Create Pod IP Pool

Time updated：2025-12-22 09:26:17

This section describes how to create a pod IP pool.

Prerequisites

You need to join a cluster and have the Cluster Network Resource Management permission in the cluster. For more information, see Cluster Members and Cluster Roles.

The KubeSphere Network extension must be installed and enabled on the KubeSphere platform.

Steps

Log in to the KubeSphere web console with a user who has Cluster Network Resource Management permissions and enter your cluster.
Click Network > Pod IP Pools in the left navigation pane.
Click Create on the page.

In the Create Pod IP Pool dialog box, set the parameters for the pod IP pool, then click Next.

Parameter	Description
IP Address	The network address of the subnet corresponding to the pod IP pool.
Mask	The mask bits of the subnet corresponding to the pod IP pool.
Quantity	The number of pod IP pools to create. You can create up to 10 pod IP pools simultaneously. If the quantity is greater than or equal to 2, the system will automatically fill in the network addresses for the other IP pools. You can also customize the network addresses for other IP pools as needed.

Parameter

Description

IP Address

The network address of the subnet corresponding to the pod IP pool.

Mask

The mask bits of the subnet corresponding to the pod IP pool.

Quantity

The number of pod IP pools to create. You can create up to 10 pod IP pools simultaneously. If the quantity is greater than or equal to 2, the system will automatically fill in the network addresses for the other IP pools. You can also customize the network addresses for other IP pools as needed.

In the Pod IP Pool dialog box, click . In the pop-up Edit Pod IP Pool area, set the following parameters, then click Create.

Parameter	Description
CIDR	The IP range of the pod IP pool.
Name	The name of the pod IP pool. You can modify the system-generated default name. The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long.
IP Pool Block Size	The CIDR size of the block used by the IP pool for IP allocation.
NAT Outgoing	Whether to allow cross-IP pool communication via NAT. When this feature is enabled, packets sent from Calico-networked pods in this IP pool to any destination outside of any Calico IP pool will be masqueraded. If IPIP or VXLAN mode is enabled, it is recommended to enable NAT outgoing. Otherwise, the routing between workloads running Calico and the host is asymmetric, and traffic may be filtered due to RPF check failures.
Alias	The alias of the pod IP pool.
Description	The description of the pod IP pool. The description can contain any characters, up to 256 characters.
Select Nodes	Use label selectors to match appropriate nodes for the IP pool. Node Scope All: Matches all nodes within the label selector scope. All Denied: Prohibits automatic assignment of the IP pool’s IP addresses to pods on any node. Label Selection Key: The key of the node label. Click to input a custom key. For more information about node labels, refer to Edit Node Labels. Operator: The operator for the filter condition. In: The value corresponding to the key contains a specific string. NotIn: The value corresponding to the key does not contain a specific string. Exists: A specific key exists in the node label. DoesNotExist: A specific key does not exist in the node label. Value: The string that the value corresponding to the key must contain. Press Enter to set multiple strings; the value corresponding to the key needs to contain only one of these strings to meet the condition. Click Add to create multiple labels simultaneously. Click on the right side of an added label to delete it. Custom Use custom expressions to filter nodes that meet the conditions. For more information about expressions, refer to Node Selector.
IPIP Mode	IPIP mode is one of the Overlay modes and cannot be set simultaneously with VXLAN mode. If both are set to Never, BGP mode is used. IPIP Mode: Creates an IP in IP tunnel on each node to enable communication between containers. Options are: Always: Always perform IPIP encapsulation (default). CrossSubnet: Perform IPIP encapsulation only when crossing subnets. Never: Never perform IPIP encapsulation.
VXLAN Mode	VXLAN mode is one of the Overlay modes and cannot be set simultaneously with IPIP mode. If both are set to Never, BGP mode is used. VXLAN Mode: Creates a VXLAN tunnel on each node to enable communication between containers. Options are: Always: Always perform VXLAN encapsulation. CrossSubnet: Perform VXLAN encapsulation only when crossing subnets. Never: Never perform VXLAN encapsulation.

Parameter

Description

CIDR

The IP range of the pod IP pool.

Name

The name of the pod IP pool. You can modify the system-generated default name. The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long.

IP Pool Block Size

The CIDR size of the block used by the IP pool for IP allocation.

NAT Outgoing

Whether to allow cross-IP pool communication via NAT.

When this feature is enabled, packets sent from Calico-networked pods in this IP pool to any destination outside of any Calico IP pool will be masqueraded.

If IPIP or VXLAN mode is enabled, it is recommended to enable NAT outgoing. Otherwise, the routing between workloads running Calico and the host is asymmetric, and traffic may be filtered due to RPF check failures.

Alias

The alias of the pod IP pool.

Description

The description of the pod IP pool. The description can contain any characters, up to 256 characters.

Select Nodes

Use label selectors to match appropriate nodes for the IP pool.

Node Scope
- All: Matches all nodes within the label selector scope.
- All Denied: Prohibits automatic assignment of the IP pool’s IP addresses to pods on any node.
Label Selection
- Key: The key of the node label. Click to input a custom key. For more information about node labels, refer to Edit Node Labels.
- Operator: The operator for the filter condition.
  - In: The value corresponding to the key contains a specific string.
  - NotIn: The value corresponding to the key does not contain a specific string.
  - Exists: A specific key exists in the node label.
  - DoesNotExist: A specific key does not exist in the node label.
- Value: The string that the value corresponding to the key must contain. Press Enter to set multiple strings; the value corresponding to the key needs to contain only one of these strings to meet the condition.
- Click Add to create multiple labels simultaneously.
- Click on the right side of an added label to delete it.
Custom

Use custom expressions to filter nodes that meet the conditions. For more information about expressions, refer to Node Selector.

IPIP Mode

IPIP mode is one of the Overlay modes and cannot be set simultaneously with VXLAN mode. If both are set to Never, BGP mode is used.

IPIP Mode: Creates an IP in IP tunnel on each node to enable communication between containers. Options are:

Always: Always perform IPIP encapsulation (default).
CrossSubnet: Perform IPIP encapsulation only when crossing subnets.
Never: Never perform IPIP encapsulation.

VXLAN Mode

VXLAN mode is one of the Overlay modes and cannot be set simultaneously with IPIP mode. If both are set to Never, BGP mode is used.

VXLAN Mode: Creates a VXLAN tunnel on each node to enable communication between containers. Options are:

Always: Always perform VXLAN encapsulation.
CrossSubnet: Perform VXLAN encapsulation only when crossing subnets.
Never: Never perform VXLAN encapsulation.