networking in azure kubernetes services

0
votes

Here in Azure AKS networking using kubenet it is mentioned that IP address range for --dns-cidr, --service-cide and --docker-brige-ip range should be an address space that isn't in use elsewhere in your network environment. I have also created Vnet and this AKS should be in that vnet.

  1. Does this mean, for DNS, Service and Docker bridge, IP address range should be different then VNet IP range?
  2. Pod CIDR, can we have it different then VNet range? As I am using Kubenet pod IP will not be from Vnet subnet.
1
azureazure-virtual-networkazure-aks

1 Answers

1
votes
  1. yes, they should not overlap.
  2. this is virtual pod ip address space, not the one they will get from your vnet (if you would be using Azure CNI). these would be the internal only kubernetes ip addresses. With kubenet they would get routed to the appropriate nodes with UDR and then the node would forward traffic to the appropriate pod.