Networks, Services, Routes and Scaling


  • Kubernetes cluster is composed of a master and worker nodes.
  • These are virtual or physical machines so they all have their own IP addresses.
  • When application is deployed on this cluster in the form of Docker containers in pods. Each pod get an IP address assigned to it. These pods could be running different types of applications dependent on each other.
  •  Pods must be able to communicate with each other. So they must be on a network configured in a way where they can communicate with each other and have unique IP addresses.
  • OpenShift uses OpenShift Software-defined Networking (OpenShift  SDN) to solve this problem.

OpenShift SDN

  • SDN creates a virtual network span across nodes using Open vSwitch.
  • vSwitch is a distributed virtual switch used to interconnect virtual machine in a hypervisor.
  • The default network ID for the overlay network is
  • Each node is assigned a unique subnet such as,,
  • All pods on these nodes get a unique IP address within that subnet.
  • You can see the IP addresses assigned to each pod by oc get pods -o wide

  • However, communicating through IP addresses may not be a good idea as it is not guaranteed to be the same each time when pod restarts.
  • OpenShift has a built-in DNS server that map IP addresses to pods and services.
  • This enables us to use pod name or service name to connect to each other instead of IP addresses.
  • OpenShift leverages SkyDNS to implement DNS functionality on top of ETCD.

  • Establishing connection between the pods directly is not recommended.
  • The recommended way is to use services.
  • OpenShift SDN provides different kinds of plugins.
  • The default plugin configured is the ovs-subnet that provides network connectivity between all pods
  • OpenShift also provides the session ovs-multitenant plugin to separate projects from each other.

  • OpenShift also supports additional plugins such as Nuage, Contiv, and Flannel.
  • These plugins have its own way for networking.

  • Users can access our application by using Services and Routes.