I'm trying to understand a bit more about Kubernetes networking. That's why I've deployed a cluster in google cloud and checked the networking:
gcloud container clusters describe cluster0 | grep -i cidr
clusterIpv4Cidr: 10.20.0.0/14 # --cluster-cidr
nodeIpv4CidrSize: 24
servicesIpv4Cidr: 10.23.240.0/20 # --service-cluster-ip-range
So the first is for pod IPs:
First IP: 10.20.0.1
Last IP: 10.23.255.254
Service
First IP: 10.23.240.1
Last IP: 10.23.255.254
Is it always like this that the pod range contains the service IP range? Are they using the same network layer?
Best Answer
It is a long story how Kubernetes network is made...
Kubernetes assumes that pods can communicate with other pods, regardless of which host they land on. Every pod gets its own IP address so you do not need to explicitly create links between pods and you almost never need to deal with mapping container ports to host ports. This creates a clean, backwards-compatible model where pods can be treated much like VMs or physical hosts from the perspectives of port allocation, naming, service discovery, load balancing, application configuration, and migration.
Kubernetes use both private and public accessible IP addresses. Public IP addresses are not mentioned at this moment.
Kubernetes uses private pool of addresses to provide communication inside a cluster. Every pod and service has a private IP address. Services in Kubernetes are virtual - they are created by NAT, and iptables creates port redirection from addressed service to pods.
Basic rules of the communication inside of the cluster:
Regarding your question: official Kubernetes network documentation states:
So, is not recommended to have service IP in the same range that is used by pods.
I highly recommend watching video about Kubernetes networking or looking at illustrated guide.