This page describes best practices for allocating network addresses to Kubernetes Pods and Services running on your Google Distributed Cloud connected installation.
For Cloud control plane clusters, Distributed Cloud Pod and
Distributed Cloud Service address blocks must not overlap
with the reserved CIDR blocks for the
corresponding region. For example, you must not assign the 10.128.0.0/20 CIDR
block in the us-central1 region.
When creating a Distributed Cloud connected cluster, you can specify an IPv4 CIDR block for your Distributed Cloud Pods and Distributed Cloud Services. For IPv4, use the RFC 1918 address range.
Each Distributed Cloud connected cluster accepts a single contiguous Distributed Cloud Pod CIDR block and a single contiguous Distributed Cloud Service CIDR block. The Distributed Cloud Service CIDR block covers only ClusterIP Services running within the target Distributed Cloud connected cluster. For external-facing Distributed Cloud Services, see Load balancing.
You must ensure the following:
- The Distributed Cloud Pod CIDR block and the Distributed Cloud Service CIDR block must not conflict with each other or with any other CIDR blocks on your local network.
- The Distributed Cloud connected node CIDR block must not conflict with the Distributed Cloud connected management CIDR blocks.
- Distributed Cloud load balancer virtual IP pools must not conflict across Distributed Cloud connected clusters.
- If you are connecting to a Virtual Private Cloud (VPC) network by using Cloud VPN, the Pod and Service CIDR blocks must not conflict with any CIDR blocks on your VPC network.
- To prevent indeterministic behavior, the CIDR blocks for Distributed Cloud connected clusters, your private network, and VPC subnetworks used for Distributed Cloud connectivity must not overlap.
Distributed Cloud connected automatically allocates portions of the
specified Distributed Cloud Pod CIDR block as fixed-size Pod
sub-CIDR blocks for each node in the zone based on the node's configured maximum
Pod count. By default, Distributed Cloud sets the maximum
Pod count per node to 128, which results in the allocation
of a /24 CIDR block per node. You can change this count by using the
default-max-pods-per-node flag. Distributed Cloud connected
automatically scales the Pod CIDR size based on the value that you specify.
The following table lists the Pods-per-node counts and their corresponding CIDR sizes:
| Maximum Pods per node | IPv4 Pod CIDR block size |
|---|---|
| 32 | /26 |
| 33-64 | /25 |
| 65-128 | /24 |
| 129-256 | /23 |
After you create the Distributed Cloud connected cluster, you cannot modify the CIDR block and Pods-per-node values described in this section. You must delete and re-create the cluster with the new values.
Address allocation for multi-rack deployments
For multi-rack deployments of Distributed Cloud connected where a base rack aggregates the resources of one or more standalone racks into a single zone, you must allocate a /25 CIDR block. This ensures address availability up to the maximum supported number of nodes.