问题描述

如何从Kubernetes集群内部以可移植和简单的方式查询正在使用的Kubernetes pod和服务子网(分别为10.244.0.0/16和10.96.0.0/12)?

How can one inquire the Kubernetes pod and service subnets in use (e.g. 10.244.0.0/16 and 10.96.0.0/12 respectively) from inside a Kubernetes cluster in a portable and simple way?

例如，kubectl get cm -n kube-system kubeadm-config -o yaml报告podSubnet和serviceSubnet.但这并不是完全可移植的，因为群集可能是通过kubeadm以外的其他方式建立的.

For instance, kubectl get cm -n kube-system kubeadm-config -o yaml reports podSubnet and serviceSubnet. But this is not fully portable because a cluster may have been set up by another means than kubeadm.

kubectl get cm -n kube-system kube-proxy -o yaml报告clusterCIDR(即pod子网)，而kubectl get pod -n kube-system kube-apiserver-master1 -o yaml报告该值作为命令行选项--service-cluster-ip-range传递给kube-apiserver(即服务子网). master1代表任何控制平面节点的名称.但这似乎有点复杂.

kubectl get cm -n kube-system kube-proxy -o yaml reports clusterCIDR (i.e. pod subnet) and kubectl get pod -n kube-system kube-apiserver-master1 -o yaml reports the valuepassed as command-line option --service-cluster-ip-range to kube-apiserver (i.e. service subnet). master1 stands for the name of any control plane node. But this seems a bit complex.

是否有更好的方法，例如使用Kubernetes 1.17 API吗?

Is there a better way available e.g. with the Kubernetes 1.17 API?

推荐答案

我认为不可能以一种可移植且简单的方式来获取您想要的东西.如果您未指定Cidr的参数，它将分配默认值.

I don't think it would be possible to obtain what you want in a portable and simple way.If you don't specify Cidr's parameters it will assign default one.

由于您有多种方式将kubernetes作为非托管群集(如kubeadm，minikbue，k3，micork8s)或像云提供程序(GKE，Azure，AWS)进行托管，因此很难找到一种在所有环境中列出所有cidr的方法.另一个障碍可能是Kubernetes或CNI的版本.

As you have many ways to run kubernetes as unmanaged clusters like kubeadm, minikbue, k3s, micork8s or managed like Cloud providers (GKE, Azure, AWS) it's hard to find one way to list all cidrs in all environments. Another obstacle can be versions of Kubernetes or CNI.

在Kubernetes 1.17中发行说明您可以找到

In Kubernetes 1.17 Release notes you can find information that

以Kubeadm为例:$ kubeadm init --pod-network-cidr 10.100.0.0/12 --service-cidr 10.99.0.0/12

As example of Kubeadm: $ kubeadm init --pod-network-cidr 10.100.0.0/12 --service-cidr 10.99.0.0/12

有几种方法可以获取此pod和service-cidr:

There are a few ways to get this pod and service-cidr:

$ kubectl cluster-info dump | grep -E '(service-cluster-ip-range|cluster-cidr)'
                            "--service-cluster-ip-range=10.99.0.0/12",
                            "--cluster-cidr=10.100.0.0/12",



$ kubeadm config view | grep Subnet
  podSubnet: 10.100.0.0/12
  serviceSubnet: 10.99.0.0/12

但是，如果您要检查该群集中的所有Pod，则某些Pod以192.168.190.X或192.168.137.X开头

But if you will check all pods in this cluster, some pods are starting with 192.168.190.X or 192.168.137.X

$ kubectl get pods -A -owide
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE    IP                NODE             NOMINATED NODE   READINESS GATES
default       nginx                                      1/1     Running   0          62m    192.168.190.129   kubeadm-worker   <none>           <none>
kube-system   calico-kube-controllers-77c5fc8d7f-9n6m5   1/1     Running   0          118m   192.168.137.66    kubeadm-master   <none>           <none>
kube-system   calico-node-2kx2v                          1/1     Running   0          117m   10.128.0.4        kubeadm-worker   <none>           <none>
kube-system   calico-node-8xqd9                          1/1     Running   0          118m   10.128.0.3        kubeadm-master   <none>           <none>
kube-system   coredns-66bff467f8-sgmkw                   1/1     Running   0          120m   192.168.137.65    kubeadm-master   <none>           <none>
kube-system   coredns-66bff467f8-t84ht                   1/1     Running   0          120m   192.168.137.67    kubeadm-master   <none>           <none>

如果您将描述任何CNI个窗格，则可以找到另一个CIDR:

If you will describe any CNI pods you can find another CIDRs:

CALICO_IPV4POOL_CIDR:               192.168.0.0/16

对于GKE示例，您将具有:节点CIDR

For GKE example you will have:node CIDRs

$ kubectl describe node | grep CIDRs
PodCIDRs:                     10.52.1.0/24
PodCIDRs:                     10.52.0.0/24
PodCIDRs:                     10.52.2.0/24

$ gcloud container clusters describe cluster-2 --zone=europe-west2-b | grep Cidr
clusterIpv4Cidr: 10.52.0.0/14
  clusterIpv4Cidr: 10.52.0.0/14
  clusterIpv4CidrBlock: 10.52.0.0/14
  servicesIpv4Cidr: 10.116.0.0/20
  servicesIpv4CidrBlock: 10.116.0.0/20
  podIpv4CidrSize: 24
servicesIpv4Cidr: 10.116.0.0/20

老实说，我不认为有一种简单易行的方法可以在一个简单的命令中列出所有podCidrs和serviceCidrs.

Honestly I don't think there is an easy and portable way to list all podCidrs and serviceCidrs in one simple command.

这篇关于从Kubernetes集群内部查询Pod和服务子网的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！