π Demystifying Networking in Azure Kubernetes Service (AKS)
Demystifying Networking in Azure Kubernetes Service (AKS)
Networking in Azure Kubernetes Service (AKS) provides the backbone for secure and efficient containerized workloads. Microsoft offers several networking models in AKS, each tailored for specific requirements and use cases. In this post, we explore these networking options: Azure CNI, Azure CNI Overlay, Kubenet, and Azure CNI powered by Cilium, along with recent updates from Azure.
Kubenet
Kubenet is a simple and traditional networking approach in AKS, suitable for scenarios that donβt require the advanced networking features of Azure CNI.
Highlights:
- Pods receive IPs from a logically different IP range separate from the node’s IP range.
- Supports basic network segmentation and routing.
- Lower complexity compared to Azure CNI, suitable for simpler environments.
Configure Kubenet networking β
Warning
On 31 March 2028, kubenet networking for Azure Kubernetes Service (AKS) will be retired.
After this date, you will not be able to create new AKS clusters with kubenet networking. Existing clusters will continue to work, but you will not be able to create new node pools with kubenet networking. You can migrate existing clusters to Azure CNI or Azure CNI Overlay.
For more information, see Kubenet retirement announcement.
For more information on how to migrate your existing clusters to Azure CNI or Azure CNI Overlay, see Migrate from kubenet to Azure CNI.
For more information on how to migrate your existing clusters to Azure CNI Overlay, see Migrate from kubenet to Azure CNI Overlay.
For more information on how to migrate your existing clusters to Azure CNI powered by Cilium, see Migrate from kubenet to Azure CNI powered by Cilium.
Azure CNI
Azure Container Networking Interface (CNI) provides direct integration with Azure’s virtual networking capabilities. Each pod gets its own IP address within your virtual network, enabling seamless connectivity across your Azure resources.
Key benefits:
- Direct IP addressing from your Azure VNet.
- Simplified communication with other Azure resources without NAT.
- Ideal for applications requiring high-speed networking and tight integration.
Learn how to configure Azure CNI β
Azure CNI Overlay
Azure CNI Overlay enhances the traditional Azure CNI model by allowing pods to utilize IP addresses from a private overlay network. This approach dramatically increases IP address availability, addressing scaling challenges.
Key features:
- Separate pod CIDR ranges, conserving IP space in your primary VNet.
- Ideal for large-scale clusters with extensive pod requirements.
- Easy integration alongside existing Azure infrastructure.
Explore Azure CNI Overlay configuration β
Azure CNI Powered by Cilium
Azure CNI powered by Cilium combines the robust networking capabilities of Azure CNI with Cilium’s advanced networking and security features. This includes rich observability, enhanced security through eBPF-based filtering, and improved network policy enforcement.
Advantages:
- Enhanced security features and detailed observability.
- Policy enforcement at Layer 3/4 and Layer 7.
- High-performance networking with eBPF.
Learn more about Azure CNI powered by Cilium β
Conclusion
Choosing the right networking solution for your AKS clusters depends heavily on your application’s scalability, security, and integration requirements. Azure’s diverse networking models, including Azure CNI, Azure CNI Overlay, Kubenet, and Azure CNI powered by Cilium, offer flexibility to address various scenarios, from simple setups to highly complex, secure environments. Staying updated with Azureβs continuous improvements ensures that your clusters remain performant, scalable, and secure.