Azure-docs: Need clarity on Docker Bridge Address
Not able to find enough documentation on this (docker networing / docker's bridge address space) in connection with how it works with Kubernetes. What if 172.17.0.1/16 is conflicting with one of our internal network ip address space? can I still use the same address space without causing issues? As per K8s documentation containers share the same IP address of Pod but have to negotiate ports within the pods, given that can I assume that no matter what range you give for docker bridge address space, it will not cause any issues because Pods in AKS gets its IP from the subnet itself?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 22ad4873-c73d-4b90-2063-927a1060d2a2
- Version Independent ID: 8e6643ad-7333-a786-8712-3d17291e12a7
- Content: Configured advanced networking in Azure Kubernetes Service (AKS)
- Content Source: articles/aks/configure-advanced-networking.md
- Service: container-service
- GitHub Login: @iainfoulds
- Microsoft Alias: iainfou
badalk
All 9 comments
Thanks for the question. We are currently investigating and will update you shortly.
Karishma-Tiwari-MSFT
on 28 Dec 2018
@badalk I found a similar issue here. Please take a look and let me know if that answers your question.
Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.
@iainfoulds Can you please take a look and see if we can incorporate more information in the doc. Thanks. :)
Karishma-Tiwari-MSFT
on 28 Dec 2018
@Karishma-Tiwari-MSFT I had seen that thread, but it explains about kubernetes service address space but not docker bridge address space.
badalk
on 28 Dec 2018
Docker bridge is for the host and control plane communication. It doesn't define addresses that the pods themselves would receive. You're welcome to use an alternate IP subnet for the Docker bridge, what's noted is just an example. If the subnet is already in use, it would still conflict in terms of that host communication plane, so it would need to unique within your network space.
I've created a backlog work item to add a sentence or two explaining the use of the Docker bridge address range. For now, @Karishma-Tiwari-MSFT #please-close
iainfoulds
on 8 Jan 2019
Thanks @iainfoulds
@badalk Thanks for bringing this to our attention. We will now close this issue. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
Karishma-Tiwari-MSFT
on 8 Jan 2019
Thanks @iainfoulds
badalk
on 9 Jan 2019
In the current documentation it's still not clear to me:
- does that IP have to be part of a /16 range?
- if I have two AKS clusters in two peered Vnets, can I use the same Docker Bridge address for both?
thanks
rigerosa
on 5 Apr 2019
@iainfoulds : I'm working on building a new AKS cluster and we don't have many spaces for our IP range. Can you :
- Be more precise about why Docker Bridge need so many IP to work ? For me, I undertanstood that it's just for routing data and make communication easier between pods and nodes so it doesn't make sense to give it a full /16...
- Is a /29 range is enough for an AKS ? Some people said is not enough...
Thank you for the reply!
NicoRun
on 11 Sep 2019
is the docker bridge cidr is for per node or for the entire cluster?
rvashishth
on 24 Sep 2019
Related issues
behnam89
·
3Comments
AronT-TLV
·
3Comments
ianpowell2017
·
3Comments
Favna
·
3Comments
bdcoder2
·
3Comments
Most helpful comment
In the current documentation it's still not clear to me:
thanks