Kubernetes CIDR

Background

• Sealos 安装的 k8s 的 CIDR 是 100.64.xxx.xxx，会导致 keycloak 异常（什么异常?）
• SonyFlake 的 isPrivateIPv4 没有判断 100.xxx。 100.64.0.0/10 是 RFC 6598 定义的“共享地址”，不是 RFC1918 私有地址。

Basic Concepts

• CIDR (Classless Inter-Domain Routing): A method for representing IP address ranges, e.g., 10.244.0.0/16
• CNI (Container Network Interface): Standard for container network plugins
• IPPool: Resource provided by CNI plugins (like Calico) to manage IP address allocation strategies

Relationship

• Kubernetes Handles Network Planning

  • kube-controller-manager assigns PodCIDR to each node (typically /24)
  • Sets the entire cluster Pod network range via --cluster-cidr

• Calico Handles Actual IP Allocation and Network Implementation

  • Uses IPPool to define allocatable IP ranges (matching cluster CIDR)
  • Divides smaller IP blocks within nodes via blockSize (e.g., /26)
  • Manages IP allocation, routing, encapsulation methods, NAT, and other network functions

Configuration Viewing Methods

View Cluster CIDR

kubectl get nodes -o custom-columns="NODE:.metadata.name,CIDR:.spec.podCIDR"

View Calico IPPool Configuration

kubectl get ippools.crd.projectcalico.org -o yaml

View kube-controller-manager Configuration

cat /etc/kubernetes/manifests/kube-controller-manager.yaml

Actual IP Allocation Mechanism

• Kubernetes divides large network segments (e.g., /16) into per-node subnets (e.g., /24)
• Calico further divides node subnets into smaller blocks (e.g., /26)
• Pods receive actual IPs from these smaller blocks, not directly from the entire /24

In summary, Kubernetes provides the network planning framework, while Calico handles the specific implementation of network connectivity and IP allocation.