Bird
Raised Fist0
Azurecloud~3 mins

Why AKS networking (kubenet, Azure CNI)? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

What if your app's network could organize itself perfectly without you lifting a finger?

The Scenario

Imagine you have a group of computers that need to talk to each other and the internet to run your apps. You try to set up all the network connections by hand, assigning IP addresses and routes for each computer.

It feels like organizing a big party where you have to tell every guest exactly where to sit and how to get there, without any map or guide.

The Problem

Doing this manually is slow and confusing. You might give two computers the same address by mistake, or forget to open a path for some important messages.

When your group grows bigger, keeping track of all these details becomes a headache, and errors can cause your apps to stop working.

The Solution

AKS networking with kubenet or Azure CNI automates this setup. It acts like a smart party planner who assigns seats and paths automatically, making sure every computer can talk to the right places without conflicts.

This way, your apps can communicate smoothly, and you don't have to worry about the complex network details.

Before vs After
Before
Assign IPs manually to each node and configure routes one by one
After
Use AKS with Azure CNI or kubenet to automate IP assignment and routing
What It Enables

You can easily scale your applications and ensure reliable communication between containers and services without manual network setup.

Real Life Example

A company runs a web app on AKS. With Azure CNI, each container gets its own IP and can connect securely to databases and other services, all managed automatically.

Key Takeaways

Manual network setup is complex and error-prone.

AKS networking automates IP and route management.

This enables smooth, scalable communication for containerized apps.

Practice

(1/5)
1. What is the main difference between kubenet and Azure CNI networking in AKS?
easy
A. Both assign IPs from the Azure subnet but differ in routing protocols.
B. Kubenet uses NAT and assigns pod IPs from a private range, Azure CNI assigns IPs from the Azure subnet directly.
C. Kubenet assigns IPs from the Azure subnet, Azure CNI uses NAT for pod IPs.
D. Azure CNI uses NAT, while kubenet assigns IPs from the Azure subnet.

Solution

  1. Step 1: Understand kubenet networking

    Kubenet assigns pod IPs from a private IP range and uses NAT to allow pods to communicate outside the cluster.

  2. Step 2: Understand Azure CNI networking

    Azure CNI assigns pod IPs directly from the Azure virtual network subnet, allowing pods to have direct IP addresses visible in the Azure network.

  3. Final Answer:

    Kubenet uses NAT and assigns pod IPs from a private range, Azure CNI assigns IPs from the Azure subnet directly. -> Option B

  4. Quick Check:

    Kubenet = NAT, Azure CNI = Azure subnet IPs [OK]
Hint: Kubenet uses NAT; Azure CNI uses Azure subnet IPs [OK]
Common Mistakes:
  • Confusing which method uses NAT
  • Thinking both assign IPs from Azure subnet
  • Assuming Azure CNI uses private IP range
2. Which of the following is the correct way to specify Azure CNI networking when creating an AKS cluster using Azure CLI?
easy
A. az aks create --name myAKS --resource-group myRG --network-plugin azure
B. az aks create --name myAKS --resource-group myRG --network-plugin kubenet
C. az aks create --name myAKS --resource-group myRG --network-plugin azure-cni
D. az aks create --name myAKS --resource-group myRG --network-plugin azurecni

Solution

  1. Step 1: Identify the correct network plugin name for Azure CNI

    The Azure CLI uses the exact string azure to specify Azure CNI networking.

  2. Step 2: Check the command syntax

    The command must include --network-plugin azure to enable Azure CNI networking.

  3. Final Answer:

    az aks create --name myAKS --resource-group myRG --network-plugin azure -> Option A

  4. Quick Check:

    Azure CNI plugin = azure [OK]
Hint: Azure CNI plugin is exactly 'azure' in CLI [OK]
Common Mistakes:
  • Using 'azure-cni' instead of 'azure'
  • Confusing kubenet with Azure CNI plugin name
  • Typos in the network plugin parameter
3. Given an AKS cluster configured with kubenet, what will happen if a pod tries to communicate with another pod in a different node?
medium
A. Pods communicate directly using their Azure subnet IPs without NAT.
B. Pod traffic is blocked by default between nodes.
C. Pods cannot communicate across nodes in kubenet mode.
D. The pod-to-pod traffic will be routed through the node's NAT IP and may require additional routing setup.

Solution

  1. Step 1: Understand pod communication in kubenet mode

    In kubenet, pods get private IPs and use NAT on the node to communicate outside their node.

  2. Step 2: Analyze cross-node pod communication

    Traffic between pods on different nodes goes through the node's NAT IP, requiring routing rules to allow this traffic.

  3. Final Answer:

    The pod-to-pod traffic will be routed through the node's NAT IP and may require additional routing setup. -> Option D

  4. Quick Check:

    Kubenet cross-node uses NAT routing [OK]
Hint: Kubenet pods use NAT IPs for cross-node traffic [OK]
Common Mistakes:
  • Assuming direct pod IP communication in kubenet
  • Thinking pods cannot communicate across nodes
  • Believing pod traffic is blocked by default
4. You deployed an AKS cluster with Azure CNI but pods are not getting IP addresses from the Azure subnet. What is the likely cause?
medium
A. The Azure subnet does not have enough free IP addresses for pods.
B. The cluster was created with kubenet instead of Azure CNI.
C. The pods are configured to use host networking.
D. The Azure CNI plugin is not installed on the nodes.

Solution

  1. Step 1: Check IP availability in Azure subnet

    Azure CNI assigns pod IPs from the Azure subnet. If the subnet IP pool is exhausted, pods cannot get IPs.

  2. Step 2: Verify cluster network plugin and configuration

    Since the cluster is deployed with Azure CNI, the plugin is installed. Host networking would not prevent IP assignment.

  3. Final Answer:

    The Azure subnet does not have enough free IP addresses for pods. -> Option A

  4. Quick Check:

    Subnet IP exhaustion blocks pod IP assignment [OK]
Hint: Check subnet IP availability first for Azure CNI issues [OK]
Common Mistakes:
  • Assuming plugin is missing when cluster uses Azure CNI
  • Ignoring subnet IP exhaustion
  • Confusing host networking with IP assignment
5. You want to deploy an AKS cluster that allows pods to communicate directly with other Azure resources in the same virtual network using their pod IPs. Which networking option should you choose and why?
hard
A. Use kubenet with additional routing rules to enable pod IP visibility.
B. Use kubenet because it saves IP addresses and allows direct pod IP communication.
C. Use Azure CNI because it assigns pod IPs from the Azure subnet enabling direct communication with Azure resources.
D. Use Azure CNI but disable IP assignment to pods for better security.

Solution

  1. Step 1: Identify networking needs for direct pod-to-Azure resource communication

    Direct communication requires pods to have IPs visible in the Azure virtual network.

  2. Step 2: Compare kubenet and Azure CNI capabilities

    Kubenet uses NAT and private IPs, so pods are not directly reachable. Azure CNI assigns pod IPs from the Azure subnet, enabling direct communication.

  3. Final Answer:

    Use Azure CNI because it assigns pod IPs from the Azure subnet enabling direct communication with Azure resources. -> Option C

  4. Quick Check:

    Azure CNI = direct pod IPs in Azure subnet [OK]
Hint: Azure CNI enables direct pod IP communication with Azure resources [OK]
Common Mistakes:
  • Choosing kubenet for direct pod IP communication
  • Thinking kubenet allows direct pod IP visibility
  • Disabling IP assignment in Azure CNI disables communication