IBM Cloud Kubernetes Service has recently released new functionality to help prevent subnet overlap in VPC Generation 2 compute.

When you create a community Kubernetes cluster, you can use custom subnets for the pod and service IP ranges in your cluster. This custom subnet’s integration is now enhanced to prevent the pod subnet and existing subnets for worker nodes from overlapping in your VPC Generation 2 infrastructure.

What are the benefits of this functionality? 

VPC environments can encompass more than just Kubernetes clusters. For example, you might have VMs that are allocated on existing subnets in a VPC. When you create a cluster in that same VPC, this functionality ensures that the subnets for your worker nodes do not overlap with those existing subnets and that your pods can properly contact resources on those existing subnets.

This will also allow certain performance improvements to IBM Cloud Kubernetes Service subnet routing in the future.

Default pod and service subnets

When you provision a new VPC Gen 2 cluster and use the default pod and service subnets, logic is in place to automatically allocate a non-overlapping subnet to be used for pod IP addresses.

For example, in the first cluster that you create in a Gen 2 VPC (unless there are existing worker subnets already allocated), these are the new default pod and service subnets:

• Pod subnet: 172.17.0.0/18
• Service subnet: 172.21.0.0/16

When you create a second cluster in that VPC, these are the default pod and service subnets:

• Pod subnet: 172.17.64.0/18
• Service subnet: 172.21.0.0/16

Note that in the second cluster, the pod subnet that is allocated is the next available non-overlapping /18 subnet. The service subnet range remains the same.

Custom pod and service subnets

When you provision a new VPC Gen 2 cluster and bring your own pod and service subnets, the same non-overlapping subnet logic is in place to detect and prevent subnets from overlapping between clusters in your Gen 2 VPC.

If you plan to have a cluster with a lot of pods, you should consider having a custom pod subnet that is /16 or /17 to make sure that the cluster does not run out of pod IPs.

While the IBM Cloud Kubernetes Service will try to mitigate subnet overlaps, you still have to make sure when creating additional subnets in your VPC that it doesn’t overlap existing IBM Cloud Kubernetes Service pod or service subnets in that VPC.

More documentation

Please visit our official documentation for more information about VPC subnets.

Contact us

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.