Flannel
Simple, lightweight overlay network for Kubernetes — the "it just works" CNI.
Overview
Flannel is the simplest CNI plugin for Kubernetes, providing basic L3 networking via VXLAN overlay. It is designed to be easy to install and configure with minimal operational overhead. Flannel is the default CNI in K3s and is widely used in development, testing, and small production clusters. It does not implement network policies — you must pair it with Calico or another policy engine for that.
Key Facts
| Attribute |
Detail |
| Repository |
github.com/flannel-io/flannel |
| Stars |
~9k+ ⭐ |
| Latest Version |
v0.28.2 (March 2026) |
| Language |
Go |
| License |
Apache 2.0 |
| Governance |
Community (flannel-io) |
Evaluation
| Pros |
Cons |
| Simplest CNI to install and operate |
No network policy support |
| Default in K3s |
VXLAN overlay adds latency |
| WireGuard backend for encryption |
No L7 visibility |
| Minimal resource footprint |
No service mesh integration |
| Extremely stable and battle-tested |
No observability features |
| host-gw mode for bare-metal speed |
Not recommended for large production |
Architecture
flowchart TB
subgraph Node1["Node 1"]
Pod1["Pod A\n10.244.0.2"]
Flannel1["flanneld\n(DaemonSet)"]
VTEP1["VXLAN VTEP\n(flannel.1)"]
end
subgraph Node2["Node 2"]
Pod2["Pod B\n10.244.1.2"]
Flannel2["flanneld"]
VTEP2["VXLAN VTEP\n(flannel.1)"]
end
ETCD_F["etcd / K8s API\n(subnet lease store)"]
Pod1 -->|"encapsulated\nin VXLAN"| VTEP1
VTEP1 -->|"UDP 8472"| VTEP2
VTEP2 --> Pod2
Flannel1 -->|"lease"| ETCD_F
Flannel2 -->|"lease"| ETCD_F
style Node1 fill:#2e7d32,color:#fff
style Node2 fill:#2e7d32,color:#fff
Backends
| Backend |
Performance |
Requirement |
Encryption |
| VXLAN |
Good (encapsulation overhead) |
Any network |
No |
| host-gw |
Best (direct routing) |
Same L2 network |
No |
| WireGuard |
Good |
Kernel WireGuard module |
Yes |
| UDP |
Worst (userspace) |
Fallback only |
No |
Sources