Network in Managed Service for Kubernetes
When creating a Kubernetes cluster, you can configure the:
You can also request a public IP address to access the cluster from outside Nebius AI.
Network resources
Kubernetes clusters in the Nebius AI infrastructure use the following resources:
-
Subnets.
Managed Service for Kubernetes reserves two subnets: for pods and services.
-
Public IP addresses.
By creating a node group with a public address, each node in the group will be assigned a public IP address.
Managing address space
Kubernetes clusters are subject to the following limitations:
- The ranges of the subnets being created should not overlap with the existing ranges.
- Only 50% of the possible subnet range is available for pods, nodes, and services. This limitation is due to the specifics of Virtual Private Cloud and ensures the availability of an unused IP range for cluster service distribution.
The following subnet ranges are available for the pods and services of clusters:
10.0.0.0/8
.172.16.0.0/12
.192.168.0.0/16
.
Private IP addresses of nodes are allocated from the default-eu-north1-c
subnet with the CIDR block 10.130.0.0/24
. The CIDR blocks for pods and services specified in the cluster settings must not overlap with this block.
Kubernetes has a standard limit
For example, when creating a cluster with the following parameters:
- Range of IP addresses for pods:
10.1.0.0/16
. - Range of IP addresses for services:
10.2.0.0/16
.
The cluster will have:
- Private IP addresses for nodes:
10.130.0.3
–10.130.0.255
. - Private IP addresses for pods on each node:
10.1.128.2
–10.1.128.255
,10.1.129.2
–10.1.129.255
, and so on.
Node name and FQDN
Managed Service for Kubernetes generates a name for each node when it is created. This name will be the host's fully qualified domain name (FQDN). You cannot change the node name or FQDN.
Use the FQDN to access the node within a single cloud network. For more information, see How Virtual Private Cloud and networking in Nebius AI work.
Public access to cluster nodes
Any Kubernetes cluster node can be accessed from outside Nebius AI provided that you requested a public address when creating the node group.
To connect to this kind of node from the internet, use its public IP address.
You can request a public IP address:
- For the master, only when creating a cluster.
- For nodes, when creating or changing a group.
When a node is deleted, its corresponding public IP address is revoked.
Network Load Balancer
You can view your LoadBalancer
Kubernetes services in a dedicated service, Network Load Balancer. It helps ensure applications' fault tolerance by evenly distributing loads across cloud resources. Health checks regularly examine resources from the target group connected to the load balancer, ensuring that traffic is only sent to working resources.
To access the service, in the management console
The service is subject to the Service Level Agreement. The service level is defined in the Service Level for Network Load Balancer.