Extending VNET for AKS Cluster
When you create an AKS Cluster with Azure CNI network plugin, you need To properly plan the IP address allocation as the both Nodes and max imum defined Pods per Node will share the same subnet inside a Virtual Network. Ther than the resource consumption, you also need to have a reserved IP addresses for the future update or upgrades operations. In order to increase the subnet size allocated for a Cluster, you need to following steps:
- On Azure Portal, please find the VNET resource assigned to this cluster and change (increase) the address space assigned to this resource as in the following screenshot
You can use for example a /16 CIDR space for the VNET.
Hit Save button to keep the new changes on this resource.
2. Also on the VNET side, please add a New Subnet as in the following screen
Based on your initial addressing space, I have selected a /22 (10.101.64.02/22).
3. Please execute a reconcile operation on your AKS cluster. You can do this operation through Azure CLI with the following command:
az resource update — ids subscriptions/0400970c8cdb4798axxxx/resourcegroups/<RG>/providers/Microsoft.ContainerService/managedClusters/<ClusterName>
This operation should take approximately 10–15 minutes.
3. The last step is to add a new Node Pool in the new Subnet ID. This operation could be executed in both Portal and Azure CLI, uin the command you need to
provide the Subnet ID of your newly created subnet
az aks nodepool add — cluster-name <CLusterName> -g <RG>-n nodepool2 — vnet-subnet-id /subscriptions/0400970a-7a42–4c7c-8cdb-4798xxxx/resourceGroups/<RGName>/providers/Microsoft.Network/virtualNetworks/yourVnetName/yourSubnetName
Please take in consideration that there is some limitation.
· All subnets assigned to nodepools must belong to the same virtual network.
· System pods must have access to all nodes/pods in the cluster to provide critical functionality such as DNS resolution and tunneling kubectl logs/exec/port-forward proxy.
· If you expand your VNET after creating the cluster you must update your cluster (perform any managed cluster operation but node pool operations don’t count) before adding a subnet outside the original cidr. AKS will error out on the agent pool add now though we originally allowed it. If you don’t know how to reconcile your cluster file a support ticket.
· Calico Network Policy is not supported.
· Azure Network Policy is not supported.
· Kube-proxy expects a single contiguous cidr and uses it this for three optmizations. See this K.E.P. and — cluster-cidr here for details. In Azure cni your first node pool’s subnet will be given to kube-proxy.
