Process Flow - AKS networking (kubenet, Azure CNI)

Start AKS Cluster Setup

↓

Choose Network Plugin

↓

Kubenet

↓

Pod IPs from

↓

Node IP range

↓

Pods use NAT

↓

to access VNet

↓

Limited Pod

↓

IP scalability

↓

Cluster Ready with chosen networking

The flow shows choosing between Kubenet and Azure CNI networking for AKS, detailing how pod IPs are assigned and network behavior.

Execution Sample

Azure

az aks create --name myAKS --resource-group myRG --network-plugin kubenet
az aks create --name myAKS --resource-group myRG --network-plugin azure

Creates AKS clusters with either Kubenet or Azure CNI networking plugin.

Process Table

Step	Action	Network Plugin	Pod IP Assignment	Network Behavior	Result
1	Start cluster creation	N/A	N/A	N/A	Preparing resources
2	Select network plugin	kubenet	Pods get IPs from node subnet (private range)	Pods use NAT to access VNet	Pods share node IP range
3	Assign pod IPs	kubenet	Pod IPs assigned from node subnet	Pods cannot be reached directly from VNet	Limited IP scalability
4	Cluster ready	kubenet	Pods use node IP for outbound	Simpler setup, less IP usage	Cluster operational
5	Start cluster creation	N/A	N/A	N/A	Preparing resources
6	Select network plugin	azure	Pods get IPs directly from Azure VNet	Pods have unique IPs in VNet	Pods fully integrated in VNet
7	Assign pod IPs	azure	Pod IPs assigned from VNet subnet	Pods reachable directly, no NAT	Better network control
8	Cluster ready	azure	Pods have own IPs	Supports advanced networking	Cluster operational

💡 Cluster creation completes with chosen network plugin and pod IP assignment method.

Status Tracker

Variable	Start	After Kubenet Setup	After Azure CNI Setup	Final
Network Plugin	None	kubenet	azure	Set per cluster
Pod IP Source	None	Node subnet	Azure VNet subnet	Assigned per plugin
Pod IP Reachability	None	Via NAT through node IP	Direct VNet IP	Depends on plugin
IP Scalability	None	Limited by node subnet	High, uses VNet IPs	Depends on plugin

Key Moments - 3 Insights

Why do pods in Kubenet use NAT to access the VNet?

How does Azure CNI allow pods to have their own IPs in the VNet?

What limits the number of pods in Kubenet compared to Azure CNI?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table at step 3, where do pods get their IPs in Kubenet?

AFrom the node subnet (private range)

BFrom the Azure VNet subnet

CFrom a public IP pool

DFrom a separate Kubernetes subnet

Concept Snapshot

AKS networking uses two main plugins:
- Kubenet: Pods get IPs from node subnet, use NAT for VNet access, simpler but limited IPs.
- Azure CNI: Pods get IPs directly from Azure VNet, no NAT, better integration and scalability.
Choose based on IP needs and network complexity.
Use az aks create --network-plugin to specify.

Full Transcript

This visual execution shows how AKS networking works with Kubenet and Azure CNI plugins. The flow starts with cluster setup, choosing the network plugin, then assigning pod IPs. Kubenet assigns pod IPs from the node subnet and uses NAT for VNet access, limiting pod IP scalability. Azure CNI assigns pod IPs directly from the Azure VNet subnet, allowing pods to have unique IPs reachable directly in the VNet. The execution table traces each step of cluster creation and pod IP assignment for both plugins. Variable tracking shows how key variables like network plugin choice and pod IP source change. Key moments clarify why NAT is used in Kubenet and how Azure CNI improves network integration. The quiz tests understanding of pod IP assignment and network behavior. The snapshot summarizes the key differences and usage of Kubenet and Azure CNI in AKS networking.