What is the difference between pod CIDR and service CIDR in Kubernetes?

Pod CIDR assigns real IP addresses to individual pods — each pod gets a unique IP from this range that other pods can route to. Service CIDR provides virtual IPs for Kubernetes Services (ClusterIP). Service IPs only exist in kube-proxy routing rules and are not routable on the underlying network. Both must be non-overlapping with each other and with the node network.

Can you change the pod CIDR after creating a Kubernetes cluster?

No — the pod CIDR and service CIDR cannot be changed after cluster creation without rebuilding the entire cluster. This is why you should choose a large range from the start. A /16 (65,536 IPs) is the most common safe choice, giving enough room for thousands of pods across hundreds of nodes.

Cloud / Kubernetes

Kubernetes Pod and Service CIDR Planning

Q: What CIDR should I use for Kubernetes pods?

Use a range from 10.0.0.0/8, separate from your node and service CIDRs. A common choice is 10.244.0.0/16 (Flannel default), giving 65,536 pod IPs. Size based on node count × pods per node — each node typically gets a /24 (256 IPs), so 50 nodes need at least a /18 (16,384 IPs). Size generously because the pod CIDR cannot be changed after cluster creation.

How to choose pod-CIDR and service-CIDR for a Kubernetes cluster, avoid conflicts with node and VPC networks, and plan for cluster growth.

Kubernetes IP address spaces

A Kubernetes cluster uses three distinct CIDR ranges:

CIDR Type	Used For	Flag	Typical Value
Pod CIDR	IP addresses assigned to each pod	--pod-network-cidr	10.244.0.0/16
Service CIDR	Virtual IPs for Kubernetes Services	--service-cluster-ip-range	10.96.0.0/12
Node CIDR	IP addresses of the cluster nodes	(from your VPC/cloud)	10.0.0.0/16

All three must be non-overlapping. If any two overlap, inter-pod or pod-to-service communication will break.

CNI-specific defaults

CNI Plugin	Default Pod CIDR	Notes
Flannel	10.244.0.0/16	Simple overlay, VXLAN or host-gw
Calico	192.168.0.0/16	Conflicts with home networks — change it
Cilium	10.0.0.0/8	Wide default; configure per-cluster range
AWS VPC CNI	Node subnet IPs	Pods use VPC IPs directly (no overlay)
GKE Dataplane V2	10.4.0.0/14	Managed by GKE, customisable

How to size your pod CIDR

→ Nodes × pods per node = total pod IPs needed. Each node typically gets a /24 (254 pods max) from the pod CIDR. With 50 nodes, you need at least 50 × 256 = 12,800 IPs — a /18 (16,384) would work; a /16 (65,536) gives comfortable room.
→ Use 10.x.x.x ranges for pod and service CIDRs. Avoid 192.168.x.x (Calico default) — it conflicts with employee home VPN routes.
→ Pod CIDR cannot be changed after cluster creation without recreating the cluster. Size generously.
→ The service CIDR is usually much smaller than the pod CIDR — a /12 (1 million) is more than enough for any cluster's service count.

Frequently Asked Questions

What CIDR should I use for Kubernetes pods?

Use a /16 from the 10.x.x.x space, separate from your node and service CIDRs. 10.244.0.0/16 (Flannel default) is common. Size based on nodes × pods-per-node — each node typically gets a /24, so plan for at least (node count × 256) total pod IPs. Avoid 192.168.x.x (Calico default) — it conflicts with employee home networks over VPN.

What is the difference between pod CIDR and service CIDR?

Pod CIDR provides real, routable IP addresses to pods — each pod gets a unique IP from this range. Service CIDR provides virtual IPs to Kubernetes Services (ClusterIP) — these IPs only exist in kube-proxy routing rules and are not routable on the underlying network. Both ranges must not overlap each other or the node network.

Can you change the pod CIDR after cluster creation?

No — neither the pod CIDR nor the service CIDR can be changed without rebuilding the cluster from scratch. Choose both ranges generously before creating the cluster. A /16 for pods and a /12 for services is a safe default for most workloads.