IP range for ClusterIP - K8s service

Question

For the below manifest to create service type(CluserIP):

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app.kubernetes.io/name: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376

---

Assume that K8s is hosted in Azure cloud(AKS).

What is the IP address that K8s cluster assign to this service? Is it based on the AWS subnet(within VPC/VNET) IP range(where K8s cluster is hosted)?

Answer 1

In a Kubernetes cluster hosted on a cloud platform like Azure Kubernetes Service (AKS), the service CIDR range is typically configured to align with the cloud provider's networking setup to avoid IP conflicts. This means that the service CIDR range is chosen in such a way that it does not overlap with the VNet IP range where the AKS cluster is hosted.

To find the specific IP range used for services in your AKS cluster, you can check the cluster configuration. This information is usually set when the cluster is initially created and can be found in the AKS cluster's networking settings. You can use Azure CLI or Azure portal to view these details.

The actual IP address assigned to a specific service (like my-service in your example) is dynamically allocated from within this service CIDR range and is managed by Kubernetes. You typically do not control or predict the exact IP address; Kubernetes handles this allocation to ensure each service gets a unique IP within the cluster.

To view the assigned ClusterIP for your service, you can run the command kubectl get service my-service after creating the service in your AKS cluster. This will display the ClusterIP assigned to your service along with other details.

So now if I take an example of the sample AKS cluster network configuration,

1. Pod CIDR: 10.244.0.0/16

   • This is the IP address range used for assigning IP addresses to Pods in your Kubernetes cluster. It means that your Pods can have IP addresses ranging from 10.244.0.1 to 10.244.255.254.

2. Service CIDR: 10.0.0.0/16

   • This is the IP address range used for services in your Kubernetes cluster. Kubernetes will assign ClusterIPs for services from this range. The range for your services' ClusterIPs is from 10.0.0.1 to 10.0.255.254.

3. DNS Service IP: 10.0.0.10

   • This is the IP address assigned to the DNS service within your cluster. It is within the service CIDR range.

4. Cluster IP of the kubernetes Service: 10.0.0.1

   • This is the default service created by Kubernetes for the API server. It's within your defined service CIDR.

5. Cluster IP of my-service: 10.0.169.125

   • This is the IP address assigned to your custom service (my-service). It's also within your defined service CIDR.

So, summarizing:

• Your Pods can be assigned IPs in the range of 10.244.0.1 to 10.244.255.254.
• Your Services (including kubernetes and my-service) can have IPs in the range of 10.0.0.1 to 10.0.255.254.

Reference Document: official K8s cluster-IP allocation document