Understanding the Pod Network Model in Kubernetes

In Kubernetes, a Pod functions like a virtual machine and is the smallest scheduling unit; each Pod receives a real IP address that can be used to communicate with any other Pod in the cluster, regardless of whether they reside on the same node.

When a Pod contains multiple containers, Kubernetes creates an “infra” container that holds the network namespace; all other containers in the Pod share this namespace, so they use the same network interfaces, IP address, and MAC address as the infra container.

For two Pods on the same node, communication follows the same principles as Docker networking: the source Pod’s eth0 is connected via a virtual Ethernet device (veth0) to the host’s root namespace, the bridge cbr0 assigns a subnet to veth0, forwards the packet to veth1, which then delivers it directly to the destination Pod’s eth0.

For Pods on different nodes, the Pod IP must be reachable across the entire cluster. A third‑party CNI plugin implements this by encapsulating the Pod’s packet into the node’s network packet, transmitting it to the target node, where it is decapsulated and delivered to the destination Pod’s network namespace. This approach adds some overhead but does not depend on the underlying physical network.