When creating a CCSE Kubernetes cluster, you need to specify the VPC, the Pod network CIDR/Pod subnet (address segment), and the Service CIDR (address segment). Therefore, it is recommended to plan your ECS address, Kubernetes Pod address, and Service address in advance. This section introduces the functions of various addresses within the CCSE Kubernetes Cluster in the eSurfing Cloud proprietary network VPC environment, and how to plan these address ranges.

Relationship Between Proprietary Network VPC CIDR Block and Kubernetes CIDR Block

The CIDR block planning of Virtual Private Cloud (VPC) includes the VPC CIDR block itself and subnet CIDR block. Kubernetes CIDR block planning includes the Pod address segment and the Service address segment. CCSE network supports two network modes, Cubecni and Calico.

Cubecni Network Mode

Cubecni Network Mode Diagram

When configurating the network in Cubecni mode, the necessary parameters and considerations for the CIDR block configuration are as follows:

Private Network: When creating a VPC, you are recommended to choose a CIDR block from 10.0.0.0/16~20, 172.16.0.0/16~20, and 192.168.0.0/16~20.

Pod Subnet: Pod addresses are allocated from this subnet, used for Pod network communication. Pod is a concept within Kubernetes, and each Pod has an IP address. The subnet CIDR block specified when creating a subnet in VPC must be a subset of the current VPC CIDR block. When configuring the CIDR block, please note: In Cubecni network mode, the Pod IP allocated to the Pod is obtained from this subnet CIDR block.

This address segment cannot overlap with the Service CIDR block.

Service CIDR: Service address segment. Service is a concept within Kubernetes, corresponding to the address used by Service when its type is ClusterIP. Each Service has its own address. When configuring the CIDR block, please note: Service addresses are only used within the Kubernetes cluster and cannot be used outside the cluster.

This address segment cannot overlap with the Pod subnet address segment.

Calico Network Mode

Calico Network Mode Diagram

When configuring the network in Calico mode, the necessary parameters and considerations for the CIDR block configuration are as follows:

Private Network: When creating a VPC, you are recommended to choose a CIDR block from 10.0.0.0/16~20, 172.16.0.0/16~20, and 192.168.0.0/16~20.

Pod Network CIDR: The Pod address is assigned from this address segment, used for Pod network communication. Pod is a concept within Kubernetes, and each Pod has an IP address. When configuring the CIDR block, please note: This is not a VPC subnet, but a virtual CIDR block.

This address segment cannot overlap with the Service CIDR block.

For example, if the VPC CIDR block is 172.16.0.0/12, the Pod address segment of Kubernetes cannot be 172.16.0.0/16, or172.17.0.0/16, etc., because all these addresses are included in 172.16.0.0/12.

Service addresses are only used within the Kubernetes cluster and cannot be used outside the cluster.

This address segment cannot overlap with the Pod network address segment.

Network planning

To use the Kubernetes cluster supported by CCSE in the eSurfing Cloud environment, first you need to plan your network according to your business scenario and cluster scale. You can plan according to the specifications in the table below (not including scenarios, please adjust according to your actual needs).

VPC Network Planning

Cluster Node Scale	Purpose	VPC Planning	Availability Zone
Less than 100 nodes	General Business	Single VPC	1
Any	Require multiple availability zones	Single VPC	Three and above
Any	Require ultimate reliability and multiple regions	Multiple VPCs	Three and above

Container Network Planning

This section focuses on planning container networks in Cubecni and Calico network scenarios:

Cubecni Configuration Example: Cubecni Pod IPVlan Mode

VPC CIDR Block	Pod CIDR Block	Service CIDR Block	Maximum Number of Allocatable Pod Addresses
192.168.0.0/16	192.168.0.0/20	10.96.0.0/16	4090

Calico Configuration Examples

VPC CIDR Block	Pod CIDR Block	Service CIDR Block	Maximum Number of Allocatable Pod Addresses
192.168.0.0/16	172.16.0.0/16	10.96.0.0/16	65536

How to Choose Address Segments?

l Scenario 1: Single VPC + Single Kubernetes Cluster

This is the simplest case. The VPC address is determined when the VPC is created. When creating a Kubernetes cluster, choose a different Pod and Service address CIDR block from that of the current VPC.

l Scenario 2: Single VPC + Multiple Kubernetes Clusters

Multiple Kubernetes clusters are created under a single VPC.

n The VPC address is determined when the VPC is created. When creating a Kubernetes cluster, the VPC address segment, Service address segment, and Pod address segment within each cluster cannot overlap with each other.

n The Pod address segments between all Kubernetes clusters (in Cubecni mode) cannot overlap, but the Service address segments can overlap.

l Scenario 3: VPC Interconnection

In the case of the interconnection of two VPC networks, VPC interconnection can be achieved through VPC peering.

In this case, the Kubernetes clusters created in VPC A and VPC B have the following restrictions:

n Cannot overlap with the address segment of VPC A

n Cannot overlap with the address segment of VPC B

n Cannot overlap with the address segment of other clusters

n Cannot overlap with the address segment of the Pod

n Cannot overlap with the address segment of the Service

Relationship Between Proprietary Network VPC CIDR Block and Kubernetes CIDR Block

Cubecni Network Mode

Calico Network Mode

Network planning

VPC Network Planning

Container Network Planning

How to Choose Address Segments?

Cloud Container Service Engine (CCSE)