Kubernetes-以编程方式找出服务IP范围CIDR [英] Kubernetes - Find out service ip range CIDR programatically

问题描述

我需要一种方法来获取可在所有Kubernetes群集上使用的服务群集ip范围(作为CIDR).

I need a way to get service cluster ip range (as CIDR) that works accross all Kubernetes clusters.

我尝试了以下方法，该方法对于使用kubeadm创建的集群工作正常，因为它可以捕获apiserver pod的参数:

I tried the following, which works fine for clusters created with kubeadm as it greps arguments of apiserver pod:

$ kubectl cluster-info dump  | grep service-cluster-ip-range
                        "--service-cluster-ip-range=10.96.0.0/12",

这不适用于所有Kubernetes集群，即gcloud

This does not work on all Kubernetes clusters, i.e. gcloud

所以问题是，以编程方式获得服务IP范围的最佳方法是什么?

So the question is, what is the best way to get service ip range programatically?

推荐答案

我认为没有办法通过K8s Api访问此类信息，但是有一个开放的问题可以解决此功能的不足: https://github.com/kubernetes/kubernetes/issues/25533 .如果您可以访问所涉及的k8s集群的etcd，则存在一个密钥，其中包含有关服务cidr范围的信息:/registry/ranges/serviceips.您可以通过使用etcdctl获取该值(假设您具有适当的权限):etcdctl --enpoints=<your etcd> --<any authentication flags> get "/registry/ranges/serviceips" --prefix=true.

I don't think there is a way to access such information through K8s Api, there is an open issue to address lack of this functionality: https://github.com/kubernetes/kubernetes/issues/25533 . If you have access to the etcd of the k8s cluster in question, then there is a key with information about service cidr range: /registry/ranges/serviceips . You can get the value, by using etcdctl (assuming, you have the proper permissions): etcdctl --enpoints=<your etcd> --<any authentication flags> get "/registry/ranges/serviceips" --prefix=true.

这篇关于Kubernetes-以编程方式找出服务IP范围CIDR的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！