Help Center> Cloud Container Engine> User Guide> Old Console> Networking> Adding a Secondary VPC CIDR Block for a Cluster
Adding a Secondary VPC CIDR Block for a Cluster
Scenario
When creating a cluster, you need to deploy it in a VPC. If the planned VPC is too small and IP addresses are insufficient, you can use a secondary VPC CIDR block to support your service scaling. This section describes how to add a secondary VPC CIDR block for your cluster.
Notes and Constraints
Only CCE clusters and CCE Turbo clusters of v1.21 and later are supported.
Planning a Secondary CIDR Block
Before adding a secondary CIDR block, plan it properly to prevent CIDR conflicts. Note the following points:
- All subnets (including extended subnets) in the VPC where the cluster resides cannot conflict with the container and Service CIDR blocks.
- CIDR blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 may conflict with the IP addresses allocated to the cluster master nodes. You are not advised to select them as secondary CIDR blocks.
- If an ECS that is not in a cluster in the same VPC needs to access the cluster, Secure Network Address Translation (SNAT) is performed. The pod source address is the node IP address instead of the pod IP address.
- ECSs in a secondary CIDR block cannot access pods in the cluster unless this CIDR block has been used to add nodes in the cluster.
Adding a Secondary VPC CIDR Block
- Log in to the VPC console, select the VPC to which the cluster belongs, click Edit CIDR Block, and click Add Secondary CIDR Block. Figure 1 Adding a secondary IPv4 CIDR block
- Create a subnet in the secondary CIDR block for the cluster.
Using a Secondary CIDR Block
After a subnet is created using the secondary CIDR block, you can select the subnet when creating a node or node pool.
Parent topic: Networking
Last Article: Network Attachment Definitions
Next Article: Storage (CSI)
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.