Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn pod networking options for Azure Kubernetes Service (AKS). We first pose a question to help guide your planning, and then provide options, recommendations, and best practices.
Do you need direct pod IP access?
Pod networking controls how pods have IP addresses assigned and defined how pods communicate with each other, cluster nodes, and destinations outside the cluster. Kubernetes provides pod networking through a Container Network Interface (CNI) plugin, which is responsible for managing pod IP addresses and network connectivity.
When setting up pod networking, you need to plan for IP address management (IPAM) and routing and transport (data plane).
IP address management (IPAM) options
When setting up IPAM, you can choose between an Overlay Networking Model with Azure CNI Overlay and a Flat Networking Model with Azure CNI Pod Subnet or Azure CNI Node Subnet:
| IPAM options | Diagram of networking components | Features & functionality |
|---|---|---|
| Overlay Networking Model (with Azure CNI Overlay) |
|
• Pod IPs come from an overlay range that's not part of the VNet space. • Highly scalable networking, with up to 5,000 nodes and 250,000 pods. • Reuse pod overlay space across all clusters without conflict. Things like VNet peering or ExpressRoute direct connections might cause conflicts with private IP space. • Dual-stack (IPV4/IPV6) support. • Pods can't be accessed directly from outside the cluster. |
| Flat Networking Model (with Azure CNI Pod Subnet or Node Subnet) |
|
• Node and pod IPs come from VNet space. • Pods can be accessed directly from outside the cluster. • Azure CNI Pod Subnet options include Dynamic IP Allocation for efficiency or Static Block Allocation for scale. |
Considerations for Flat Networking Model options
Keep the following considerations in mind when deciding between Azure CNI Pod Subnet with Dynamic IP Allocation, Azure CNI Pod Subnet with Static Block Allocation, and Azure CNI Node Subnet:
| Flat Networking Model option | Considerations |
|---|---|
| Azure CNI Pod Subnet with Dynamic IP Allocation | • Involves some complexity and management. You need to delegate a subnet for your nodes and pods, and ensure you properly scope it to handle the scale you need. • Limitation of 64,000 IPs. |
| Azure CNI Pod Subnet with Static Block Allocation | • Requires careful planning, as you need to allocate a specific range of IPs for your pods and ensure it doesn't overlap with other subnets. • Can get up to 1,000,000 IPs. • IPs might not be used as efficiently, which could lead to wastage. |
| Azure CNI Node Subnet | • AKS manages the subnet for you, simplifying the setup. • Limitation of 64,000 IPs. |
Routing and transport (data plane) options
When setting up your data plane, you can choose between Azure CNI Powered by Cilium eBPF data plane, Azure IPTables data plane, and BYO CNI:
| Data plane options | Features & functionality |
|---|---|
| Azure CNI Powered by Cilium | • Improved scale and performance. • Built-in Network Policy Manager (NPM). • Enhanced network policies, such as FQDN filtering with Advanced Container Network Services. |
| Azure IPTables | • Install Calico or Azure NPM (not recommended) for your Network Policy Manager. • Supports all Kubernetes spec Network Policies. |
| BYO CNI | • No managed CNI plugin installed - you can use any option that supports AKS. • Microsoft doesn't support any CNI-related issues. |
Recommendations
Our general recommendation is to use Azure CNI Overlay. If you need direct IP access and have efficiency or scale requirements, consider using Azure CNI Pod Subnet with Dynamic IP Allocation or Azure CNI Pod Subnet with Static Block Allocation. If you need direct pod IP access and want simplified management, consider using Azure CNI Node Subnet.