Updated on 2024-01-26 GMT+08:00

Container Networking

Networking among pods, clusters, and nodes is not implemented by Kubernetes itself, but by the Container Network Interface (CNI) plug-ins. There are many open-source CNI plug-ins, such as Flannel and Calico. CCE also provides customized CNI plug-ins for you to use VPCs when running Kubernetes.

Kubernetes requires that pods in a cluster can communicate with each other and the pods must be connected through a non-NAT network. That is, the source IP address of the received data packet is that of the pod that sends the data packet. Pods are also required to communicate with nodes through a non-NAT network. However, when the pod accesses an object outside the cluster, the source IP address is changed to the node IP address.

A pod is connected to external systems through a virtual Ethernet interface pair (veth pair). For pods on the same node, they communicate with each other through a Linux bridge, as shown in the following figure.

Figure 1 Communication for pods on the same node

Bridges between different nodes can be implemented in multiple modes. However, in a cluster, the pod IP address must be unique. Therefore, cross-node bridges will use different CIDR blocks to prevent duplicate pod IP addresses.

Figure 2 Communication for pods on different nodes

The following sections Services and Ingresses will describe how Kubernetes provides access solutions for users based on the container networking.