0

I deployed a service myservice to the k8s cluster. Using kubectl describe serivce ..., I can find that the service ip is 172.20.127.114 I am trying to figure out how this service ip is assigned. Is it assigned by K8s controller and stored in DNS? How does K8S control decide on the IP range?

kubectl describe service myservice                                     

Name:              myservice
Namespace:         default
Labels:            app=myservice
                   app.kubernetes.io/instance=myservice
Annotations:       argocd.argoproj.io/sync-wave: 3
Selector:          app=myservice
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.20.127.114
IPs:               172.20.127.114
Port:              <unset>  80/TCP
TargetPort:        5000/TCP
Endpoints:         10.34.188.30:5000,10.34.89.157:5000
Session Affinity:  None
Events:            <none>
yuyang
  • 1,511
  • 2
  • 15
  • 40

2 Answers2

1

kuebernetes controller accepts service CIDR range using service-cluster-ip-range parameter. Service IP is assigned from this CIDR block.

enter image description here

The kubernetes controller pod name might vary in each environment. update the pod name accordingly

P Ekambaram
  • 15,499
  • 7
  • 34
  • 59
  • thank you! i am using EKS .The command does not return CIDR block info. kubectl get po -n kube-system kube-controller-manager-controlplane -o yaml | grep service-cluster-ip-range Error from server (NotFound): pods "kube-controller-manager-controlplane" not found – yuyang Oct 10 '22 at 06:00
  • the kubernetes controller pod name might vary in each environment. update the pod name accordingly – P Ekambaram Oct 10 '22 at 06:11
0
  • The Pod IP Addresses comes from CNI
  • Api-server, Etcd, Kube-Proxy, Scheduler and controller-Manager IP Addresses come from Server/Node IP Address
  • Service IP address range is defined in the API Server Configuration

If we check API Configuration, we can see the - --service-cluster-ip-range=10.96.0.0/12 option in command section, A CIDR notation IP range from which to assign service cluster IPs:

sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml

See all defaults configurations:

kubeadm config print init-defaults

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
  - groups:
      - system:bootstrappers:kubeadm:default-node-token
    token: abcdef.0123456789abcdef
    ttl: 24h0m0s
    usages:
      - signing
      - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: { }
dns: { }
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: { }

Change Default CIDR IP Range

You can configure Kube API Server with many different options:

  1. when bootstrapping the cluster via kubeadm init --service-cidr <IP Range>
  2. Change kube-apiserver directly (kubelet periodically scans the configurations for changes)
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
  • Note that with option number 2, you are going to get The connection to the server IP:6443 was refused - did you specify the right host or port? error for a while, so you have to wait a couple of minutes to kube-apiserver start again...
  • The new CIDR block only applies for newly created Services, which means old Services still remain in the old CIDR block, for testing:
kubectl create service clusterip test-cidr-block --tcp 80:80

Then Check the newly created Service...

Ali
  • 922
  • 1
  • 9
  • 24