AKS Cluster CNI Service & Docker Bridge Address Ranges

Nir Hazan 25 Reputation points
2023-03-08T16:45:46.7566667+00:00

Hi,

After Reading 'Plan IP Addressing for Your Cluster' multiple times, it's not clear whether the Kubernetes Service Address Range & Docker Bridge Address Range are both internal ranges are used for K8s internal communications.

If so, Can I configure these ranges with Dummy address ranges?:

  1. Not part of AKS Cluster vNET (which is the recommendation by Microsoft)
  2. Not part of our On-Prem & Azure networks meaning they're unreachable to and from our infrastructure.

Is that correct?

Thank you.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,855 questions
Accepted answer
  1. shiva patpi 13,141 Reputation points Microsoft Employee
    2023-03-08T20:29:24.5533333+00:00

    Hello @Nir Hazan,

    your understanding is correct, you can configure those address with Dummy address ranges and those are used for internal k8s communications !

    You might already know when you create the AKS cluster by default it will use Service CIDR as 10.0.0.10 & Docker CIDR as 172.17.0.1/16 . Those CIDRs can be overridden with any of the dummy addresses. I just tested by using Service CIDR : 100.0.0.10 Docker CIDR : 200.0.0.10 . Basically , the services (cluster ip) which gets created will be based upon the Service CIDR address.

    When you are creating AKS cluster by explicitly mentioning those CIDR addresses , kindly make sure to mention DNS service IP also.

    Sample command used for my testing:

    az aks create --resource-group myResourceGroup --name myAKSCluster --service-cidr 100.0.0.0/16 --docker-bridge-address 200.0.0.0/16 --dns-service-ip 100.0.0.10

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest