堆栈内存溢出
  简体   繁体   English

如何减少 Azure AKS IP 地址占用?

[英]How to reduce Azure AKS IP address hogging?

 原文  2022-12-12 19:31:04       azure/ azure-aks

问题描述

After upgrading to AKS v. 1.24 .network type: Azure CNI), finding that kube-system pods take up most of the IP space, leaving very few IPs for application deployments.升级到 AKS v. 1.24 .network type: Azure CNI 后,发现kube-system pod 占用了大部分 IP 空间,留下很少的 IP 用于应用程序部署。

For example, here are the kube-system pods running on one of the VMs:例如,以下是在其中一个虚拟机上运行的kube-system pod:

NAMESPACE                NAME                                                   READY   STATUS    RESTARTS   AGE   IP             NODE                                NOMINATED NODE   READINESS GATES
kube-system              ama-logs-m5rrq                                         2/2     Running   0          25d   10.65.197.16   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              ama-logs-rs-c4f77bf75-cpvgl                            1/1     Running   0          25d   10.65.197.24   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              azure-ip-masq-agent-rcc7m                              1/1     Running   0          25d   10.65.197.15   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              azure-npm-lg7f6                                        1/1     Running   0          25d   10.65.197.15   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              cloud-node-manager-h7w25                               1/1     Running   0          25d   10.65.197.15   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              coredns-59b6bf8b4f-bp9nb                               1/1     Running   0          25d   10.65.197.17   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              csi-azurefile-node-bdpwc                               3/3     Running   0          8d    10.65.197.15   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              konnectivity-agent-85c86bd7ff-wsj5k                    1/1     Running   0          25d   10.65.197.23   aks-agentpool-45621317-vmss00000b   <none>           <none>
kube-system              kube-proxy-hzxhl                                       1/1     Running   0          8h    10.65.197.15   aks-agentpool-45621317-vmss00000b   <none>           <none>

Since we deploy to private.networks, this is becoming a challenge to keep provisioining bigger.networks and keep increasing max pods per IP.自从我们部署到 private.networks 后,这就成为了一个挑战,要继续配置更大的网络并不断增加每个 IP 的最大 pod。

Any ideas how one can free up some of this space?有什么想法可以释放一些空间吗?

1 个解决方案

解决方案1
 0  2022-12-30 07:52:35

If the AKS cluster created with the Azure CNI plugin , all the pods in the Kube.netes cluster make use of IPs part of Virtual.network which we created for the AKS cluster.如果 AKS 集群是使用Azure CNI 插件创建的,则 Kube.netes 集群中的所有 Pod 都使用我们为 AKS 集群创建的 Virtual.network 的 IP 部分。

在此处输入图像描述

All cluster Nodes and pods will become part of the cluster su.net (10.224.0.0/16).所有集群节点和 pod 都将成为集群 su.net (10.224.0.0/16) 的一部分。 So, if we are hosting 1000 pods on the AKS cluster, it will pick 1000 Ips from the su.net of .NET. Check the below pods IP details:因此,如果我们在 AKS 集群上托管 1000 个 pod,它将从 .NET 的 su.net 中选择 1000 个 Ips。检查以下 pod IP 的详细信息:

NAMESPACE  NAME  READY  STATUS  RESTARTS  AGE  IP  NODE  NOMINATED NODE  READINESS GATES
default  nginxd-67d79c7976-7zv7v  1/1  Running  0  4h19m  10.224.0.17  aks-agentpool-20514180-vmss000000  <none>  <none>
default  nginxd-67d79c7976-kfwwj  1/1  Running  0  4h19m  10.224.0.86  aks-agentpool-20514180-vmss000000  <none>  <none>
default  nginxd-67d79c7976-rt5j9  1/1  Running  0  4h19m  10.224.0.55  aks-agentpool-20514180-vmss000000  <none>  <none>
default  nginxd-67d79c7976-s8pms  1/1  Running  0  4h19m  10.224.0.108  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  azure-ip-masq-agent-sfkzv  1/1  Running  0  5h  10.224.0.4  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  cloud-node-manager-5td8p  1/1  Running  0  5h  10.224.0.4  aks-agentpool-20514180-vmss000000 <none>  <none>
kube-system  coredns-59b6bf8b4f-j7fwq  1/1  Running  0  5h1m  10.224.0.112  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  coredns-59b6bf8b4f-tcsc7  1/1  Running  0  5h  10.224.0.96  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  coredns-autoscaler-5655d66f64-8tddq  1/1  Running  0  5h1m  10.224.0.56  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  csi-azuredisk-node-p92rv  3/3  Running  0  5h  10.224.0.4  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  csi-azurefile-node-fn8pw  3/3  Running  0  5h  10.224.0.4  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  konnectivity-agent-66c54fd7cd-9trm7  1/1  Running  0  4h48m  10.224.0.102  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  konnectivity-agent-66c54fd7cd-c96sp  1/1  Running  0  4h48m  10.224.0.88  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  kube-proxy-dkxpp  1/1  Running  0  5h  10.224.0.4  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  metrics-server-7dd74d8758-j2lph  2/2  Running  0  5h  10.224.0.46  aks-agentpool-20514180-vmss000000  <none>  <none>
kube-system  metrics-server-7dd74d8758-rh266  2/2  Running  0  5h  10.224.0.104  aks-agentpool-20514180-vmss000000  <none>  <none>

All the services will take IP from the service CDIR.所有服务将从服务 CDIR 获取 IP。 Check the services Ips below:检查以下服务 Ips:

NAMESPACE  NAME  TYPE  CLUSTER-IP  EXTERNAL-IP  PORT(S)  AGE
default  kubernetes  ClusterIP  10.0.0.1  <none>  443/TCP  5h6m
default  nginx-service  LoadBalancer  10.0.174.204  20.246.132.249  80:32229/TCP  4h20m
kube-system  kube-dns  ClusterIP  10.0.0.10  <none>  53/UDP,53/TCP  5h5m
kube-system  metrics-server  ClusterIP  10.0.5.36  <none>  443/TCP  5h5m

Cross-check Networking details in.networking of AKS once provisioned.预配后交叉检查 AKS 网络中的网络详细信息。
AKS cluster > Networking: AKS 群集 > 网络:

在此处输入图像描述

  • If you are choosing Azure-CNI, have to plan IP spaces accordingly.如果选择Azure-CNI,需要相应规划IP个空间

  • To prevent pods from make use of real IP addresses use kub.net plugin or azure-cni-overlay.network plugin.要防止 pod 使用真实的 IP 地址,请使用 kub.net 插件或 azure-cni-overlay.network 插件。

  • azure-cni-overlay-plugin is in preview state and available in west central us and east us regions. azure-cni-overlay-plugin的预览版为 state,可在美国中西部和美国东部地区使用。

  • If you choose to select kub.net plugin, it will create a.network for us with default values and it will create a logical IP spaces to make use of pods in the cluster.如果您选择 select kub.net 插件,它将使用默认值为我们创建一个 .network,并将创建一个逻辑空间 IP 以使用集群中的 pod。

  • Those Ips are reusable across multiple clusters.这些 Ips 可跨多个集群重用。
    User can see the.network details in.networking tab once AKS provisioned successfully. AKS 预配成功后,用户可以在网络选项卡中查看网络详细信息。

Default values of AKS cluster for kub.net.networking plugin as below: kub.net.networking 插件的 AKS 集群默认值如下:

在此处输入图像描述

Here, when pods created in the cluster, it will pic IPs from the Pod CIDR.在这里,当在集群中创建 Pod 时,它将从 Pod CIDR 获取 IP。 This is the main difference between Azure-CNI and Kub.net plugin.这是 Azure-CNI 和 Kub.net 插件之间的主要区别。

Pod CIDR means logical grouping of IPs which is not part of the VNet which we create during AKS cluster. Pod CIDR 表示 IP 的逻辑分组,它不是我们在 AKS 群集期间创建的 VNet 的一部分。

Check Pod assigned IPs below.检查下面的 Pod 分配的 IP。 It will match with Pod CIDR range:它将与 Pod CIDR 范围匹配:

NAMESPACE  NAME  READY  STATUS  RESTARTS  AGE  IP  NODE  NOMINATED NODE  READINESS GATES
default  nginxd01-784cf56f68-db6wz  1/1  Running  0  4h26m  10.244.0.13  aks-agentpool-97773100-vmss000000  <none>  <none>
default  nginxd01-784cf56f68-fqtjn  1/1  Running  0  4h26m  10.244.0.12  aks-agentpool-97773100-vmss000000  <none>  <none>
default  nginxd01-784cf56f68-mj4w9  1/1  Running  0  4h26m  10.244.0.14  aks-agentpool-97773100-vmss000000  <none>  <none>
default  nginxd01-784cf56f68-vwx84  1/1  Running  0  4h26m  10.244.0.11  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  azure-ip-masq-agent-mgdbr  1/1  Running  0  4h51m  10.224.0.4  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  cloud-node-manager-7zg2b  1/1  Running  0  4h51m  10.224.0.4  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  coredns-59b6bf8b4f-hh8l5  1/1  Running  0  4h50m  10.244.0.8  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  coredns-59b6bf8b4f-rsmmb  1/1  Running  0  4h52m  10.244.0.5  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  coredns-autoscaler-5655d66f64-nb2kk  1/1  Running  0  4h52m  10.244.0.6  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  csi-azuredisk-node-lm4mf  3/3  Running  0  4h51m  10.224.0.4  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  csi-azurefile-node-p5mws  3/3  Running  0  4h51m  10.224.0.4  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  konnectivity-agent-5f4cf5c7dd-r85ht  1/1  Running  0  4h10m  10.244.0.15  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  konnectivity-agent-5f4cf5c7dd-vg6xn  1/1  Running  0  4h10m  10.244.0.16  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  kube-proxy-m8n8x  1/1  Running  0  4h51m  10.224.0.4  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  metrics-server-7dd74d8758-6lqgs  2/2  Running  0  4h50m  10.244.0.10  aks-agentpool-97773100-vmss000000  <none>  <none>
kube-system  metrics-server-7dd74d8758-s4sl9  2/2  Running  0  4h50m  10.244.0.9  aks-agentpool-97773100-vmss000000  <none>  <none>

Ensure that Pod CIDR range must not overlap with any other IPs in the.network.确保 Pod CIDR 范围不得与网络中的任何其他 IP 重叠。 Kub.net.network plugin uses Route table also. Kub.net.network 插件也使用路由表。

If the user needs more flexibility in controlling IP address space go for the Azure-cli-overlay.如果用户需要更灵活地控制 IP 地址空间 go 用于 Azure-cli-overlay。 But it is in the preview state and does not recommend for production workloads.但它在预览版 state 中,不建议用于生产工作负载。

Azure-CNI-overlay reference : azure-CNI-overlay.network Azure-CNI-overlay参考azure-CNI-overlay.network

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure AKS静态IP地址 - Azure AKS static IP Address Azure AKS IP 地址到白名单图像注册表 - Azure AKS IP address to whitelist Image Registry 入口规则无法解析 Azure AKS 上的后端服务器 IP 地址 - Ingress rule cannot resolve the backend server ip address on Azure AKS 如何查找 Azure AKS 传出 IP - How to find Azure AKS Outgoing IP 使用Azure AKS进入IP - Ingress IP with Azure AKS 如何为 AKS 中的出口流量保留 pod IP 地址? - How to preserve pod IP address for egress traffic in AKS? 如何将流量从主机名重定向到 Kubernetes (AKS) 中的自定义 IP 地址? - How to redirect traffic from hostname to a custom IP address in Kubernetes (AKS)? 如何查看进入 Azure AKS 群集的请求的公共源 IP - How to view the public origin IP of requests coming into an Azure AKS cluster 如何将 AKS 入口外部 IP 链接到 Azure DNS 区域? - How to link AKS ingress external IP to Azure DNS zone? 创建的 AKS 群集没有外部 IP 地址 - AKS Cluster Created has no External IP Address
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM