How to get kubernetes pod network CIDR

Question

I have a running k8s cluster initialized with kubeadm.

On initialization, I did not pass the option --pod-network-cidr

How do I get the CIDR of the pod network

I tried

Looking at the /etc/kubernetes/manifests/kube-apiserver.yaml which seems to be the manifest for kube-apiserver used by kubeadm but that information is not included
Looking at the kubeadm document but I couldn't find a default value

score 31 · Answer 1 · answered Jan 07 '19 at 14:41

31

This command will give you the pod CIDR addresses for each of the nodes in your cluster.

kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}'

answered Jan 07 '19 at 14:41

Marcus

431
3
3

score 14 · Answer 2 · answered Jun 27 '19 at 11:55

14

This will show pod network CIDR which used by kube-proxy

kubectl cluster-info dump | grep -m 1 cluster-cidr

answered Jun 27 '19 at 11:55

SamBundy

141
1
2

score 11 · Answer 3 · answered Oct 21 '21 at 20:44

11

my version of kubeadm is 1.22 and the command to view defaults is kubeadm config print init-defaults, towards the bottom:

networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12

answered Oct 21 '21 at 20:44

Paul42

211
2
3

score 5 · Answer 4 · answered Jul 01 '19 at 11:03

5

The --cluster-cidr / --pod-network-cidr is fed to kube-controller-manager config.

You can simply do ps -ef | grep "cluster-cidr" to get what you want.

answered Jul 01 '19 at 11:03

Vignesh SP

151
1
2

score 3 · Answer 5 · answered May 22 '19 at 10:47

It's in file /etc/kubernetes/manifests/kube-controller-manager.yaml

# sudo grep cidr /etc/kubernetes/manifests/kube-*
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --allocate-node-cidrs=true
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --cluster-cidr=192.168.0.0/16
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --node-cidr-mask-size=24

score 2 · Answer 6 · answered Dec 26 '19 at 21:11

2

With kubeadm

kubeadm config view | grep Subnet

answered Dec 26 '19 at 21:11

user3165768

21
1

score 2 · Answer 7 · answered Feb 13 '20 at 09:14

There are a few options (combining the existing answers and adding option for Calico, including example ouput):

Option 1: Run this command On the master node (also applicable when running for example microk8s on Ubuntu)

kubeadm config view | grep Subnet

example output from local 3 node cluster, master node

podSubnet: 172.16.0.0/16
serviceSubnet: 10.96.0.0/12

Option 2: Run this command on the master node:

ps -ef | grep cluster-cidr

example output from local machine running microk8s

vincent   6841 27089  0 09:52 pts/7    00:00:00 grep --color=auto cluster-cidr
root      7053     1  0 feb12 ?        00:00:14 /snap/microk8s/1173/kube-proxy --kubeconfig=/var/snap/microk8s/1173/credentials/proxy.config --cluster-cidr=10.152.183.0/24 --healthz-bind-address=127.0.0.1

Option 3: Run this command on the master node:

sudo grep cidr /etc/kubernetes/manifests/kube-*

Example output of same master node:

/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --allocate-node-cidrs=true
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --cluster-cidr=172.16.0.0/16
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --node-cidr-mask-size=24

If you run Calico you have the option to use calicoctl:

https://docs.projectcalico.org/v3.5/usage/calicoctl/install

This documentation shows how to show and also change the cidr: https://docs.projectcalico.org/v3.2/usage/changing-ip-pools

Option 4 (Calico): Run this command to view the cidr:

CALICO_KUBECONFIG=~/.kube/config DATASTORE_TYPE=kubernetes calicoctl get ippool -o wide

Example output for the same cluster (works from any place that has the proper kubectl config and connection to the cluster):

NAME                  CIDR            NAT    IPIPMODE   DISABLED   SELECTOR   
default-ipv4-ippool   172.16.0.0/16   true   Always     false      all()

Depending on your network option, you may have other options which are hopefully documented in the respective documentation.

score 2 · Answer 8 · edited Nov 29 '21 at 07:32

To get Service IP range - i.e. IP's assigned to ClusterIP, the command is:

ps -aux | grep kube-apiserver | grep service-cluster-ip-range (you can run this on master node)
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep service-cluster-ip-range

To find the Pod network range, when you have defined your cluster using kubeadm 1.22 and used weave as your networking addon: first find the weave pod name using

kubectl get pod -n kube-system | grep weave

Copy any one name out of the three pod names.

kubectl -n kube-system logs <<weave-net-podname-from-above-step>> -c weave | grep ipalloc-range

you will find either default i.e. 10.32.0.0/12 or whatever range you assigned during kubeadm init

score 1 · Answer 9 · answered May 24 '24 at 12:27

This works practically in any cluster:

kubectl create service clusterip testcidr \
          --tcp='8080:8080' --clusterip='1.0.0.0'
error: failed to create ClusterIP service: Service "testcidr"
is invalid: spec.clusterIPs: Invalid value: []string{"1.0.0.0"}: 
failed to allocate IP 1.0.0.0: the provided IP (1.0.0.0) is not in 
the valid range. The range of valid IPs is 192.168.192.0/24

The idea is to try to create a service outside the allowed CIDR and the error message will contain the valid range.

How to get kubernetes pod network CIDR

9 Answers9