Calico IPs Confusion
Asked Answered
C

1

7

I am bit confused about Calico IPs :

If I add calico to kubernetes cluster using

kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml

The CALICO_IPV4POOL_CIDR is 192.168.0.0/16 So IP Range is 192.168.0.0 to 192.168.255.255

Now I have initiated the cluster using :

kubeadm init --pod-network-cidr=20.96.0.0/12 --apiserver-advertise-address=192.168.56.30

So, now pods will have IP address (using pod network CIDR) will be between: 20.96.0.0 to 20.111.255.255

What are these two different IPs. My Pods are getting IP addresses 20.96.205.192 and so on.

Cacophony answered 1/6, 2020 at 19:14 Comment(0)
V
7
  • The CALICO_IPV4POOL_CIDR is #commented by default, look at these lines in calico.yaml:
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
# - name: CALICO_IPV4POOL_CIDR
#   value: "192.168.0.0/16"

For all effects, unless manually modified before deployment, those lines are not considered during deployment.

  • Another important line in the yaml itself is:

# Pod CIDR auto-detection on kubeadm needs access to config maps.

This confirms that the CIDR is obtained from the cluster, not from calico.yaml.


What are these two different IPs? My Pods are getting IP addresses 20.96.205.192 and so on.

  • Kubeadm supports many Pod network add-ons, Calico is one of those. Calico on the other hand is supported by many kinds of deployment, kubeadm is just one of those.

  • Kubeadm --pod-network-cidr in your deployment is the correct way to define the pod network CIDR, this is why the range 20.96.0.0/12 is effectively used.

  • CALICO_IPV4POOL_CIDR is required for other kinds of deployment that does not specify the CIDR pool reservation for pod networks.


Note:

  • The range 20.96.0.0/12 is not a Private Network range, and it can cause problems if a client with a Public IP from that range tries to access your service.
  • The classless reserved IP ranges for Private Networks are:
    • 10.0.0.0/8 (16.777.216 addresses)
    • 172.16.0.0/12 (1.048.576 addresses)
    • 192.168.0.0/16 (65.536 addresses)
  • You can use any subnet size inside these ranges for your POD CIDR Network, just make sure it doesn't overlaps with any subnet in your network.

Additional References:

Valentinavalentine answered 2/6, 2020 at 15:3 Comment(2)
Is the TL;DR, Calico uses --pod-network-cidr by default?Rhinoceros
that's why it's a black hole if not a private range, client packets go in, but they can't go out. it is rumored my org routes some of the private ranges but I don't want to disturb the network people right now lol, that's the reality in the wild.Weaverbird

© 2022 - 2024 — McMap. All rights reserved.