AKS clusters using Azure CNI should use large subnets

Reliability · Azure Kubernetes Service · Rule · 2021_09 · Important

AKS clusters using Azure CNI should use large subnets to reduce IP exhaustion issues.

Description

In addition to kubenet, AKS clusters support Azure Container Networking Interface (CNI). This enables every pod to be accessed directly from the subnet via an IP address. Each node supports a maximum number of pods, which are reserved as IP addresses. This approach requires more capacity planning ahead of time, and can result in IP address exhaustion or the need to rebuild AKS clusters into larger subnets as application workloads begin to grow.

Recommendation

Consider allocating a larger subnet (/23 or bigger) to your AKS cluster.

Notes

This rule applies when analyzing resources deployed to Azure using Export in-flight resource data.

Rule configuration

AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE

This rule fails when the CNI subnet size is smaller than /23.

Configure AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE to set the minimum AKS CNI cluster subnet size.

# YAML: The default AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE configuration option
configuration:
  AZURE_AKS_CNI_MINIMUM_CLUSTER_SUBNET_SIZE: 23

Links

• Plan for growth
• Configure Azure CNI networking in Azure Kubernetes Service (AKS)
• Use kubenet networking with your own IP address ranges in Azure Kubernetes Service (AKS)
• Tutorial: Configure Azure CNI networking in Azure Kubernetes Service (AKS) using Ansible

Comments