Distributed Cloud connected Pod and Service network address allocation
Stay organized with collections
Save and categorize content based on your preferences.
This page describes best practices for allocating network addresses to
Kubernetes Pods and Services running on your Google Distributed Cloud connected
installation.
For Cloud control plane clusters, Distributed Cloud Pod and
Distributed Cloud Service address blocks must not overlap
with the reserved CIDR blocks for the
corresponding region. For example, you must not assign the 10.128.0.0/20 CIDR
block in the us-central1 region.
When creating a Distributed Cloud connected cluster, you can specify
an IPv4 CIDR block for your Distributed Cloud Pods and Distributed Cloud Services. For IPv4, use the RFC 1918
address range.
Each Distributed Cloud connected cluster accepts a single contiguous
Distributed Cloud Pod CIDR block and a single contiguous
Distributed Cloud Service CIDR block. The
Distributed Cloud Service CIDR block covers only ClusterIP
Services running within the target Distributed Cloud connected cluster.
For external-facing Distributed Cloud Services, see
Load balancing.
You must ensure the following:
The Distributed Cloud Pod CIDR block and the
Distributed Cloud Service CIDR block must not
conflict with each other or with any other CIDR blocks on your local network.
The Distributed Cloud connected node CIDR block must not conflict
with the Distributed Cloud connected management CIDR blocks.
Distributed Cloud load balancer virtual IP pools must not
conflict across Distributed Cloud connected clusters.
If you are connecting to a Virtual Private Cloud (VPC) network by using
Cloud VPN, the Pod and Service CIDR blocks must not conflict with any CIDR
blocks on your VPC network.
To prevent indeterministic behavior, the CIDR blocks for
Distributed Cloud connected clusters, your private network,
and VPC subnetworks used for
Distributed Cloud connectivity must not overlap.
Distributed Cloud connected automatically allocates portions of the
specified Distributed Cloud Pod CIDR block as fixed-size Pod
sub-CIDR blocks for each node in the zone based on the node's configured maximum
Pod count. By default, Distributed Cloud sets the maximum
Pod count per node to 128, which results in the allocation
of a /24 CIDR block per node. You can change this count by using the
default-max-pods-per-node flag. Distributed Cloud connected
automatically scales the Pod CIDR size based on the value that you specify.
The following table lists the Pods-per-node counts and their corresponding CIDR
sizes:
Maximum Pods per node
IPv4 Pod CIDR block size
32
/26
33-64
/25
65-128
/24
129-256
/23
After you create the Distributed Cloud connected cluster, you cannot
modify the CIDR block and Pods-per-node values described in this section. You
must delete and re-create the cluster with the new values.
Address allocation for multi-rack deployments
For multi-rack deployments of Distributed Cloud connected where a base rack
aggregates the resources of one or more standalone racks into a single zone, you must
allocate a /25 CIDR block. This ensures address availability up to the maximum supported
number of nodes.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eDistributed Cloud Pod and Service address blocks must not overlap with reserved CIDR blocks for the corresponding region in Cloud control plane clusters.\u003c/p\u003e\n"],["\u003cp\u003eWhen creating a cluster, you can specify an IPv4 CIDR block for Distributed Cloud Pods and Services, using the RFC 1918 address range.\u003c/p\u003e\n"],["\u003cp\u003eThe Distributed Cloud Pod CIDR block and the Distributed Cloud Service CIDR block must not conflict with each other or with any other CIDR blocks on your local or connected networks.\u003c/p\u003e\n"],["\u003cp\u003eDistributed Cloud automatically allocates fixed-size Pod sub-CIDR blocks for each node, with the size determined by the node's configured maximum Pod count, which defaults to 128 and results in a \u003ccode\u003e/24\u003c/code\u003e CIDR block per node.\u003c/p\u003e\n"],["\u003cp\u003eFor multi-rack deployments, you must allocate a \u003ccode\u003e/25\u003c/code\u003e CIDR block to ensure sufficient address availability for the maximum number of supported nodes.\u003c/p\u003e\n"]]],[],null,["# Distributed Cloud connected Pod and Service network address allocation\n\nThis page describes best practices for allocating network addresses to\nKubernetes Pods and Services running on your Google Distributed Cloud connected\ninstallation.\n\nFor Cloud control plane clusters, Distributed Cloud Pod and\nDistributed Cloud Service address blocks must not overlap\nwith the [reserved CIDR blocks](/vpc/docs/subnets#ip-ranges) for the\ncorresponding region. For example, you must not assign the `10.128.0.0/20` CIDR\nblock in the `us-central1` region.\n\nWhen creating a Distributed Cloud connected cluster, you can specify\nan IPv4 CIDR block for your Distributed Cloud Pods and Distributed Cloud Services. For IPv4, use the RFC 1918\naddress range.\n\nEach Distributed Cloud connected cluster accepts a single contiguous\nDistributed Cloud Pod CIDR block and a single contiguous\nDistributed Cloud Service CIDR block. The\nDistributed Cloud Service CIDR block covers only ClusterIP\nServices running within the target Distributed Cloud connected cluster.\nFor external-facing Distributed Cloud Services, see\n[Load balancing](/distributed-cloud/edge/1.6.1/docs/networking#load-balancing).\n\nYou must ensure the following:\n\n- The Distributed Cloud Pod CIDR block and the Distributed Cloud Service CIDR block must not conflict with each other or with any other CIDR blocks on your local network.\n- The Distributed Cloud connected node CIDR block must not conflict with the Distributed Cloud connected management CIDR blocks.\n- Distributed Cloud load balancer virtual IP pools must not conflict across Distributed Cloud connected clusters.\n- If you are connecting to a Virtual Private Cloud (VPC) network by using Cloud VPN, the Pod and Service CIDR blocks must not conflict with any CIDR blocks on your VPC network.\n- To prevent indeterministic behavior, the CIDR blocks for Distributed Cloud connected clusters, your private network, and VPC subnetworks used for Distributed Cloud connectivity must not overlap.\n\nDistributed Cloud connected automatically allocates portions of the\nspecified Distributed Cloud Pod CIDR block as fixed-size Pod\nsub-CIDR blocks for each node in the zone based on the node's configured maximum\nPod count. By default, Distributed Cloud sets the maximum\nPod count per node to 128, which results in the allocation\nof a `/24` CIDR block per node. You can change this count by using the\n`default-max-pods-per-node` flag. Distributed Cloud connected\nautomatically scales the Pod CIDR size based on the value that you specify.\n\nThe following table lists the Pods-per-node counts and their corresponding CIDR\nsizes:\n\nAfter you create the Distributed Cloud connected cluster, you cannot\nmodify the CIDR block and Pods-per-node values described in this section. You\nmust delete and re-create the cluster with the new values.\n\n### Address allocation for multi-rack deployments\n\nFor multi-rack deployments of Distributed Cloud connected where a base rack\naggregates the resources of one or more standalone racks into a single zone, you must\nallocate a /25 CIDR block. This ensures address availability up to the maximum supported\nnumber of nodes.\n\nWhat's next\n-----------\n\n- [Configure Network Function operator resources](/distributed-cloud/edge/1.6.1/docs/network-function)"]]
