From Confused to Proficient: Details of the Kubernetes Cluster Network

Aerial View

A configured Kubernetes cluster network of Alibaba Cloud consists of the cluster CIDR block, VPC routing table, node network, pod CIDR block of each node, virtual bridge cni0 on nodes, and the veth0 device connecting pods and bridges, as shown in the following figure.

Cluster Network Construction

Initial Phase

A cluster is created based on Virtual Private Cloud (VPC) and Elastic Compute Service (ECS) instances. After creating VPC and ECS instances, obtain the resource configuration, as shown in the following figure. Obtain one VPC whose CIDR block is and several ECS instances whose IP addresses are allocated from the VPC CIDR block.

Cluster Phase

Based on the initial resources, obtain the cluster CIDR block in the cluster creation console. The value is transferred to the provision script on a cluster node as a parameter, and then the script transfers it to kubeadm, a cluster node configuration tool. kubeadm finally writes the parameter to the kube-controller-manager.yaml file of the static pod of the cluster controller.

Node Phase

After the cluster phase, Kubernetes has the cluster CIDR block and pod CIDR block allocated to each node. Accordingly, the cluster delivers a flanneld to each phase to further construct the network framework for the pod on each node. It involves two operations.

Pod Phase

In the preceding three phases, the cluster constructs network communication channels between pods. In this case, if the cluster schedules a pod to a node, kubelet uses Flannel CNI to create a network namespace and veth devices for the pod, adds a veth device to the cni0 virtual bridge, and configures IP addresses for veth devices in the pod.


The pod network environment is constructed.

  • local communication,
  • same-node pod communication,
  • cross-node pod communication, and
  • communication between pod and non-pod network entities.


This article describes the construction and communication principles of the Kubernetes cluster network of Alibaba Cloud. It further analyzes the Kubernetes cluster network from the perspectives of network construction and communication. Network construction includes the initial phase, cluster phase, node phase, and pod phase, which helps to understand complex configurations. It is easy to understand the cluster communication principle according to the configurations.

Original Source:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website: