question

HariNarayanan-1190 avatar image
0 Votes"
HariNarayanan-1190 asked ShettyDhanashreeAnant-8880 answered

Azure CNI Service CIDR and Docker Bridge CIDR

We are in the process of setting AKS for our Teams and we decided to go with CNI . I clearly understand the Range specification around POD CIDR , I have the below Question around Service CIDR and Docker Bridge CIDR . Would be great to get some ones expert opinion .

  1. Documentation says the Service CIDR and Docker Bridge CIDR should not be from the VNET or any Address spaces of any of the existing VNET architecture and we can reuse the Service CIDR and Docker Bridge CIDR across various multiple AKS clusters we create . Will there be any impact if I use the Same Service CIDR and Docker CIDR across different multiple AKS clusters iam going to create ? What if the multiple clusters are inside the same VNET or what if the VNET's that those AKS clusters will be placed are peered ? Will using the same service CIDR have impact on any of the above scenarios .

  2. Also What is the recommended address space for Service CIDR and Docker Bridge CIDR ?


Would be great if some one can help me clear these doubts , cuz i beleive setting this up perfectly will avoid any problems in the future and recreation of clusters will be a huge pain .

Thanks in advance .





azure-kubernetes-service
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HariNarayanan-1190 Any update on the issue?

If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

Thanks.



1 Vote 1 ·

Thanks for the help

0 Votes 0 ·
prmanhas-MSFT avatar image
2 Votes"
prmanhas-MSFT answered vivekvivu-1656 commented

@HariNarayanan-1190 Thank you for your query!!!

Answer for your queries is as below:



Will there be any impact if I use the Same Service CIDR and Docker CIDR across different multiple AKS clusters iam going to create ? What if the multiple clusters are inside the same VNET or what if the VNET's that those AKS clusters will be placed are peered ? Will using the same service CIDR have impact on any of the above scenarios


We don’t use the docker bridge for pod communication, but as Docker is configured as part of the Kubernetes setup, this docker bridge it also gets created as well, so in order to avoid that it picks random unknown CIDR that could collide with any of your existent subnets, we give the option to change it and set it a known range. So the indication for docker bridge is to define any CIDR that doesn’t to Azure, and doesn’t collide with any other subnet. The Docker bridge network address represents the default docker0 bridge network address present in all Docker installations. While docker0 bridge is not used by AKS clusters or the pods themselves, you must set this address to continue to support scenarios such as docker build within the AKS cluster. It is required to select a CIDR for the Docker bridge network address because otherwise Docker will pick a subnet automatically which could conflict with other CIDRs. You must pick an address space that does not collide with the rest of the CIDRs on your networks, including the cluster's service CIDR and pod CIDR. You can reuse this range across different AKS clusters.

Any service of the clusterIP the type that you create from Kubernetes will get an IP from this CIDR, but this IP is only available in the cluster.

More information here.


Also What is the recommended address space for Service CIDR and Docker Bridge CIDR ?

This range should not be used by any network element on or connected to this virtual network. Service address CIDR must be smaller than /12. You can reuse this range across different AKS clusters.

The above article consist of this information as well.

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on same topic :)









· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@prmanhas-MSFT if simply says, We can give any dummy range to service CIDR as it doesnt have any reference to any kind of conenction ? only care to give here dont conflict with the Vnet where the Cluster reside or subnet ? .. please correct if I am wrong?

I Have different query here, Sice you mentioned as same service CIDR and Docker CIDR can be reused across multiple AKS cluster, my query is about the below scenario where We are setting up a Disaster recovery instance in the secondary region, where can we reuse the same range of service and docker cidr?

More over just to confirm, We can give any dummy range to service CIDR as it doesnt have any reference to any kind of conenction ?


0 Votes 0 ·
GiessenPietervander-6764 avatar image
0 Votes"
GiessenPietervander-6764 answered

What is the minimum size for this Docker Bridge CIDR? If it's not used, could we take a CIDR of e.g. /32 or /31?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShettyDhanashreeAnant-8880 avatar image
0 Votes"
ShettyDhanashreeAnant-8880 answered

@prmanhas-MSFT :

Just looking for same information Hari and Giessen is looking for.
1)We can give any dummy range to service CIDR as it doesn't have any reference to any kind of conenction ?

2) what can be minimum CIDR assigned to it

3) could we take a CIDR of e.g. /32 or /31 for Docker Bridge CIDR

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.