Azure-docs: Addresses outside the VNET range.

Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.

This part of the docs definitly needs a brush up. Do we need to create another VNET/Subnet for the Kubernetes services subnet? Do we need to create a VNET/subnet for the Docker Bridge?
Please also add an example. Thank you.

The Kubernetes service address range is the range from which IP addresses are assigned to Kubernetes services (https://kubernetes.io/docs/concepts/services-networking/service/ describes what a service is). Both these IP ranges should be outside the IP range of the VNet in which you are deploying your cluster. They should also not overlap with any other VNets with which this VNet peers. They should also not overlap with on-prem IPs. The reason to avoid overlap is that if a pod tries to access an IP outside the cluster and if that IP happens to be a service IP then the behavior is unpredictable.

I will make sure the documentation is updated with this info. Thanks!

All that information and the link to kuernetes docs is very useful. I set up AKS with advanced networking with the defaults just to see what I got. Looking through both Resource groups that get created, I can't find any references in either one as to what IP addresses were used for the "Kubernetes service address range " and "Docker Bridge address". Once I've created these things, how do I go back and check to see what IP ranges were use? In general I'd want to be able to use Powershell to scrape all IP ranges in a tenant space, or group of resources groups, etc to make sure I don't end up deploying overlaps.

Hi @travis-sobeck, although this issue has been closed, I'll update as additional info becomes available. For now, I've updated the article's Deployment parameters section with the additional info from @aanandr.

@aanandr, thanks for your input! If you have any additional info, such as for Travis' question about querying existing subnets, please feel free to add here.

@travis-sobeck - did you check the health blade under your cluster? It displays Pods, nodes etc. and may also show services. I am having some issues with my cluster so not able to confirm. Another option is to look inside the cluster, using kubectl. For e.g. you could list all services in a namespace using "kubectl get services -n ". In the output you will see the IP address of the services which will be from the configured range.

If you want to only check the configured range then its available in portal and i think you may be able to get it in CLI too.

@aanandr I'll poke around today. I scrapped my Adv Networking instance, waiting on my networking team to get some blocks of IPs I can use for a prod setup and avoid IP collisions. They want a meeting .. talk about stuff .. :)