Skip to main content

Antrea

Antrea is an open-source Kubernetes Container Network Interface (CNI) (container networking) plugin that implements Kubernetes networking and network security using Open Virtual Switch (vSwitch) (OVS) and is hosted as a project under the Cloud Native Computing Foundation (CNCF).

  • Kubernetes CNI plugin for pod connectivity and IP address management (container networking).
  • Implements Kubernetes NetworkPolicy with additional policy extensions for traffic control (network security).
  • Uses Open vSwitch as the data plane for encapsulation, routing, and packet processing (software-defined networking).
  • Supports features such as traffic observability, flow tracing, and network flow export (network observability).
  • Integrates with cloud-native platforms and multi-cluster environments for centralized policy and networking control (cloud-native networking).

More About Antrea

Antrea is an open-source Kubernetes networking project that provides a CNI implementation built on top of Open vSwitch (OVS) to deliver pod networking and network security for Kubernetes clusters (container networking, network security). It operates at the data plane level to handle pod-to-pod, pod-to-node, and pod-to-external traffic, while integrating with the Kubernetes Control Plane (KCP) for configuration and policy enforcement.

The project addresses the problem space of configuring and enforcing network connectivity and security policies inside Kubernetes clusters, which require consistent behavior across nodes and environments (cluster networking). Antrea implements the core Kubernetes NetworkPolicy Application Programming Interface (API) and extends it with additional policy capabilities such as advanced rule matching, egress controls, and cluster-level policy constructs (network security). By relying on Open vSwitch (OVS), Antrea can support encapsulation modes, routing, and packet classification in software, which enables flexible topologies and compatibility with various infrastructures.

Key capabilities of Antrea include pod networking setup via a CNI plugin, IP address management, support for multiple encapsulation and routing modes, and enforcement of Kubernetes NetworkPolicies and Antrea-native policies (container networking, network security). The Antrea Agent runs on each Kubernetes node to manage OVS configuration and to program flows for traffic forwarding. A central Antrea Controller component interacts with the Kubernetes API server to watch resources such as NetworkPolicy and to distribute policy and networking state to the agents (control plane integration).

For observability, Antrea provides tools for network flow export, packet tracing, and traffic statistics, which can integrate with external monitoring and analytics systems (network observability). These capabilities enable operators to inspect flows, troubleshoot connectivity issues, and analyze traffic patterns at the cluster level. Antrea also offers features for support of network diagnostics and visibility into OVS flows and policies.

In enterprise environments, Antrea is used to provide Kubernetes cluster networking in on-premises (on-prem), cloud, and hybrid deployments, leveraging OVS as a uniform data plane across different infrastructures (cloud-native networking). It can participate in multi-cluster or multi-tenant designs where centralized or namespace-scoped policies govern traffic segmentation and access control (multi-cluster networking, multi-tenancy). As a CNCF-hosted project, Antrea aligns with cloud-native architectures and interoperates with the Kubernetes ecosystem through standard APIs and CNI interfaces.

From a directory and taxonomy perspective, Antrea fits into categories such as Kubernetes CNI plugin, Software Defined Networking (SDN) for containers, and Kubernetes network security and observability. It is relevant for platform engineering, DevOps, and network engineering teams that require a programmable, OVS-based data plane for enforcing Kubernetes NetworkPolicy and for collecting network telemetry inside Kubernetes clusters.