Does Cloud Composer require a /14 custom subnet?
I need my Composer environment to reach some on-prem resources over the VPN tunnel established between GCP and my network. I have my custom VPC network setup and running with a series of /20 subnets.
The problem is I can't spin up a new Composer instance using any of those subnets. The creation job spins for a long, long time with no apparent error, but the K8S cluster creation shows me what's happening:
Apparently it requires a /14 subnet, but I haven't found anything mentioning that in the documenta available.
I just want to make sure this is in fact a requirement before I go ahead and plan to reconfigure all our VPC setup to accommodate such thing.
google-cloud-platform vpc google-cloud-composer
asked Nov 20 '18 at 11:56
larrudalarruda
283
add a comment |
I need my Composer environment to reach some on-prem resources over the VPN tunnel established between GCP and my network. I have my custom VPC network setup and running with a series of /20 subnets.
The problem is I can't spin up a new Composer instance using any of those subnets. The creation job spins for a long, long time with no apparent error, but the K8S cluster creation shows me what's happening:
Apparently it requires a /14 subnet, but I haven't found anything mentioning that in the documenta available.
I just want to make sure this is in fact a requirement before I go ahead and plan to reconfigure all our VPC setup to accommodate such thing.
google-cloud-platform vpc google-cloud-composer
asked Nov 20 '18 at 11:56
larrudalarruda
283
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55
add a comment |
I need my Composer environment to reach some on-prem resources over the VPN tunnel established between GCP and my network. I have my custom VPC network setup and running with a series of /20 subnets.
The problem is I can't spin up a new Composer instance using any of those subnets. The creation job spins for a long, long time with no apparent error, but the K8S cluster creation shows me what's happening:
Apparently it requires a /14 subnet, but I haven't found anything mentioning that in the documenta available.
I just want to make sure this is in fact a requirement before I go ahead and plan to reconfigure all our VPC setup to accommodate such thing.
google-cloud-platform vpc google-cloud-composer
asked Nov 20 '18 at 11:56
larrudalarruda
283
I need my Composer environment to reach some on-prem resources over the VPN tunnel established between GCP and my network. I have my custom VPC network setup and running with a series of /20 subnets.
The problem is I can't spin up a new Composer instance using any of those subnets. The creation job spins for a long, long time with no apparent error, but the K8S cluster creation shows me what's happening:
Apparently it requires a /14 subnet, but I haven't found anything mentioning that in the documenta available.
I just want to make sure this is in fact a requirement before I go ahead and plan to reconfigure all our VPC setup to accommodate such thing.
google-cloud-platform vpc google-cloud-composer
google-cloud-platform vpc google-cloud-composer
asked Nov 20 '18 at 11:56
larrudalarruda
283
asked Nov 20 '18 at 11:56
larrudalarruda
283
asked Nov 20 '18 at 11:56
larrudalarruda
283
asked Nov 20 '18 at 11:56
larrudalarruda
283
asked Nov 20 '18 at 11:56
larrudalarruda
283
283
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55
add a comment |
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55
add a comment |
2 Answers
2
active
oldest
votes
The required size depends on your cluster size, and needs to account for any growth in the number of nodes, pods, or services run on the cluster.
Some minimum CIDR ranges are documented in the Cloud Composer Shared VPC guide. For a 3-node cluster, the minimum ranges are:
- Pods composer-pods:
/22
- Services composer-services:
/24
- Primary address range:
/29
Cloud Composer uses Alias IPs, whose docs provide more guidance on sizing:
- Nodes: Node IPs are taken from the subnetwork associated with the cluster. ...
- Pods: Each node in the cluster is currently allocated a /24 (2(32-24) = 28 = 256) block of Pod IPs. ...
- Services: Every cluster needs to reserve a range of IPs for Kubernetes Service cluster IPs. ...
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
add a comment |
The error you're seeing where the underlying GKE cluster fails to create due to being unable to allocate a /14 address range happens because, in the current state of Composer, all environments are provisioned with non-VPC-native GKE clusters. This means that GKE will attempt to allocate a contiguous /14 address range in the provided subnet. This works fine if you don't have much else competing for addresses in the subnet but not so well otherwise.
From the looks of it, you're not creating a Composer environment using a Shared VPC network. Composer environments connected to Shared VPC networks use so-called VPC-Native clusters in which it's possible to specify smaller secondary address ranges for pods and services. As Tim Swast pointed out, the minimum secondary address range sizes that you need to allocate are /22 for pods and /24 for services, but you should make the pods range large enough to accommodate any future node count upscaling.
To summarize, if you are unable to setup Shared VPC, you'll need to clear out some address space in your network. However, it seems like if you've gone through the trouble of setting up Cloud VPN that it might not be a huge hassle for you to setup another project so that you can use a Shared VPC setup which will allow you to configure smaller address ranges.
EDIT:
A bit more detailed info: For non-VPC Native clusters, GKE searches the routing table for an unused contiguous /14 subnet under 10.0.0.0/8. When it cannot find one, it reports this error. You need to work with your network admin to shuffle allocated address blocks around to free up a /14.
answered Dec 3 '18 at 19:42
WilsonWilson
28514
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53392492%2fdoes-cloud-composer-require-a-14-custom-subnet%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The required size depends on your cluster size, and needs to account for any growth in the number of nodes, pods, or services run on the cluster.
Some minimum CIDR ranges are documented in the Cloud Composer Shared VPC guide. For a 3-node cluster, the minimum ranges are:
- Pods composer-pods:
/22
- Services composer-services:
/24
- Primary address range:
/29
Cloud Composer uses Alias IPs, whose docs provide more guidance on sizing:
- Nodes: Node IPs are taken from the subnetwork associated with the cluster. ...
- Pods: Each node in the cluster is currently allocated a /24 (2(32-24) = 28 = 256) block of Pod IPs. ...
- Services: Every cluster needs to reserve a range of IPs for Kubernetes Service cluster IPs. ...
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
add a comment |
The required size depends on your cluster size, and needs to account for any growth in the number of nodes, pods, or services run on the cluster.
Some minimum CIDR ranges are documented in the Cloud Composer Shared VPC guide. For a 3-node cluster, the minimum ranges are:
- Pods composer-pods:
/22
- Services composer-services:
/24
- Primary address range:
/29
Cloud Composer uses Alias IPs, whose docs provide more guidance on sizing:
- Nodes: Node IPs are taken from the subnetwork associated with the cluster. ...
- Pods: Each node in the cluster is currently allocated a /24 (2(32-24) = 28 = 256) block of Pod IPs. ...
- Services: Every cluster needs to reserve a range of IPs for Kubernetes Service cluster IPs. ...
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
add a comment |
The required size depends on your cluster size, and needs to account for any growth in the number of nodes, pods, or services run on the cluster.
Some minimum CIDR ranges are documented in the Cloud Composer Shared VPC guide. For a 3-node cluster, the minimum ranges are:
- Pods composer-pods:
/22
- Services composer-services:
/24
- Primary address range:
/29
Cloud Composer uses Alias IPs, whose docs provide more guidance on sizing:
- Nodes: Node IPs are taken from the subnetwork associated with the cluster. ...
- Pods: Each node in the cluster is currently allocated a /24 (2(32-24) = 28 = 256) block of Pod IPs. ...
- Services: Every cluster needs to reserve a range of IPs for Kubernetes Service cluster IPs. ...
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
The required size depends on your cluster size, and needs to account for any growth in the number of nodes, pods, or services run on the cluster.
Some minimum CIDR ranges are documented in the Cloud Composer Shared VPC guide. For a 3-node cluster, the minimum ranges are:
- Pods composer-pods:
/22
- Services composer-services:
/24
- Primary address range:
/29
Cloud Composer uses Alias IPs, whose docs provide more guidance on sizing:
- Nodes: Node IPs are taken from the subnetwork associated with the cluster. ...
- Pods: Each node in the cluster is currently allocated a /24 (2(32-24) = 28 = 256) block of Pod IPs. ...
- Services: Every cluster needs to reserve a range of IPs for Kubernetes Service cluster IPs. ...
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
answered Nov 27 '18 at 1:05
Tim SwastTim Swast
9,47632340
9,47632340
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
add a comment |
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Thanks Tim for your answer. I still have no clue why I can't create a 3-node cluster in a custom /20 VPC with practically no resources on it taking up IP addresses.
– larruda
Nov 28 '18 at 1:36
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
Yes, I would expect /20 to be large enough for a 3-node cluster.
– Tim Swast
Nov 28 '18 at 23:12
add a comment |
The error you're seeing where the underlying GKE cluster fails to create due to being unable to allocate a /14 address range happens because, in the current state of Composer, all environments are provisioned with non-VPC-native GKE clusters. This means that GKE will attempt to allocate a contiguous /14 address range in the provided subnet. This works fine if you don't have much else competing for addresses in the subnet but not so well otherwise.
From the looks of it, you're not creating a Composer environment using a Shared VPC network. Composer environments connected to Shared VPC networks use so-called VPC-Native clusters in which it's possible to specify smaller secondary address ranges for pods and services. As Tim Swast pointed out, the minimum secondary address range sizes that you need to allocate are /22 for pods and /24 for services, but you should make the pods range large enough to accommodate any future node count upscaling.
To summarize, if you are unable to setup Shared VPC, you'll need to clear out some address space in your network. However, it seems like if you've gone through the trouble of setting up Cloud VPN that it might not be a huge hassle for you to setup another project so that you can use a Shared VPC setup which will allow you to configure smaller address ranges.
EDIT:
A bit more detailed info: For non-VPC Native clusters, GKE searches the routing table for an unused contiguous /14 subnet under 10.0.0.0/8. When it cannot find one, it reports this error. You need to work with your network admin to shuffle allocated address blocks around to free up a /14.
answered Dec 3 '18 at 19:42
WilsonWilson
28514
add a comment |
The error you're seeing where the underlying GKE cluster fails to create due to being unable to allocate a /14 address range happens because, in the current state of Composer, all environments are provisioned with non-VPC-native GKE clusters. This means that GKE will attempt to allocate a contiguous /14 address range in the provided subnet. This works fine if you don't have much else competing for addresses in the subnet but not so well otherwise.
From the looks of it, you're not creating a Composer environment using a Shared VPC network. Composer environments connected to Shared VPC networks use so-called VPC-Native clusters in which it's possible to specify smaller secondary address ranges for pods and services. As Tim Swast pointed out, the minimum secondary address range sizes that you need to allocate are /22 for pods and /24 for services, but you should make the pods range large enough to accommodate any future node count upscaling.
To summarize, if you are unable to setup Shared VPC, you'll need to clear out some address space in your network. However, it seems like if you've gone through the trouble of setting up Cloud VPN that it might not be a huge hassle for you to setup another project so that you can use a Shared VPC setup which will allow you to configure smaller address ranges.
EDIT:
A bit more detailed info: For non-VPC Native clusters, GKE searches the routing table for an unused contiguous /14 subnet under 10.0.0.0/8. When it cannot find one, it reports this error. You need to work with your network admin to shuffle allocated address blocks around to free up a /14.
answered Dec 3 '18 at 19:42
WilsonWilson
28514
add a comment |
The error you're seeing where the underlying GKE cluster fails to create due to being unable to allocate a /14 address range happens because, in the current state of Composer, all environments are provisioned with non-VPC-native GKE clusters. This means that GKE will attempt to allocate a contiguous /14 address range in the provided subnet. This works fine if you don't have much else competing for addresses in the subnet but not so well otherwise.
From the looks of it, you're not creating a Composer environment using a Shared VPC network. Composer environments connected to Shared VPC networks use so-called VPC-Native clusters in which it's possible to specify smaller secondary address ranges for pods and services. As Tim Swast pointed out, the minimum secondary address range sizes that you need to allocate are /22 for pods and /24 for services, but you should make the pods range large enough to accommodate any future node count upscaling.
To summarize, if you are unable to setup Shared VPC, you'll need to clear out some address space in your network. However, it seems like if you've gone through the trouble of setting up Cloud VPN that it might not be a huge hassle for you to setup another project so that you can use a Shared VPC setup which will allow you to configure smaller address ranges.
EDIT:
A bit more detailed info: For non-VPC Native clusters, GKE searches the routing table for an unused contiguous /14 subnet under 10.0.0.0/8. When it cannot find one, it reports this error. You need to work with your network admin to shuffle allocated address blocks around to free up a /14.
answered Dec 3 '18 at 19:42
WilsonWilson
28514
The error you're seeing where the underlying GKE cluster fails to create due to being unable to allocate a /14 address range happens because, in the current state of Composer, all environments are provisioned with non-VPC-native GKE clusters. This means that GKE will attempt to allocate a contiguous /14 address range in the provided subnet. This works fine if you don't have much else competing for addresses in the subnet but not so well otherwise.
From the looks of it, you're not creating a Composer environment using a Shared VPC network. Composer environments connected to Shared VPC networks use so-called VPC-Native clusters in which it's possible to specify smaller secondary address ranges for pods and services. As Tim Swast pointed out, the minimum secondary address range sizes that you need to allocate are /22 for pods and /24 for services, but you should make the pods range large enough to accommodate any future node count upscaling.
To summarize, if you are unable to setup Shared VPC, you'll need to clear out some address space in your network. However, it seems like if you've gone through the trouble of setting up Cloud VPN that it might not be a huge hassle for you to setup another project so that you can use a Shared VPC setup which will allow you to configure smaller address ranges.
EDIT:
A bit more detailed info: For non-VPC Native clusters, GKE searches the routing table for an unused contiguous /14 subnet under 10.0.0.0/8. When it cannot find one, it reports this error. You need to work with your network admin to shuffle allocated address blocks around to free up a /14.
answered Dec 3 '18 at 19:42
WilsonWilson
28514
edited Dec 6 '18 at 2:16
answered Dec 3 '18 at 19:42
WilsonWilson
28514
answered Dec 3 '18 at 19:42
WilsonWilson
28514
answered Dec 3 '18 at 19:42
WilsonWilson
28514
28514
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53392492%2fdoes-cloud-composer-require-a-14-custom-subnet%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Some requirements are documented at cloud.google.com/composer/docs/how-to/managing/… /14 is not mentioned, but there is a note that the size you need to provide needs to be large enough to "accommodate scaling up your environment.".
– Tim Swast
Nov 27 '18 at 0:55