EMK - Custom Networking
Estimated time to read: 3 minutes
In this tutorial you'll learn how to configure custom networking for your Kubernetes cluster using your own pre-existing router or network, or both.
Custom networking allows you to integrate your Kubernertes cluster with existing cloud network infrastructure. This is useful when you want to:
- Integrate your cluster with existing network infrastructure
- Connect multiple clusters within the same network
- Use a pre-configured router with specific routing rules
- Manage network resources independently from cluster lifecycle
- Implement specific network security policies
Resource Dependencies
Important: Do not manually delete networks or routers that are assigned to your cluster. EMK depends on these resources to function correctly.
If you need to remove a custom network or router:
- First delete your EMK cluster completely
- Remove the network or router resources
Deleting these resources while the cluster is still active will cause cluster failures and potential data loss.
Configuration Options
You can configure custom networking in three ways:
- Custom Router: EMK creates a network and subnet, then connects it to your router
- Custom Network: EMK creates a subnet within your existing network
- Custom Router and Network: You provide both the router and network
What happens
What EMK creates:
- Network for the cluster
- Subnet with the specified CIDR (10.250.0.0/16)
- Connection to your existing router
What you provide:
- Router ID from your OpenStack infrastructure
Specify a router ID, and EMK will create a new network with subnet and connect it to the specified router:
apiVersion: core.gardener.cloud/v1beta1
kind: Shoot
metadata:
name: mycluster
namespace: garden-my-project
spec:
provider:
type: openstack
infrastructureConfig:
apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
workers: 10.250.0.0/16
router:
id: <router-id> # Your existing router ID
What happens
What EMK creates:
- Subnet with the specified CIDR (10.250.0.0/16) within your network
- Router and connection (if needed)
What you provide:
- Network ID from your OpenStack infrastructure
Specify a network ID, and EMK will create a subnet within your existing network:
apiVersion: core.gardener.cloud/v1beta1
kind: Shoot
metadata:
name: mycluster
namespace: garden-my-project
spec:
provider:
type: openstack
infrastructureConfig:
apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
id: <network-id> # Your existing network ID
workers: 10.250.0.0/16
What happens
What EMK creates:
- Subnet with the specified CIDR (10.250.0.0/16)
- Connection between your network and router
What you provide:
- Network ID from your OpenStack infrastructure
- Router ID from your OpenStack infrastructure
You can combine both options to have full control over the networking infrastructure:
apiVersion: core.gardener.cloud/v1beta1
kind: Shoot
metadata:
name: mycluster
namespace: garden-my-project
spec:
provider:
type: openstack
infrastructureConfig:
apiVersion: openstack.provider.extensions.gardener.cloud/v1alpha1
kind: InfrastructureConfig
networks:
id: <network-id> # Your existing network ID
workers: 10.250.0.0/16
router:
id: <router-id> # Your existing router ID
Network CIDR Requirements
When specifying the workers CIDR range:
- Must be a valid private IPv4 CIDR block
- Common ranges:
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - Recommended size:
/16provides 65,536 IP addresses - Must not overlap with existing networks in your infrastructure
- Must not conflict with Kubernetes service CIDR or pod CIDR
CIDR Planning
Plan your CIDR ranges carefully, especially if you're connecting multiple clusters or integrating with existing infrastructure. Consider future growth and leave room for additional clusters.
Finding Resource IDs
To use custom networking, you need the OpenStack resource IDs. Those can be found in the dashboard or through OpenStack command line client. Example commands to show router and network details:
The resource ID will be displayed in the output in the format of a UUIDv4.