Configuring Subnets for a Kubernetes Namespace

When you create a Kubernetes namespace, you can specify subnets for the namespace with the annotation ncp/subnets if SNAT is not configured for the namespace. The subnets will be used to allocate IP addresses to the pods in the namespace.

To enable this feature, set enable_namespace_subnets to True under the [K8s] section in ncp.ini. The default is False. Once set to True, you must not set it back to False.

Details about this feature:

The value of the ncp/subnets annotation should be a comma-separated list of IP addresses in CIDR format.
You can update the annotation with additional subnets.
If a pod is created in the namespace and no IP address from the subnets is available, the namespace is annotated with the error NAMESPACE_SUBNETS_EXHAUSTED. You can update the ncp/subnets annotation with additional subnets and the pod will be allocated an IP address.
You can remove a subnet from the annotation if no IP address has been allocated from it.
This feature is only supported in policy mode.
This feature is only supported for new namespaces.
Adding the annotation to an existing namespace is not supported. The namespace will be annotated with the error SUBNETS_ON_EXISTING_NAMESPACE_NOT_SUPPORTED.
Removing the annotation is not supported. If you remove the annotation, NCP will add it back and log a warning in the NCP log.
This feature is not supported on Tanzu Application Service (TAS), Tanzu Kubernetes Grid Integrated (TKGI), or vSphere with Kubernetes.
Both IPv4 and IPv6 are supported.
Removing a subnet from the annotation will be ignored if an IP address from the subnet has been allocated. NCP will add the subnet back and log an error.