Kubernetes pod-network-cidr and service-cidr can’t overlap with intranet network ranges

Posted on by

If you initialize Kubernetes cluster with kubeadm check with the network team if the ranges you provide to kubeadm with –pod-network-cidr and –service-cidr does not overlap with intranet network ranges. Otherwise, pods/services won’t operate well and you might see anomalies in your Kubernetes environment.

Common default values:

  • –pod-network-cidr=10.244.0.0/16
  • –service-cidr=10.96.0.0/12

Issue we experienced:

hnsdiag list all command told us we have overlap with intranet network (marked red)

We have around dozen of Windows and Linux nodes. From time to time windows pods could not operate well in the pod network. Sometimes HNS network (service-cidr) overlapped with physical host-gw and broke the routing table so the windows k8s node could not contact the internal network servers/services as well. This happened on both flannel and calico network providers.

Remember pod-network and service-cidr can’t overlap either. They must be separated.

Useful resources

Kubernetes Office Hours discussion (34:48 minute explained):

Explained also in the official documentation:

Troubleshooting Kubernetes Networking on Windows
(PDF version):

Troubleshooting-Kubernetes-Networking-on-Windows_-Part-1-Microsoft-Tech-CommunityDownload

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.