group creation. Note that SSH keys are not configured by default.

Kubernetes is a registered trademark of The Linux Foundation.