Shoot CIDR information

Node CIDR block requirements

The size of the Node subnet will have an impact on the number of connections a Shoot Node can make via the NAT Gateway. The default suffix is /27. This allows for 32 Nodes and 1024 NAT Gateway Ports per Node. So the processes running on a node can open 1024 connections at any given time.

As an example, using /24 would allow only 128 Ports per Node. Using this, or even a larger subnet, may cause serious issues for the deployed payload.

It is recommended to use the smaller subnet (in other words, limit the number of possible Nodes) as much as possible.

Pod CIDR requirements

The Pod CIDR of the deployed shoot needs to be different than the Pod CIDR of the seed. The Pod CIDR of the seeds will be provided by OSC.

Live expanding of the Shoot's Node CIDR block

It is possible to expand a Shoot cluster's Node CIDR block for an existing Shoot. Shrinking is not possible and will be refused by the system.

To expand the CIDR block, edit the following property in the Shoot's manifest:

apiVersion: core.gardener.cloud/v1beta1
kind: Shoot
spec:
  networking:
    nodes: 10.5.0.0/24

Info

The largest possible Shoot Node CIDR block is /23 (which allows for 510 Node IPs).

After applying the changed manifest, the Shoot will be reconciled with the new network setup.