All Products
Search

This Product

    Container Service for Kubernetes:Use the Flannel network plugin

    Document Center

    Container Service for Kubernetes:Use the Flannel network plugin

    Last Updated:Mar 26, 2026

    Flannel is a simple and stable Container Network Interface (CNI) plugin from the community. In ACK, Flannel uses the custom route feature of Alibaba Cloud virtual private cloud (VPC) to enable direct communication between pods across nodes and between pods and the VPC.

    How it works

    In Flannel network mode, the pod CIDR block is independent of the VPC CIDR block. ACK evenly divides the pod CIDR block and allocates one subnet to each node based on a subnet mask. Pods on a node receive IP addresses from the subnet allocated to that node.

    image

    Usage notes

    Route table management

    Cloud Controller Manager manages the default route table of the VPC for Flannel clusters. Each node in the cluster corresponds to one route entry in this route table.

    Warning

    Do not modify the VPC default route table unless necessary. If conflicting route entries exist in the same route table, Cloud Controller Manager automatically deletes them. For details on what Cloud Controller Manager manages, see Cloud Controller Manager.

    Multiple route tables

    By default, Flannel clusters do not support multiple route tables in a VPC. If your VPC has multiple route tables, configure them following Use multiple route tables in a VPC.

    Important

    If you use Alibaba Cloud NAT firewalls, add the VPC system route table to the multiple route table list after the firewall is created. Skipping this step may affect cluster scale-out.

    Select Flannel when creating a cluster

    1. On the Create Kubernetes Cluster page, set Forwarding Mode to Flannel.

    2. Configure the following network parameters:

      ParameterDescription
      VPCThe VPC for the cluster.
      vSwitchThe vSwitch for the cluster nodes.
      Pods per NodeThe maximum number of pods that can run on a single node.
      Pod CIDR BlockThe CIDR block for pods in the cluster. See Plan CIDR blocks for ACK managed clusters.
      Service CIDR BlockThe CIDR block for services in the cluster. See Plan CIDR blocks for ACK managed clusters.

    3. Complete the remaining cluster configuration. For step-by-step instructions, see Create an ACK managed cluster or Create an ACK dedicated cluster (no longer available for creation).

    VPC quota limits

    Each node in the cluster consumes one route entry in the VPC route table. A VPC supports 200 route entries by default. If your cluster has more than 200 nodes, submit a quota increase request in the Quota Center console.

    For all VPC limits and quotas, see Limits and Quotas.