突然发现公司测试集群内有两台机器的podcidr和其他机器不同,导致路由出现问题,因此计划修改单个节点的pod cidr值,如果需要修改整个集群的,可以参考cilium修改网段 | 运维晕晕的小本本 (hylove.site)

一、变更节点cidr配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
kubectl edit cn/节点名

spec:
  addresses:
  - ip: 136.168.10.248
    type: InternalIP
  - ip: 10.0.0.151
    type: CiliumInternalIP
  alibaba-cloud: {}
  azure: {}
  encryption: {}
  eni: {}
  health:
    ipv4: 10.0.0.151
  ipam:
    podCIDRs:
    - 10.0.0.0/24


删除
  - ip: 10.0.0.151
    type: CiliumInternalIP
  health:
    ipv4: 10.0.0.151
    
修改:podCIDRs改成新网段
    podCIDRs:
    - 10.0.0.0/24

二、应用配置

重启cilium,实际上只要重启有变动节点的pod即可

1
kubectl -n kube-system rollout restart ds/cilium

三、清理遗留网段

1、重启pod,使其获取到新网段ip

1
kubectl delete pod  -A --field-selector spec.nodeName=node193.169.203.136

2、清理遗留网段路由

1
2
3
4
5
6
7
8
9
10
11
[root@master136 ~]# ip route show
default via 136.168.10.254 dev em1 proto static metric 100 
10.0.0.151 dev cilium_host scope link 
100.0.0.0/24 via 100.0.0.64 dev cilium_host src 100.0.0.64 
100.0.0.64 dev cilium_host scope link 
100.0.1.0/24 via 100.0.0.64 dev cilium_host src 100.0.0.64 mtu 1450 
100.0.2.0/24 via 100.0.0.64 dev cilium_host src 100.0.0.64 mtu 1450 
100.0.3.0/24 via 100.0.0.64 dev cilium_host src 100.0.0.64 mtu 1450 
100.254.254.0/24 dev docker0 proto kernel scope link src 100.254.254.1 linkdown 
136.168.10.0/24 dev em1 proto kernel scope link src 136.168.10.245 metric 100 
[root@master136 ~]# ip route delete 10.0.0.151 dev cilium_host scope link

四、验证

到其他节点中ping新网段的某个pod ip