• Attempting to assign a previously used CIDR block to a new vSphere Namespace returns a validation error indicating that the subnet is already reserved or in use, such as:
  Namespace Network CIDR ####/## and Namespace Network CIDR ####/## from namespace in cluster #### overlap.


• Following error is seen in the wcpsvc.log on the vCenter Server:
  
  YYYY-MM-DDTHH:MM:SSZ error wcp [kubelifecycle/nsx_network_validations.go:444] [opID=<opId>] NSX Workload Network spec (*namespace_management.NetworksCreateSpec){Network:(string)<id> NetworkProvider:(namespace_management.ClustersNetworkProviderEnum)NSXT_CONTAINER_PLUGIN VsphereNetwork:(*namespace_management.NetworksVsphereDVPGNetworkCreateSpec)<nil> NsxNetwork:(*namespace_management.NetworksNsxNetworkCreateSpec){NamespaceNetworkCidrs:([]namespace_management.Ipv4Cidr)[{Address:(string) <IP> Prefix:(int64)23}] IngressCidrs:([]namespace_management.Ipv4Cidr)[{Address:(string)<IP> Prefix:(int64)28}] EgressCidrs:([]namespace_management.Ipv4Cidr)[{Address:(string)<IP> Prefix:(int64)30}] NsxTier0Gateway:(*string)<nil> SubnetPrefixLength:(*int64)24 RoutedMode:(*bool)false LoadBalancerSize:(*namespace_management.NetworksLoadBalancerSizeEnum)MEDIUM}} has overlapping CIDRs/invalid prefix. Err Namespace Network CIDR IP/## and Namespace Network CIDR IP/## from namespace in cluster domain-c## overlap.

vSphere Kubernetes Service

• The reuse of CIDR blocks across different namespaces is an unsupported configuration within the current architecture. To ensure network isolation and prevent routing conflicts, the system enforces a strict 1:1 mapping between a namespace and its assigned CIDR.
• Once a CIDR is allocated to a namespace, it is registered as a reserved resource within the NSX/vCenter management plane. This reservation remains active as long as the namespace object exists, regardless of whether active workloads or VMs are currently utilizing the segment.

• To use the IP addresses efficiently, remove the existing namespace and recreate it with the correct CIDR. Deleting the namespace is the only mechanism to trigger the release of the associated CIDR reservation in the backend.
• Once the original namespace and its corresponding NSX segments are removed, the system returns the IP range to the available pool. This allows successful reassignment to a new namespace without encountering a configuration conflict.