Configure IP pools
A workload is a container or VM that Calico handles the virtual networking for. In Kubernetes, workloads are pods. A workload endpoint is the virtual network interface a workload uses to connect to the Calico network.
IP pools are ranges of IP addresses that Calico uses for workload endpoints.
When we stood up the Kubernetes cluster, we set the pod CIDR, which is the range of IP addresses Kubernetes thinks the pods should be in. Many Kubernetes components use this setting to determine if an IP belongs to a pod, so you normally want all IP pools you configure to be subsets of the pod CIDR.
Let’s define two IP pools for use in this cluster. You can have a production-ready Calico install with only a single pool, but we define two so that we can show advanced networking later in this guide.
cat > pool1.yaml <<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: pool1 spec: cidr: 192.168.0.0/18 ipipMode: Never natOutgoing: true disabled: false nodeSelector: all() EOF
The pod CIDR was
/16 means 16 bits of a 32-bit IPv4 address is the fixed prefix, therefore
16 bits are freely variable within the CIDR, or about 64K addresses. For our first IP pool, we define the prefix
192.168.0.0/18, leaving only 14 bits free, or about 16K addresses for pods. This is enough for a very large
Kubernetes cluster, and it still leaves a lot of room in the pod CIDR if we want to create some more IP pools.
Let’s define a second pool right now.
cat > pool2.yaml <<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: pool2 spec: cidr: 192.168.192.0/19 ipipMode: Never natOutgoing: true disabled: true nodeSelector: all() EOF
In this second pool, we set
true, meaning that Calico will not create new pods with addresses in the pool
but will still recognize pods with these addresses as part of the Calico network. Later, in the
test networking lab, we will enable this pool and demonstrate how to control which pools your pods are assigned
nodeSelector is a label selector which determines which nodes use the pool. They are both set to
all() meaning all
nodes can use the pools.
Add these pools to Calico
calicoctl create -f pool1.yaml calicoctl create -f pool2.yaml
Verify the pools are created by
calicoctl get ippools
You should see output similar to
NAME CIDR SELECTOR pool1 192.168.0.0/18 all() pool2 192.168.192.0/19 all()