All traffic between the worker nodes and the master can now be completely enabled on the private network.
The private service endpoint is now generally available to enable all traffic between the worker nodes and the master to be on the private network, without the need for a gateway appliance device. In addition to this increased security, inbound and outbound traffic on the private network is unlimited and not charged. Optionally, you can still keep a public service endpoint for secure access to your Kubernetes master over the internet. Users can choose if the worker nodes and master nodes are accessible via public VLAN, private VLAN, or both, providing complete control and isolation to their Kubernetes clusters. The IBM Cloud Container Registry also supports private service endpoints and clusters will automatically download images over the private network.
Learn more:
Blog: Introducing Private Service Endpoints in IBM Cloud Kubernetes Service