it-wiki:kubernetes:change_cluster_network
Dies ist eine alte Version des Dokuments!
Change serviceSubnet in Kubernetes
Changing the default ip range
kubeadm config upload from-flags --service-cidr 172.26.0.0/16
in:
kubectl -n kube-system edit cm kubeadm-config
Also this file:
/etc/kubernetes/manifests/kube-apiserver.yaml
and this file:
/etc/kubernetes/manifests/kube-controller-manager.yaml
modified the kubeadm-conf: Adding certSANs:
Changing netwokring:
Backup the apiserver cert files:
mv /etc/kubernetes/pki/apiserver.{crt,key} /bak
Save all svcs and recreate svcs:
kubectl get svc --all-namespaces | grep -v -w kubernetes| awk '$4 !~ /None|CLUSTER/{print "kubectl get svc -n "$1" " $2 " -o yaml && echo ---"}' | bash | sed '/clusterIP: 10/d' > all_svc.yaml kubectl get svc --all-namespaces | awk '$4 !~ /None|CLUSTER/{print "kubectl delete svc -n "$1" " $2}' | bash kubectl apply -f all_svc.yaml
update the cluster DNS:
kubectl get svc -A |grep dns # change kubelet config kubectl -n kube-system edit cm kubelet-config
update the apiserver certs:
kubeadm init phase certs apiserver --config=kubeadm.yaml
kubeadm upgrade node phase kubelet-config
systemctl restart kubelet
After doing this in all master nodes and rebooting I can see that the services are using 172.26.0.0/16 range.
Probably it will give an error for 172.26.0.1 as this ip is not recognized by the PKI.
In k8s 1.12 it can be fixed using:
kubeadm alpha phase certs all --apiserver-advertise-address 0.0.0.0 --apiserver-cert-extra-sans=<leaderip>,<newserviceip>
it-wiki/kubernetes/change_cluster_network.1691832709.txt.gz · Zuletzt geändert: von marko