AKS clusters using Azure CNI should use large subnets#
Reliability · Azure Kubernetes Service · Rule · 2021_09 · Important
AKS clusters using Azure CNI should use large subnets to reduce IP exhaustion issues.
Description#
In addition to kubenet, AKS clusters support Azure Container Networking Interface (CNI). This enables every pod to be accessed directly from the subnet via an IP address. Each node supports a maximum number of pods, which are reserved as IP addresses. This approach requires more capacity planning ahead of time, and can result in IP address exhaustion or the need to rebuild AKS clusters into larger subnets as application workloads begin to grow.
Recommendation#
Consider allocating a larger subnet (/23
or bigger) to your AKS cluster.
Notes#
This rule applies when analyzing resources deployed to Azure using Export in-flight resource data.
Rule configuration#
AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE
This rule fails when the CNI subnet size is smaller than /23
.
Configure AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE
to set the minimum AKS CNI cluster subnet size.
# YAML: The default AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE configuration option
configuration:
AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE: 23
Links#
- Plan for growth
- Configure Azure CNI networking in Azure Kubernetes Service (AKS)
- Use kubenet networking with your own IP address ranges in Azure Kubernetes Service (AKS)
- Tutorial: Configure Azure CNI networking in Azure Kubernetes Service (AKS) using Ansible