Networking
STACKIT Kubernetes Engine (SKE) implements standard Kubernetes networking concepts with STACKIT-specific enhancements. This documentation explains:
- Project types: Public vs. STACKIT Network Area (SNA) configurations
- IP management: Allocation rules for nodes, routers, and load balancers
- DNS requirements: Resolution for public/private clusters
- Load balancers: Exposing services internally or publicly
Foreword
Section titled “Foreword”Your STACKIT project type determines the network setup for Kubernetes clusters on SKE. When creating a project, you choose between two configurations:
- Public: Internet-facing services with automatic public IP assignments
- STACKIT Network Area: Allows projects within an organization to be connected to each other on a network level
This initial choice affects:
- Egress traffic routing
- IP address management
- Integration with on-premise environments
- Compliance requirements
Public projects
Section titled “Public projects”STACKIT Kubernetes Engine clusters are internet-facing by default.
Key characteristics
Section titled “Key characteristics”- All egress traffic routes through a single router with a fixed public IPv4 address
- Nodes do not receive public IPs (services use load balancers for external exposure)
- Automatic infrastructure provisioning (Network, Subnet, Security Groups, Router)
Cluster creation
Section titled “Cluster creation”- No network customization required
- The system:
- Creates a public IP from STACKIT’s IP pool
- Creates a dedicated router and assigns the public IP (IP persists for the cluster’s lifecycle)
SKE clusters in a public project automatically create their infrastructure, including a network, subnet, security groups, and a router & IP. No customization steps are needed. The router receives an IPv4 address from STACKIT’s available pool. This egress IP address remains fixed throughout the cluster’s lifecycle and cannot be changed. All egress traffic is routed through the router in your Kubernetes cluster using this IP address.
SNA projects
Section titled “SNA projects”The STACKIT Network Area enables private connectivity across projects and on-premise environments, supporting hybrid cloud scenarios.
Before you can set up a Kubernetes cluster on SKE in an SNA, you need to create the SNA itself within your Organization and a network. For more information, refer to Creating/Deleting and Managing Networks.
The following content will help you plan the configurations of these services for your cluster.
Configuration requirements
Section titled “Configuration requirements”Take these requirements into consideration, before you start configuring your Kubernetes cluster on SKE within an SNA.
Network ranges (CIDR blocks)
Section titled “Network ranges (CIDR blocks)”You’ll need to define two network ranges via CIDR-notation:
| Range Type | Purpose | Example CIDR |
|---|---|---|
| Network | Node & load balancer allocation | 10.0.0.0/22 |
| Transfer | Router IP allocation | 192.168.0.0/24 |
IP allocation
Section titled “IP allocation”You’ll need to reserve the following number of IP addresses for operational purposes:
| Resource | IPs Required |
|---|---|
| Node/VM | 1 (per node/VM) |
| Load balancer | 5 (per load balancer) |
| Router interface | 1 |
After you’ve set up an SNA with a publicly resolvable DNS and subnets you can continue to set up your cluster. During setup, an SNA network must be selected, which will become the network for the cluster.
Visit the articles under “further information” to dive deeper into specific topics related to SKE networking.