As mentioned, containers in a Pod share the same network namespace. And a Pod is the basic computing unit in Kubernetes. Kubernetes assigns an IP to a Pod in its world. Every Pod can see every other with the virtual IP in Kubernetes network. While talking about the communication between Pods , we can separate into two scenarios: Pods that communicate within a node, or Pods that communicate across nodes. For Pods in single node, since they have separate IPs, their transmissions can be held by bridge, same as containers in a Docker node. However, for communication between Pods across nodes, how would be the package routing work while Pod doesn't have the host information (the host IP)?

Kubernetes uses the CNI to handle cluster networking. CNI is a framework for managing connective containers, for assigning or deleting the network resource on a container. While Kubernetes takes CNI as a plugin, users can choose the implementation of CNI on demand. Commonly, there are the following types of CNI:

• Overlay: With the technique of packet encapsulation. Every data is wrapped with host IP, so it is routable in the internet. An example is flannel (https://github.com/coreos/flannel).
• L3 gateway: Transmission between containers pass to a gateway node first. The gateway will maintain the routing table to map the container subnet and host IP. An example is Project Calico (https://www.projectcalico.org/).
• L2 adjacency: Happening on L2 switching. In Ethernet, two nodes have adjacency if the package can be transmitted directly from source to destination, without passing by other nodes. An example is Cisco ACI (https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_Kubernetes_Integration_with_ACI.html).

There are pros and cons to every type of CNI. The former type within the bullet points has better scalability but bad performance, while the latter one has a shorter latency but requires complex and customized setup. Some CNIs cover all three types in different modes, for example, Contiv (https://github.com/contiv/netplugin). You can get more information about CNI while checking its spec at: https://github.com/containernetworking/cni. Additionally, look at the CNI list on official website of Kubernetes to try out these CNIs: https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-achieve-this.

After introducing the basic knowledge of the packet transaction between Pods , we will continue to bring you a Kubernetes API, NetworkPolicy, which provides advanced management between the communication of Pods .