How do you find the cluster & service CIDR of a Kubernetes cluster?

Question

How do you find the cluster/service CIDR for a Kubernetes cluster, once it is already running?

I know for Minikube, it is 10.0.0.1/24.

For GKE, you can find out via

gcloud container clusters describe XXXXXXX --zone=XXXXXX |
  grep -e clusterIpv4Cidr -e servicesIpv4Cidr

But how do you find out on a generic Kubernetes cluster, particularly via kubectl?

Answer 1

I spent hours searching for a generic way to do this. I gave up searching and wrote my own. As of Kubernetes 1.18, this method works across cloud providers, beyond just GKE.

SVCRANGE=$(echo '{"apiVersion":"v1","kind":"Service","metadata":{"name":"tst"},"spec":{"clusterIP":"1.1.1.1","ports":[{"port":443}]}}' | kubectl apply -f - 2>&1 | sed 's/.*valid IPs is //')
echo $SVCRANGE
172.21.0.0/16

This one liner works by feeding an invalid service cluster IP into kubectl apply and parsing the error output, which provides the service CIDR information.

Answer 2

Get Services IPs range

kubectl cluster-info dump | grep -m 1 service-cluster-ip-range

You will see something like e.g. --service-cluster-ip-range=xxx.yy.0.0/13

Get Pods IPs range

kubectl cluster-info dump | grep -m 1 cluster-cidr

You will see something like e.g. --cluster-cidr=xxx.yy.0.0/11

Answer 3

Did you check if the following command contains the info you need?

kubectl cluster-info dump

Answer 4

kubectl describe cm kubeadm-config -n kube-system |grep Subnet

Answer 5

With kubeadm

kubeadm config view | grep Subnet

Below output is self explanatory

podSubnet: 10.10.0.0/16

serviceSubnet: 10.96.0.0/12

Answer 6

If you did not specify --pod-network-cidr or --service-cidr, the defaults are used. Get defaults:

kubeadm config print init-defaults

Or get the configmap:

kubectl  --namespace kube-system get configmap kubeadm-config -o yaml

Answer 7

I can't leave a comment yet cause of rep so I'm just gonna answer with what I've found.

For minikube it looks like the CIDR can change, specifically for me it has. I found the CIDR under the .minikube directory at

.minikube\profiles\minikube

For windows you can find that at:

C:\Users\YourUserName\.minikube\profiles\minikube

For linux and mac I'd assume it would be under the ~/.minikube dir.

In the dir there should be a file called config.json which has a json object "KubernetesConfig": {} with the following field: ServiceCIDR. The value of that should be the CIDR for your services.

Unfortunately I have no other tips for kubectl to find the CIDR, maybe it's more of a provider thing and dependent on where/how you're running kubernetes.

Answer 8

Similarly as proposed before, but with only the CIDR returned:

POD_CIDR=$(kubectl cluster-info dump | grep -m 1 -Po '(?<=--cluster-cidr=)[0-9.\/]+')
SERVICE_RANGE=$(kubectl cluster-info dump | grep -m 1 -Po '(?<=--service-cluster-ip-range=)[0-9.\/]+')

Answer 9

All of this answers/solution didn't work in my case.

And this is what worked for me and it's yet another way to see the All POD CIDRs used.

kubectl describe node | egrep 'PodCIDR|Name:'

Name: is so you identify the Node name too.