You can now provide pods with IP addresses from a VCN's CIDR block using the OCI VCN-Native Pod Networking CNI plugin. The OCI VCN-Native Pod Networking CNI plugin enables other resources within the same subnet (or a different subnet) to communicate directly with pods in a Kubernetes cluster. Pod IP addresses are directly routable from within the VCN, from other VCNs connected (peered) to that VCN, from on-premise networks, and from the internet.

Since pods are directly routable, you can use 'native' VCN functionality to:

• Control access to and from pods using security rules defined as part of network security groups or security lists. The security rules apply to all pods in all the worker nodes connected to the pod subnet specified for a node pool.
• Observe the traffic to, from, and between pods using VCN flow logs for troubleshooting and compliance auditing purposes.
• Route incoming requests to pods based on routing policies specified by routing rules and route tables.

For more information, see Using the OCI VCN-Native Pod Networking CNI plugin for pod networking.