AZURE KUBERNETES SERVICE (AKS) NETWORK PLUGINS
A network plugin enables you to configure communication within your k8s network like pod-pod, pod-node and node to pod. Let's discuss different plugin options available on AKS.
AKS cluster can be deployed using one of the network plugins like
1. Kubenet (default) networking
2. Azure Container Networking Interface (CNI) networking
Kubenet networking
kubenet networking option is the default network plugin for AKS. Kubenet is designed with the conservation of IP address space. With Kubenet, an Azure Virtual Network, subnet, and route table are created automatically when the cluster is deployed. Here, nodes receive an IP address from the Azure Virtual Network subnet. Kubenet lets the nodes receive defined IP addresses, without the need to reserve numerous IP addresses upfront for all the potential pods that could run in the cluster. Pods can’t communicate directly with each other, User Defined Routing (UDR) and IP forwarding is used for connectivity between pods across nodes.
Azure CNI
When using Azure CNI every pod gets an IP address from the subnet and can be accessed directly. These IP addresses must be planned and unique across your network space. Each node has a configuration parameter for the maximum number of pods it supports. The size of your virtual network and its subnet must accommodate the number of pods you plan to run and the number of nodes for the cluster.
Compare network models
Both kubenet and Azure CNI provide network connectivity for your AKS clusters. However, there are advantages and disadvantages to each. At a high level, the following considerations apply:
Kubenet
- Conserves IP address space.
- Uses Kubernetes internal or external load balancer to reach pods from outside the cluster.
- You manually manage and maintain user-defined routes (UDR).
- Maximum of 400 nodes per cluster.
Azure CNI
- Pods get full virtual network connectivity and can be directly reached via their private IP address from connected networks.
- Requires more IP address space.
Conclusion
Both network models have advantages/disadvantages, Kubenet is very basic whereas CNI is advanced and forces networking ahead of time, which might save a lot of trouble later. If you do not have a shortage of IP addresses, I would recommend going with Azure CNI.
Helpful links: https://learn.microsoft.com/en-us/azure/aks/configure-kubenet, https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni