{"id":1889,"date":"2022-10-19T04:28:15","date_gmt":"2022-10-19T04:28:15","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=1889"},"modified":"2022-10-17T21:33:14","modified_gmt":"2022-10-17T21:33:14","slug":"kubernetes-pod-network-cidr-nasil-degistirilir","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/kubernetes-pod-network-cidr-nasil-degistirilir\/","title":{"rendered":"Kubernetes Pod Network Cidr Nas\u0131l De\u011fi\u015ftirilir?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Makale \u0130\u00e7eri\u011fi<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunucucozumleri.com\/blog\/kubernetes-pod-network-cidr-nasil-degistirilir\/#Nedir\" >Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunucucozumleri.com\/blog\/kubernetes-pod-network-cidr-nasil-degistirilir\/#Case\" >Case<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunucucozumleri.com\/blog\/kubernetes-pod-network-cidr-nasil-degistirilir\/#Baslayalim\" >Ba\u015flayal\u0131m<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"Nedir\"><\/span>Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Pod network cidr <a href=\"https:\/\/sunucucozumleri.com\/kubernetes-nedir-kubernetes-komponentleri-nelerdir\/\"><strong>kubernetes<\/strong><\/a> clusterdaki podlar\u0131m\u0131z\u0131n cluster i\u00e7i local networkde alaca\u011f\u0131 IPv4 blo\u011fudur. Bu kubespray ve kubeadm kurulumlar\u0131nda container network interface&#8217;de tan\u0131mlan\u0131r(CNI). CNI olarak en yayg\u0131n \u015fekilde\u00a0<a title=\"calico\" href=\"https:\/\/docs.projectcalico.org\/getting-started\/kubernetes\/\" rel=\"nofollow noopener\" target=\"_blank\">calico<\/a>\u00a0kullan\u0131lmaktad\u0131r.<\/p>\n<h1><span class=\"ez-toc-section\" id=\"Case\"><\/span>Case<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Bug\u00fcn Hepsiburada private network\u00fcndeki bir kubernetes clusterda; hedef ip adresine worker node \u00fczerinden gidebilirken, pod i\u00e7inden gidemedi\u011fimiz konulu bir case geldi. Bu case \u00fczerine yapt\u0131\u011f\u0131m\u0131z inceleme sonucunda kubernetes pod cidr ip blo\u011fu ile hedef ip adresimizin bulundu\u011fu blo\u011fun \u00e7ak\u0131\u015ft\u0131\u011f\u0131n\u0131 fark ettik. Hepsiburada gibi private ip bloklar\u0131n\u0131n yetersiz kald\u0131\u011f\u0131 b\u00fcy\u00fck \u00f6l\u00e7ekli ortamlara bu t\u00fcr durumlarla kar\u015f\u0131la\u015fman\u0131z muhtemeldir.<\/p>\n<p>Cluster productionda oldu\u011fu i\u00e7in olabilecek en uygun \u015fekilde bu durumu \u00e7\u00f6zmemiz gerekiyordu. Tabi bu durumun \u00e7\u00f6z\u00fcm\u00fc farkl\u0131 y\u00f6ntemlerle de olabilir fakat biz pod network cidr blo\u011funu Hepsiburada private network\u00fcnde bulunmayan bo\u015f farkl\u0131 bir blok ile de\u011fi\u015ftirme \u00fczerine yo\u011funla\u015ft\u0131k. Bu makalemde de bu s\u00fcreci neredeyse kesintisiz nas\u0131l ger\u00e7ekle\u015ftirdim bundan bahsedece\u011fim.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Baslayalim\"><\/span>Ba\u015flayal\u0131m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Makalemin ba\u015f\u0131nda bahsetti\u011fim gibi kubernetes cluster\u0131m\u0131zda Calico CNI kullan\u0131yoruz. Yapaca\u011f\u0131m bu anlat\u0131m sadece Calico&#8217;yu kapsamaktad\u0131r.<\/p>\n<p>\u00d6ncelikle kurulu olan calico \u00fczerinde i\u015flem yapabilmek i\u00e7in calicoctl deploy etmemiz gerekmetedir. Bunun i\u00e7in;<\/p>\n<pre><code># kubectl apply -f https:\/\/docs.projectcalico.org\/manifests\/calicoctl.yaml<\/code><\/pre>\n<p>Sonraki komutlar\u0131 g\u00f6ndermeyi kolayla\u015ft\u0131rmak i\u00e7in alias tan\u0131ml\u0131yoruz.<\/p>\n<pre><code># alias calicoctl=\"kubectl exec -i -n kube-system calicoctl -- \/calicoctl \"<\/code><\/pre>\n<p>Halihaz\u0131rda var olan ip blo\u011funu g\u00f6rmek i\u00e7in a\u015fa\u011f\u0131daki komutu kullan\u0131yoruz.<\/p>\n<pre><code># calicoctl get ippool -o wide<\/code><\/pre>\n<pre><code>NAME                  CIDR             NAT    IPIPMODE   DISABLED\r\ndefault-ipv4-ippool   192.168.0.0\/16   true   Always     false<\/code><\/pre>\n<p>Yeni ip blo\u011funu tan\u0131ml\u0131yoruz.<\/p>\n<pre><code># calicoctl create -f -&lt;&lt;EOF\r\napiVersion: projectcalico.org\/v3\r\nkind: IPPool\r\nmetadata:\r\n  name: new-pool\r\nspec:\r\n  cidr: 172.17.0.0\/16\r\n  ipipMode: Always\r\n  natOutgoing: true\r\nEOF<\/code><\/pre>\n<p>\u015eimdi halihaz\u0131rdaki ip blo\u011funu silmek i\u00e7in a\u015fa\u011f\u0131daki komutlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/p>\n<pre><code># calicoctl get ippool -o yaml &gt; ippool.yaml<\/code><\/pre>\n<p>pool.yaml \u015fu \u015fekilde g\u00f6z\u00fckecektir.<\/p>\n<pre><code>apiVersion: projectcalico.org\/v3\r\nitems:\r\n- apiVersion: projectcalico.org\/v3\r\n  kind: IPPool\r\n  metadata:\r\n    name: default-ipv4-ippool\r\n  spec:\r\n    cidr: 192.168.0.0\/16\r\n    ipipMode: Always\r\n    natOutgoing: true\r\n- apiVersion: projectcalico.org\/v3\r\n  kind: IPPool\r\n  metadata:\r\n    name: new-pool\r\n  spec:\r\n    cidr: 172.17.0.0\/16\r\n    ipipMode: Always\r\n    natOutgoing: true<\/code><\/pre>\n<p>\u015eimdi yeni ekledi\u011fimiz ip poolu siliyoruz. ippool.yaml \u015fu hali alacakt\u0131r.<\/p>\n<pre><code>apiVersion: projectcalico.org\/v3\r\nitems:\r\n- apiVersion: projectcalico.org\/v3\r\n  kind: IPPool\r\n  metadata:\r\n    name: default-ipv4-ippool\r\n  spec:\r\n    cidr: 192.168.0.0\/16\r\n    ipipMode: Always\r\n    natOutgoing: true<\/code><\/pre>\n<p>D\u00fczenleme bitti, \u015fimdi varolan ippoolu silmek i\u00e7in a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/p>\n<pre><code># calicoctl delete -f - &lt; ippool.yaml<\/code><\/pre>\n<p>Tekrardan ip pollar\u0131 listeliyoruz ve sadece yeni ekledi\u011fimizin kald\u0131\u011f\u0131na ve enabled oldu\u011funa dikkat ediyoruz.<\/p>\n<pre><code># calicoctl get ippool -o wide<\/code><\/pre>\n<pre><code>NAME                  CIDR             NAT    IPIPMODE   DISABLED\r\nnew-pool              172.17.0.0\/16    true   Always     false<\/code><\/pre>\n<blockquote><p>\u0130\u015flem sonras\u0131nda eski ip blo\u011funda olu\u015fmu\u015f podlar\u0131m\u0131z\u0131 silmemiz gerekiyor.<\/p><\/blockquote>\n<p>T\u00fcm clusterdaki eskip ip blogunda \u00e7al\u0131\u015fan podlar\u0131 listelemek i\u00e7in;<\/p>\n<pre><code># kubectl get pod -A -o wide |grep 192.168<\/code><\/pre>\n<p>Namespace baz\u0131nda toplu silmek i\u00e7in;<\/p>\n<pre><code># kubectl get pod -n kube-system -o wide |grep 172.16. |awk '{print $2}' |xargs -I % kubectl delete pod % -n kube-system<\/code><\/pre>\n<p>Calicoyu ve coredns&#8217;i <a href=\"https:\/\/sunucucozumleri.com\/blog\/reboot-ve-restart-arasindaki-farklar-nedir\/\">restart<\/a> edelim. Buras\u0131 \u00f6nemli.<\/p>\n<pre><code># kubectl -n kube-system rollout restart ds calico-node\r\n# kubectl -n kube-system rollout restart deploy coredns<\/code><\/pre>\n<p>\u0130\u015flem bu kadar, sildi\u011finiz podlar\u0131n yerine olu\u015fan yeni podlar\u0131n yeni olu\u015fturdu\u011funuz networkten ip ald\u0131\u011f\u0131n\u0131 g\u00f6receksiniz. B\u00f6ylece &#8220;neredeyse&#8221; s\u0131f\u0131r kesintiyle calico CNI kulland\u0131\u011f\u0131m\u0131z kubernetes cluster\u0131m\u0131z\u0131n pod network cidr ip blo\u011funu de\u011fi\u015ftirmi\u015f oluyoruz.<\/p>\n<p>Bu makale : kubernetesturkey.com adresinden al\u0131nt\u0131d\u0131r.<\/p>\n<div class=\"bd-blog-bottom mt-4\">\n<div class=\"row g-4\">\n<div class=\"col-md-6\">\n<div class=\"bd-blog-share\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nedir? Pod network cidr kubernetes clusterdaki podlar\u0131m\u0131z\u0131n cluster i\u00e7i local networkde alaca\u011f\u0131 IPv4 blo\u011fudur. Bu kubespray ve kubeadm kurulumlar\u0131nda container network interface&#8217;de tan\u0131mlan\u0131r(CNI). CNI olarak en yayg\u0131n \u015fekilde\u00a0calico\u00a0kullan\u0131lmaktad\u0131r. Case Bug\u00fcn Hepsiburada private network\u00fcndeki bir kubernetes clusterda; hedef ip adresine worker node \u00fczerinden gidebilirken, pod i\u00e7inden gidemedi\u011fimiz konulu bir case geldi. Bu case \u00fczerine yapt\u0131\u011f\u0131m\u0131z inceleme &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1890,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1889","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=1889"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1889\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/1890"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=1889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=1889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=1889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}