正在运行的K8S集群调整Pod的网段地址

1.修改Pod网段地址的背景

使用sealos部署的K8S集群，默认的Pod网段是100.64.0.0/16，在私有化环境运行没有任何问题，但是当集群部署在阿里云的ECS中之后，通过SLB七层负载K8S集群中的应用程序时，就会出现访问异常的现象，数据包无法正常返回给SLB，经过与阿里云工程师的探讨得知，SLB转发的Proxy网段是100.64.0.0/16，与K8S Pod的网段地址冲突，从而可能产生网络异常的现象。

2.当前K8S集群信息

[[email protected] ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   6m43s   v1.19.16
k8s-node-1   Ready    <none>   6m13s   v1.19.16
k8s-node-2   Ready    <none>   6m13s   v1.19.16

当前的Pod网段地址是100网段，我们要将其调整为10.10.0.0/18。

3.先在K8S集群搭建一个Pod

先在K8S集群搭建一个Pod，观察修改网段前后Pod是否可用。

1）资源编排文件

[[email protected]-master k8s]# cat nginx.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx-80-443
  namespace: default
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: nginx
  type: NodePort

2）部署

[[email protected] k8s]# kubectl get all
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-6b89b7f467-ct6md   1/1     Running   0          8m32s

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/kubernetes     ClusterIP   10.96.0.1       <none>        443/TCP                      26m
service/nginx-80-443   NodePort    10.99.243.115   <none>        80:31575/TCP,443:31418/TCP   8m32s

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx   1/1     1            1           8m32s

NAME                               DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-6b89b7f467   1         1         1       8m32s

4.调整K8S集群的Pod网段

4.1.调整K8S地址池的网段

1.查看K8S默认的地址池
[[email protected] k8s]# kubectl get ippool
NAME                  AGE
default-ipv4-ippool   18m

2.调整地址池的地址范围
[[email protected] k8s]# kubectl edit ippool default-ipv4-ippool
  cidr: 10.10.0.0/18

4.2.调整Controller-Manager组件的网段

[[email protected] k8s]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml 
    - --cluster-cidr=10.10.0.0/18

4.4.调整Kube-proxy网段地址

[root@k8s-master k8s]# kubectl edit cm kube-proxy -n kube-system
    clusterCIDR: 10.10.0.0/18

4.5.调整K8S集群所有节点yaml文件中的网段地址

有多少个Node就执行多少次相同的操作。

[[email protected] k8s]# kubectl get nodes k8s-master  -o yaml > master.yaml
[[email protected] k8s]# kubectl get nodes k8s-node-1  -o yaml > node-1.yaml
[[email protected] k8s]# kubectl get nodes k8s-node-2  -o yaml > node-2.yaml

[[email protected] k8s]# vim master.yaml
          v:"10.10.0.0/18": {}
spec:
  podCIDR: 10.10.0.0/18
  podCIDRs:
  - 10.10.0.0/18

[root@k8s-master k8s]# kubectl delete node k8s-master
node "k8s-master" deleted
[root@k8s-master k8s]# kubectl apply -f master.yaml 
node/k8s-master created

[root@k8s-master k8s]# kubectl delete node k8s-node-1
node "k8s-node-1" deleted
[root@k8s-master k8s]# kubectl delete node k8s-node-2
node "k8s-node-2" deleted
[root@k8s-master k8s]# kubectl apply -f node-1.yaml 
node/k8s-node-1 created
[root@k8s-master k8s]# kubectl apply -f node-2.yaml 
node/k8s-node-2 created

4.6.所有节点重启kubelet

systemctl restart kubelet

4.7.重启K8S集群中的Pod

[[email protected] k8s]# kubectl delete pod nginx-6b89b7f467-ct6md
pod "nginx-6b89b7f467-ct6md" deleted

[[email protected] k8s]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
nginx-6b89b7f467-869m2   1/1     Running   0          23s   10.10.5.129   k8s-node-1   <none>           <none>

Pod地址已经成功修改。