When creating a CCSE Kubernetes cluster, you need to specify the VPC, the Pod network CIDR/Pod subnet (address segment), and the Service CIDR (address segment). Therefore, it is recommended to plan your ECS address, Kubernetes Pod address, and Service address in advance. This section introduces the functions of various addresses within the CCSE Kubernetes Cluster in the eSurfing Cloud proprietary network VPC environment, and how to plan these address ranges.
Relationship Between Proprietary Network VPC CIDR Block and Kubernetes CIDR Block
The CIDR block planning of Virtual Private Cloud (VPC) includes the VPC CIDR block itself and subnet CIDR block. Kubernetes CIDR block planning includes the Pod address segment and the Service address segment. CCSE network supports two network modes, Cubecni and Calico.
Cubecni Network Mode
Cubecni Network Mode Diagram
When configurating the network in Cubecni mode, the necessary parameters and considerations for the CIDR block configuration are as follows:
Private Network: When creating a VPC, you are recommended to choose a CIDR block from 10.0.0.0/16~20, 172.16.0.0/16~20, and 192.168.0.0/16~20.
Pod Subnet: Pod addresses are allocated from this subnet, used for Pod network communication. Pod is a concept within Kubernetes, and each Pod has an IP address. The subnet CIDR block specified when creating a subnet in VPC must be a subset of the current VPC CIDR block. When configuring the CIDR block, please note: In Cubecni network mode, the Pod IP allocated to the Pod is obtained from this subnet CIDR block.
This address segment cannot overlap with the Service CIDR block.
Service CIDR: Service address segment. Service is a concept within Kubernetes, corresponding to the address used by Service when its type is ClusterIP. Each Service has its own address. When configuring the CIDR block, please note: Service addresses are only used within the Kubernetes cluster and cannot be used outside the cluster.
This address segment cannot overlap with the Pod subnet address segment.
Calico Network Mode
Calico Network Mode Diagram
When configuring the network in Calico mode, the necessary parameters and considerations for the CIDR block configuration are as follows:
Private Network: When creating a VPC, you are recommended to choose a CIDR block from 10.0.0.0/16~20, 172.16.0.0/16~20, and 192.168.0.0/16~20.
Pod Network CIDR: The Pod address is assigned from this address segment, used for Pod network communication. Pod is a concept within Kubernetes, and each Pod has an IP address. When configuring the CIDR block, please note: This is not a VPC subnet, but a virtual CIDR block.
This address segment cannot overlap with the Service CIDR block.
For example, if the VPC CIDR block is 172.16.0.0/12, the Pod address segment of Kubernetes cannot be 172.16.0.0/16, or172.17.0.0/16, etc., because all these addresses are included in 172.16.0.0/12.
Service CIDR: Service address segment. Service is a concept within Kubernetes, corresponding to the address used by Service when its type is ClusterIP. Each Service has its own address. When configuring the CIDR block, please note:
Service addresses are only used within the Kubernetes cluster and cannot be used outside the cluster.
This address segment cannot overlap with the Pod network address segment.
Network planning
To use the Kubernetes cluster supported by CCSE in the eSurfing Cloud environment, first you need to plan your network according to your business scenario and cluster scale. You can plan according to the specifications in the table below (not including scenarios, please adjust according to your actual needs).
VPC Network Planning
Cluster Node Scale | Purpose | VPC Planning | Availability Zone |
Less than 100 nodes | General Business | Single VPC | 1 |
Any | Require multiple availability zones | Single VPC | Three and above |
Any | Require ultimate reliability and multiple regions | Multiple VPCs | Three and above |
Container Network Planning
This section focuses on planning container networks in Cubecni and Calico network scenarios:
Cubecni Configuration Example: Cubecni Pod IPVlan Mode
VPC CIDR Block | Pod CIDR Block | Service CIDR Block | Maximum Number of Allocatable Pod Addresses |
192.168.0.0/16 | 192.168.0.0/20 | 10.96.0.0/16 | 4090 |
Calico Configuration Examples
VPC CIDR Block | Pod CIDR Block | Service CIDR Block | Maximum Number of Allocatable Pod Addresses |
192.168.0.0/16 | 172.16.0.0/16 | 10.96.0.0/16 | 65536 |
How to Choose Address Segments?
l Scenario 1: Single VPC + Single Kubernetes Cluster
This is the simplest case. The VPC address is determined when the VPC is created. When creating a Kubernetes cluster, choose a different Pod and Service address CIDR block from that of the current VPC.
l Scenario 2: Single VPC + Multiple Kubernetes Clusters
Multiple Kubernetes clusters are created under a single VPC.
n The VPC address is determined when the VPC is created. When creating a Kubernetes cluster, the VPC address segment, Service address segment, and Pod address segment within each cluster cannot overlap with each other.
n The Pod address segments between all Kubernetes clusters (in Cubecni mode) cannot overlap, but the Service address segments can overlap.
l Scenario 3: VPC Interconnection
In the case of the interconnection of two VPC networks, VPC interconnection can be achieved through VPC peering.
In this case, the Kubernetes clusters created in VPC A and VPC B have the following restrictions:
n Cannot overlap with the address segment of VPC A
n Cannot overlap with the address segment of VPC B
n Cannot overlap with the address segment of other clusters
n Cannot overlap with the address segment of the Pod
n Cannot overlap with the address segment of the Service