正在運行的K8S集群調整Pod的網段地址

1.修改Pod網段地址的背景

使用sealos部署的K8S集群，默認的Pod網段是100.64.0.0/16，在私有化環境運行沒有任何問題，但是當集群部署在阿裏雲的ECS中之後，通過SLB七層負載K8S集群中的應用程序時，就會出現訪問异常的現象，數據包無法正常返回給SLB，經過與阿裏雲工程師的探討得知，SLB轉發的Proxy網段是100.64.0.0/16，與K8S Pod的網段地址沖突，從而可能產生網絡异常的現象。

2.當前K8S集群信息

[[email protected] ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   6m43s   v1.19.16
k8s-node-1   Ready    <none>   6m13s   v1.19.16
k8s-node-2   Ready    <none>   6m13s   v1.19.16

當前的Pod網段地址是100網段，我們要將其調整為10.10.0.0/18。

3.先在K8S集群搭建一個Pod

先在K8S集群搭建一個Pod，觀察修改網段前後Pod是否可用。

1）資源編排文件

[[email protected]-master k8s]# cat nginx.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx-80-443
  namespace: default
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: nginx
  type: NodePort

2）部署

[[email protected] k8s]# kubectl get all
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-6b89b7f467-ct6md   1/1     Running   0          8m32s

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/kubernetes     ClusterIP   10.96.0.1       <none>        443/TCP                      26m
service/nginx-80-443   NodePort    10.99.243.115   <none>        80:31575/TCP,443:31418/TCP   8m32s

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx   1/1     1            1           8m32s

NAME                               DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-6b89b7f467   1         1         1       8m32s

4.調整K8S集群的Pod網段

4.1.調整K8S地址池的網段

1.查看K8S默認的地址池
[[email protected] k8s]# kubectl get ippool
NAME                  AGE
default-ipv4-ippool   18m

2.調整地址池的地址範圍
[[email protected] k8s]# kubectl edit ippool default-ipv4-ippool
  cidr: 10.10.0.0/18

4.2.調整Controller-Manager組件的網段

[[email protected] k8s]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml 
    - --cluster-cidr=10.10.0.0/18

4.4.調整Kube-proxy網段地址

[root@k8s-master k8s]# kubectl edit cm kube-proxy -n kube-system
    clusterCIDR: 10.10.0.0/18

4.5.調整K8S集群所有節點yaml文件中的網段地址

有多少個Node就執行多少次相同的操作。

[[email protected] k8s]# kubectl get nodes k8s-master  -o yaml > master.yaml
[[email protected] k8s]# kubectl get nodes k8s-node-1  -o yaml > node-1.yaml
[[email protected] k8s]# kubectl get nodes k8s-node-2  -o yaml > node-2.yaml

[[email protected] k8s]# vim master.yaml
          v:"10.10.0.0/18": {}
spec:
  podCIDR: 10.10.0.0/18
  podCIDRs:
  - 10.10.0.0/18

[root@k8s-master k8s]# kubectl delete node k8s-master
node "k8s-master" deleted
[root@k8s-master k8s]# kubectl apply -f master.yaml 
node/k8s-master created

[root@k8s-master k8s]# kubectl delete node k8s-node-1
node "k8s-node-1" deleted
[root@k8s-master k8s]# kubectl delete node k8s-node-2
node "k8s-node-2" deleted
[root@k8s-master k8s]# kubectl apply -f node-1.yaml 
node/k8s-node-1 created
[root@k8s-master k8s]# kubectl apply -f node-2.yaml 
node/k8s-node-2 created

4.6.所有節點重啟kubelet

systemctl restart kubelet

4.7.重啟K8S集群中的Pod

[[email protected] k8s]# kubectl delete pod nginx-6b89b7f467-ct6md
pod "nginx-6b89b7f467-ct6md" deleted

[[email protected] k8s]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
nginx-6b89b7f467-869m2   1/1     Running   0          23s   10.10.5.129   k8s-node-1   <none>           <none>

Pod地址已經成功修改。