Network Configuration

Pod CIDR (Pod IP Address Range)

The Pod CIDR defines the IP address range used by pods running in your cluster.

What is Pod CIDR?

• Definition: The IP address range assigned to pods in your cluster

• Default: 192.168.0.0/16 (if not specified)

• Format: Must be a valid IPv4 CIDR notation

Important Considerations

• Allowed CIDR Ranges:

  • 10.0.0.0/8 - Class A private network

  • 172.16.0.0/12 - Class B private network (excluding reserved 172.24.0.0/13)

  • 192.168.0.0/16 - Class C private network

• No overlap with Node Subnet: Your Pod CIDR must not overlap with the VPC subnet(s) where your nodes are deployed. Nodes use IPs from the VPC subnet, and these ranges must be separate from Pod and Service CIDRs.

• Subnet Allocation: Each node receives a /24 subnet from your Pod CIDR for its pods.

Capacity planning example:

If you configure Pod CIDR as 192.168.0.0/16:
- Total IP addresses available: 65,536
- Each node gets a /24 subnet: 256 IPs per node
- Maximum nodes you can create: 256 nodes
- Each node can run up to 256 pods (minus system overhead)

Planning formula:

Pod CIDR: X.X.X.X/N
Node Subnet: /24 (fixed)
Maximum Nodes = 2^(24-N)

Examples:
- /16 Pod CIDR = 2^(24-16) = 256 nodes
- /17 Pod CIDR = 2^(24-17) = 128 nodes
- /18 Pod CIDR = 2^(24-18) = 64 nodes
- /20 Pod CIDR = 2^(24-20) = 16 nodes

Best Practices for Pod CIDR

• Small Clusters (< 10 nodes):

  • Use /20 or larger: 192.168.0.0/20 — Provides 16 nodes × 256 pods/node

• Medium Clusters (10-50 nodes):

  • Use /18: 192.168.0.0/18 — Provides 64 nodes × 256 pods/node

• Large Clusters (50-256 nodes):

  • Use /16: 192.168.0.0/16 — Provides 256 nodes × 256 pods/node

• Very Large Clusters (> 256 nodes):

  • Use larger ranges like /15 or /14; plan carefully

Service CIDR (Service IP Address Range)

The Service CIDR defines the IP address range used by Kubernetes Services.

What is Service CIDR?

• Definition: The IP address range assigned to Kubernetes Services (ClusterIP, NodePort, LoadBalancer)

• Default: 10.100.0.0/16 (if not specified)

• Format: Must be a valid IPv4 CIDR notation

Important Considerations

• Allowed CIDR Ranges:

  • 10.0.0.0/8 - Class A private network

  • 172.16.0.0/12 - Class B private network (excluding reserved 172.24.0.0/13)

  • 192.168.0.0/16 - Class C private network

• No overlap with Node Subnet: Your Service CIDR must not overlap with the VPC subnet(s) where your nodes are deployed.

• Usage Pattern:

  • Each Service consumes one IP address

  • IP addresses are assigned sequentially

  • First IP (e.g., 10.100.0.1) is reserved for kubernetes.default service

Capacity planning example:

If you configure Service CIDR as 10.100.0.0/16:
- Total IP addresses available: 65,536
- Maximum Services: ~65,000 (accounting for reserved IPs)

Best Practices for Service CIDR

• Typical Clusters:

  • Use /16: 10.100.0.0/16 — 65,536 service IPs

• Small Deployments:

  • Use /20: 10.100.0.0/20 — 4,096 service IPs

Separation example:

• Good: Pod CIDR: 192.168.0.0/16, Service CIDR: 10.100.0.0/16, Node Subnet: 172.16.1.0/24

• Bad: Overlapping ranges between any of these networks

VPC and Subnet Configuration

Your cluster runs within your VPC (Virtual Private Cloud) infrastructure.

VPC KRN (Required)

• What it is: Reference to your VPC where the cluster will be deployed

• Format: krn:vpc:region:account:user:vpc:vpc-id

• Purpose: Defines the network boundary for your cluster

Subnet KRN (Required)

• What it is: Reference to the subnet(s) where cluster resources will be deployed

• Format: krn:vpc:region:account:user:subnet:subnet-id

• Important: The subnet specified here is used when creating LoadBalancer services

LoadBalancer IP allocation:

When you create a Kubernetes Service of type LoadBalancer:
- The LoadBalancer is created in the subnet you specified in Subnet KRN
- One IP address is allocated from that subnet for the LoadBalancer
- This IP is taken from your subnet's available IP pool

Example:

VPC: 10.0.0.0/16
Subnet for Cluster: 10.0.1.0/24 (254 usable IPs)

If you create 10 LoadBalancer services:
- 10 IPs will be used from the 10.0.1.0/24 subnet
- Remaining IPs: 244 available for LoadBalancers or other resources

Best Practices for VPC/Subnet

• Subnet Size: Ensure your subnet has enough IPs for:

  • Node network interfaces

  • LoadBalancer services

  • Other cloud resources Recommended: Use at least a /24 subnet (256 IPs)

• Dedicated Subnets: Consider using dedicated subnets for:

  • Cluster nodes

  • LoadBalancers

  • Application-specific resources

• IP Planning example:

- Subnet for nodes: 10.0.1.0/24 (256 IPs)
- Subnet for LoadBalancers: 10.0.2.0/24 (256 IPs)
- Reserve IPs for future growth