Azure
Expand Azure CNI Overlay Pod CIDR after cluster creation
GA ETA*: Q1 2026
*ETAs are estimations and subject to change
Sometimes customers will create an Overlay Cluster with a Pod CIDR big enough for their current workloads and as their requirements grow, they need addition IP space.
Currently, to address this issue customers need to recreate clusters with a bigger Pod CIDR space.
This feature allows customers to add additional Pod CIDR subnets to an existing Azure CNI Overlay cluster without having to recreate.
we user CNI in our AKS clusters (from 2019).. The subnet provides I.P for both nodes and pods. Will this feature help us to switch to CNI overlay where only the nodes need i.ps from the subnet? AFAIK CNI Overlay only needs IP address space for nodes and not the pods.
@asubmani this won't help you move from pod subnet to overlay. Still have to recreate for that.
While alot of work was done on this we're stilled debating if we force an reimage/rollling reimage of nodes or do another substantial peice of work to make this happen without a rolling reimage.
@asubmani mis read your post. seems like you're using node subnet which can upgrade to overlay https://learn.microsoft.com/en-us/azure/aks/upgrade-azure-cni#azure-cni-cluster-upgrade
At the time you upgrade to overlay you can specify whatever pod cidr you want.
Since podcidr expansion in overlay is delayed were looking tomake it so when upgrade from kubenet you can expand your cidr at kubenet -> overlay upgrade time
@asubmani mis read your post. seems like you're using node subnet which can upgrade to overlay https://learn.microsoft.com/en-us/azure/aks/upgrade-azure-cni#azure-cni-cluster-upgrade We are using the old CNI network type from when AKS used to support only
kubeletandCNI. Both nodes and pods get i.ps from the same subnet.
@asubmani yes, as Paul mentioned, the way forward for you is to upgrade from any legacy combination to overlay (legacy will eventually be retired) and in overlay this feature will allow you to adapt, but maybe you won't need it because at migration you can already adapt as well
....maybe you won't need it because at migration you can already adapt as well Could you elaborate on this? Are you talking about "azure level backend migration" or user initiated one? Given the current status of my cluster... will
az aks update ...--network-plugin-mode overlaywork? I am asking as migration to me means spinning up a new cluster and moving my apps to the new one from the old up. Hopefully I can do an inplace migration
Sharing output of : az aks show -g $RG -n $AKS --query networkProfile
since network plugin mode is null you are on node subnet and can set your pod cidr when you upgrade today to be whatever you want.
Hi folks - we've unfortunately run into an unexpected blocker with this feature. We're now aiming to have this ready in public preview in Q3 and will update this post once we have a firm date lined up.
@danbosscher I know it's not the topic here, but could at least something like suggested in https://github.com/Azure/AKS/issues/4367 be done, or allow to disable pre-allocation?
Hi folks - this feature is in active development and we estimate to have this in Public Preview for you in October 2025.
This is now available as public preview for k8s 1.33 and above. The rest will resume with backports in January.
@sf-msft Thanks for the update. For anyone looking for how to do this, the guide can be found here: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay-pod-expand
