calico更换地址池
作者:互联网
注意:生产环境更换ip地址池会导致网络中断,请慎重
在Kubernetes中,以下所有三个参数必须等于或包含Calico IP池CIDR:
kube-apiserver: --pod-network-cidr
kube-proxy: --cluster-cidr
kube-controller-manager: --cluster-cidr
- 部署cacicoctl,在node节点上:
wget https://github.com/projectcalico/calicoctl/releases/download/v3.5.4/calicoctl -O /usr/bin/calicoctl chmod +x /usr/bin/calicotl
- 准备配置文件
vim /etc/calico/calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
etcdEndpoints: https://10.0.110.14:2379,https://10.0.110.15:2379,https://10.0.110.27:2379
etcdKeyFile: /opt/etcd/ssl/server-key.pem
etcdCertFile: /opt/etcd/ssl/server.pem
etcdCACertFile: /opt/etcd/ssl/ca.pem
- 创建新的地址池
vim newippool.yaml
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
name: new-pool
spec:
cidr: 11.244.0.0/16
ipipMode: Always
natOutgoing: true
- 禁用旧的地址池
calicoctl get ippool
导出旧地址池的yaml文件
caclico get ippool default-ipv4-ippool -o yaml > old.yaml
修改yaml文件,添加一行:disabled: true
重新部署并查看情况:
calicoctl apply -f old.yaml
calicoctl get ippool -o wide
重启所有pod,重新创建所有现有工作负载
通过运行以下命令检查新工作负载现在是否在新IP池中具有地址:
calicoctl get wep --all-namespaces
- 删除旧的IP池
calicoctl delete pool default-ipv4-ippool
参考:
https://www.cnblogs.com/MinZhou/p/12587651.html
标签:calicoctl,get,--,yaml,地址,https,ippool,更换,calico 来源: https://www.cnblogs.com/xinbat/p/14784103.html