Container Networking
Networking among pods, clusters, and nodes is not implemented by Kubernetes itself, but by the Container Network Interface (CNI) plug-ins. There are many open source CNI plug-ins, such as Flannel and Calico. HUAWEI CLOUD CCE also provides customized CNI plug-ins (Canal and Yangtse) for you to use HUAWEI CLOUD VPC networks when running Kubernetes.
Kubernetes requires that pods in a cluster can communicate with each other and the pods must be connected through a non-NAT network. That is, the source IP address of the received data packet is that of the pod that sends the data packet. Pods are also required to communicate with nodes through a non-NAT network. However, when the pod accesses an object outside the cluster, the source IP address is changed to the node IP address.
A pod is connected to external systems through a virtual Ethernet interface pair (veth pair). For pods on the same node, they communicate with each other through a Linux bridge, as shown in the following figure.
Bridges between different nodes can be implemented in multiple modes. However, in a cluster, the pod IP address must be unique. Therefore, cross-node bridges will use different CIDR blocks to prevent duplicate pod IP addresses.
The following sections Service and Ingress will describe how Kubernetes provides access solutions for users based on the container networking.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.