Reputation: 1661
How is Kubernetes Service IP assigned and stored?
I deployed a service myservice to the k8s cluster. Using kubectl describe serivce ..., I can find that the service ip is 172.20.127.114 I am trying to figure out how this service ip is assigned. Is it assigned by K8s controller and stored in DNS? How does K8S control decide on the IP range?
kubectl describe service myservice
Name: myservice
Namespace: default
Labels: app=myservice
app.kubernetes.io/instance=myservice
Annotations: argocd.argoproj.io/sync-wave: 3
Selector: app=myservice
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.20.127.114
IPs: 172.20.127.114
Port: <unset> 80/TCP
TargetPort: 5000/TCP
Endpoints: 10.34.188.30:5000,10.34.89.157:5000
Session Affinity: None
Events: <none>
Upvotes: 0
Views: 525
Answers (2)
Reputation: 1495
- The Pod IP Addresses comes from
CNI Api-server,Etcd,Kube-Proxy,Schedulerandcontroller-ManagerIP Addresses come fromServer/NodeIP AddressServiceIP address range is defined in theAPI ServerConfiguration
If we check API Configuration, we can see the - --service-cluster-ip-range=10.96.0.0/12 option in command section, A CIDR notation IP range from which to assign service cluster IPs:
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
See all defaults configurations:
kubeadm config print init-defaults
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: { }
dns: { }
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: { }
Change Default CIDR IP Range
You can configure Kube API Server with many different options:
- when bootstrapping the cluster via
kubeadm init --service-cidr <IP Range> - Change
kube-apiserverdirectly (kubeletperiodically scans the configurations for changes)
sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
- Note that with option number
2, you are going to get Theconnection to the server IP:6443 was refused - did you specify the right host or port?error for a while, so you have to wait a couple of minutes tokube-apiserverstart again... - The new CIDR block only applies for newly created Services, which means old Services still remain in the old CIDR block, for testing:
kubectl create service clusterip test-cidr-block --tcp 80:80
Then Check the newly created Service...
Upvotes: 1
Reputation: 17689
kuebernetes controller accepts service CIDR range using service-cluster-ip-range parameter. Service IP is assigned from this CIDR block.
The kubernetes controller pod name might vary in each environment. update the pod name accordingly
Upvotes: 1
Related Questions
- Where does a kubernetes ingress gets its IP address from?
- how pods manage the IP address?
- After applying ingress for k8s, why service address was set to node's IP address?
- Kubernetes Service cluster IP, how is this internally load balanced across different nodes
- Kubernetes service IP confusion
- Kubernetes outbound request to use service IP
- Kubernetes IP service IP and ports
- Public IP Address of the service/load balancer in Kubernetes from Env
- Kubernetes Service IP entry in IP tables
- Do Kubernetes service IPs change?