Home > Software design >  How is Kubernetes Service IP assigned and stored?
How is Kubernetes Service IP assigned and stored?

Time:10-10

I deployed a service myservice to the k8s cluster. Using kubectl describe serivce ..., I can find that the service ip is 172.20.127.114 I am trying to figure out how this service ip is assigned. Is it assigned by K8s controller and stored in DNS? How does K8S control decide on the IP range?

kubectl describe service myservice                                     

Name:              myservice
Namespace:         default
Labels:            app=myservice
                   app.kubernetes.io/instance=myservice
Annotations:       argocd.argoproj.io/sync-wave: 3
Selector:          app=myservice
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.20.127.114
IPs:               172.20.127.114
Port:              <unset>  80/TCP
TargetPort:        5000/TCP
Endpoints:         10.34.188.30:5000,10.34.89.157:5000
Session Affinity:  None
Events:            <none>

CodePudding user response:

kuebernetes controller accepts service CIDR range using service-cluster-ip-range parameter. Service IP is assigned from this CIDR block.

enter image description here

The kubernetes controller pod name might vary in each environment. update the pod name accordingly

CodePudding user response:

Kubernetes assigns a stable, reliable IP address to each newly created service from the cluster's pool of available service IP addresses. Previously, Amazon EKS automatically chose a value for this range based on the primary CIDR block of the Amazon VPC used by the cluster.

The Kubernetes service IP address range can be configured for all newly created EKS clusters using for instance eksctl.

If you want to specify which IPv4 Classless Inter-domain Routing (CIDR) block Kubernetes assigns service IP addresses from, specify the serviceIPv4CIDR.

Check this out

Hope it helped somehow.

CodePudding user response:

  • The Pod IP Addresses comes from CNI
  • Api-server, Etcd, Kube-Proxy, Scheduler and controller-Manager IP Addresses come from Server/Node IP Address
  • Service IP address range is defined in the API Server Configuration

If we check API Configuration, we can see the - --service-cluster-ip-range=10.96.0.0/12 option in command section, A CIDR notation IP range from which to assign service cluster IPs:

sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml

See all defaults configurations:

kubeadm config print init-defaults
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
  - groups:
      - system:bootstrappers:kubeadm:default-node-token
    token: abcdef.0123456789abcdef
    ttl: 24h0m0s
    usages:
      - signing
      - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: { }
dns: { }
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: { }

Change Default CIDR IP Range

You can configure Kube API Server with many different options:

  1. when bootstrapping the cluster via kubeadm init --service-cidr <IP Range>
  2. Change kube-apiserver directly (kubelet periodically scans the configurations for changes)
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
  • Note that with option number 2, you are going to get The connection to the server IP:6443 was refused - did you specify the right host or port? error for a while, so you have to wait a couple of minutes to kube-apiserver start again...
  • The new CIDR block only applies for newly created Services, which means old Services still remain in the old CIDR block, for testing:
kubectl create service clusterip test-cidr-block --tcp 80:80

Then Check the newly created Service...


  • Related