AKS Cluster CNI Service & Docker Bridge Address Ranges

Nir Hazan 25 Reputation points


After Reading 'Plan IP Addressing for Your Cluster' multiple times, it's not clear whether the Kubernetes Service Address Range & Docker Bridge Address Range are both internal ranges are used for K8s internal communications.

If so, Can I configure these ranges with Dummy address ranges?:

  1. Not part of AKS Cluster vNET (which is the recommendation by Microsoft)
  2. Not part of our On-Prem & Azure networks meaning they're unreachable to and from our infrastructure.

Is that correct?

Thank you.

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,311 questions
{count} votes

Accepted answer
  1. shiva patpi 10,246 Reputation points Microsoft Employee

    Hello @Nir Hazan,

    your understanding is correct, you can configure those address with Dummy address ranges and those are used for internal k8s communications !

    You might already know when you create the AKS cluster by default it will use Service CIDR as & Docker CIDR as . Those CIDRs can be overridden with any of the dummy addresses. I just tested by using Service CIDR : Docker CIDR : . Basically , the services (cluster ip) which gets created will be based upon the Service CIDR address.

    When you are creating AKS cluster by explicitly mentioning those CIDR addresses , kindly make sure to mention DNS service IP also.

    Sample command used for my testing:

    az aks create --resource-group myResourceGroup --name myAKSCluster --service-cidr --docker-bridge-address --dns-service-ip

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful