正在运行的K8S集群调整Pod的网段地址
文章目录
1.修改Pod网段地址的背景
使用sealos部署的K8S集群,默认的Pod网段是100.64.0.0/16,在私有化环境运行没有任何问题,但是当集群部署在阿里云的ECS中之后,通过SLB七层负载K8S集群中的应用程序时,就会出现访问异常的现象,数据包无法正常返回给SLB,经过与阿里云工程师的探讨得知,SLB转发的Proxy网段是100.64.0.0/16,与K8S Pod的网段地址冲突,从而可能产生网络异常的现象。
2.当前K8S集群信息
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 6m43s v1.19.16
k8s-node-1 Ready <none> 6m13s v1.19.16
k8s-node-2 Ready <none> 6m13s v1.19.16
当前的Pod网段地址是100网段,我们要将其调整为10.10.0.0/18。
3.先在K8S集群搭建一个Pod
先在K8S集群搭建一个Pod,观察修改网段前后Pod是否可用。
1)资源编排文件
[root@k8s-master k8s]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx-80-443
namespace: default
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: nginx
type: NodePort
2)部署
[root@k8s-master k8s]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-6b89b7f467-ct6md 1/1 Running 0 8m32s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 26m
service/nginx-80-443 NodePort 10.99.243.115 <none> 80:31575/TCP,443:31418/TCP 8m32s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 1/1 1 1 8m32s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-6b89b7f467 1 1 1 8m32s
4.调整K8S集群的Pod网段
4.1.调整K8S地址池的网段
1.查看K8S默认的地址池
[root@k8s-master k8s]# kubectl get ippool
NAME AGE
default-ipv4-ippool 18m
2.调整地址池的地址范围
[root@k8s-master k8s]# kubectl edit ippool default-ipv4-ippool
cidr: 10.10.0.0/18
4.2.调整Controller-Manager组件的网段
[root@k8s-master k8s]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml
- --cluster-cidr=10.10.0.0/18
4.4.调整Kube-proxy网段地址
[root@k8s-master k8s]# kubectl edit cm kube-proxy -n kube-system
clusterCIDR: 10.10.0.0/18
4.5.调整K8S集群所有节点yaml文件中的网段地址
有多少个Node就执行多少次相同的操作。
[root@k8s-master k8s]# kubectl get nodes k8s-master -o yaml > master.yaml
[root@k8s-master k8s]# kubectl get nodes k8s-node-1 -o yaml > node-1.yaml
[root@k8s-master k8s]# kubectl get nodes k8s-node-2 -o yaml > node-2.yaml
[root@k8s-master k8s]# vim master.yaml
v:"10.10.0.0/18": {}
spec:
podCIDR: 10.10.0.0/18
podCIDRs:
- 10.10.0.0/18
[root@k8s-master k8s]# kubectl delete node k8s-master
node "k8s-master" deleted
[root@k8s-master k8s]# kubectl apply -f master.yaml
node/k8s-master created
[root@k8s-master k8s]# kubectl delete node k8s-node-1
node "k8s-node-1" deleted
[root@k8s-master k8s]# kubectl delete node k8s-node-2
node "k8s-node-2" deleted
[root@k8s-master k8s]# kubectl apply -f node-1.yaml
node/k8s-node-1 created
[root@k8s-master k8s]# kubectl apply -f node-2.yaml
node/k8s-node-2 created
4.6.所有节点重启kubelet
systemctl restart kubelet
4.7.重启K8S集群中的Pod
[root@k8s-master k8s]# kubectl delete pod nginx-6b89b7f467-ct6md
pod "nginx-6b89b7f467-ct6md" deleted
[root@k8s-master k8s]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6b89b7f467-869m2 1/1 Running 0 23s 10.10.5.129 k8s-node-1 <none> <none>
Pod地址已经成功修改。