Adding a Secondary VPC CIDR Block for a Cluster

Scenario

When creating a cluster, deploy it in a VPC. If the planned VPC is too small and IP addresses are insufficient, you can use a secondary VPC CIDR block to support your service scaling. This section describes how to add a secondary VPC CIDR block for your cluster.

Notes and Constraints

Only CCE standard clusters and CCE Turbo clusters of v1.21 and later are supported.

Planning a Secondary CIDR Block

Before adding a secondary CIDR block, plan it properly to prevent CIDR conflicts. Note the following points:

1. All subnets (including extended subnets) in the VPC where the cluster resides cannot conflict with the container and Service CIDR blocks.
2. CIDR blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 may conflict with the IP addresses allocated to the cluster master nodes. Do not select them as secondary CIDR blocks.
3. If an ECS that is not in a cluster in the same VPC needs to access the cluster, Secure Network Address Translation (SNAT) is performed. The pod source address is the node IP address instead of the pod IP address.
4. ECSs in a secondary CIDR block cannot access pods in the cluster unless this CIDR block has been used to add nodes in the cluster.

Procedure

1. Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > My VPCs. In the Operation column of the VPC to which the cluster belongs, click Edit CIDR Block and then Add Secondary IPv4 CIDR Block.
   Figure 1 Adding a secondary IPv4 CIDR block
   

2. In the navigation pane, choose Virtual Private Cloud > Subnets. Click Create Subnet. In IPv4 CIDR Block, enter the newly added secondary IPv4 CIDR block. Configure other parameters as planned, and click OK. Then, you can create subnets in the secondary IPv4 CIDR block for the cluster.

   

3. After a subnet is created using the secondary IPv4 CIDR block, you can select the subnet when creating a node or node pool in the Network Settings page.