K
Q

Why are GKE container ranges limited to the 10.x RFC1918 range?

6/27/2017

... I would prefer a 172.16.x address.

Container pods in the cluster will be assigned an IP address from this IP address range. Enter a range (in CIDR notation) within 10.0.0.0/8 using a mask size between /8 and /19 bits, or leave this field blank to use a default range. -- GKE "create container cluster" tooltip for "Container address range" field

I can't find any real reference to this limitation in the Kuberenetes docs themselves, other than this part that assumes 10.0.0.0/8:

GCE itself does not know anything about these IPs, though, so it will not NAT them for outbound internet traffic. To achieve that we use an iptables rule to masquerade (aka SNAT - to make it seem as if packets came from the Node itself) traffic that is bound for IPs outside the GCE project network (10.0.0.0/8).

iptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o eth0 -j MASQUERADE

-- nfirvine
google-kubernetes-engine
kubernetes

Similar Questions

failed to deploy kubernetes controller on google container engine
Unable to provision k8s from gcloud: "Account does not exist"
Configure Ingress Kubernetes - accessible only on single node
Kubernetes - ingress route issue - route across namespaces

2 Answers

6/28/2017

The documentation will be updated when 1.7.0 comes out, but you can find the raw documentation here:

https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/tasks/administer-cluster/ip-masq-agent.md

-- Bowei Du
Source: StackOverflow
6/27/2017

It will be supported in the upcoming 1.7 release.

-- freehan
Source: StackOverflow