-
Notifications
You must be signed in to change notification settings - Fork 715
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing master IP address #338
Comments
This is not a limitation by kubeadm, but just general security practice. You can add more IPs in the certificate in beforehand though... |
Thank you for your response. As the IP addresses are assigned by the cloud provider, so generating certificate beforehand would only work if I could set it to a wildcard. (Sorry, I know nothing about certificates.) I overlooked that Either way, thank you for all the work done on kubeadm! It's magical to see the cluster come up in minutes - I've been using Kubernetes since 0.14, in production since 1.0. |
@analytik i have exactly the same problem as yours. My corporate network blocks gcr.io . So i am using a dongle for the install. However the provider IP keeps changing dynamically and is not under my control. So even i am looking out for a solution. Even if i keep my dongle plugged in, sometimes due to network resets the IP changes. Do you have any solution to this? How are you handling this? |
How do you guys deal with the changed master IP? |
Is there any update on this issue? |
Same problem here. Any documentation to proceed a master ip modification without resetting the entire cluster please ? |
I was able to accomplish this by:
[1]
[2]
[3]
|
Wow, I was unaware of these commands. Great infos, that did the trick. Thank you ! |
is there a way to find the configmaps manually and change them ? |
I hope kubeadm can cover this process in a future release. |
@patricklucas seriously, thank you for that write-up. It saved my life. For those looking for even more clarity, here were my experiences:
|
another thing to note, changing the certs was possible in offline mode by specifying the k8s version in a config file: kubernetes/kubernetes#54188 (comment) |
@weisjohn Could you also please update your comment by noting that:
is also needed for kubeadm? Otherwise, my kubeadm join commands keep failing by using the old/wrong apiserver IP halfway through the process. Thanks! |
I've applying all the steps from by @weisjohn (#338 (comment)) and @michaelfig (#338 (comment)) to replace the address everywhere. This is used to let kubernetes use the newly created VPC address on eth1, instead of the public IP on eth0. Yet when I run Any clues? Even in Update: it turns that that |
@weisjohn Thank you for
Thank you for steps. Thanks in advance :) |
Perhaps good to mention, when moving the master IP to a private network it could be useful to update the overlay network too. Calico wasn't using the VPC interface until it was bound to that interface:
|
@weisjohn kubeadm alpha phase certs apiserver is not working in v1.13.0, showing "This command is not meant to be run on its own. See list of available subcommands." any updated comments available? |
in 1.13 the command is called |
Very useful steps to remedy - thanks @patricklucas and @weisjohn ! One extra tip if, like me, you begin from the state that the IP address has already changed, so you cannot contact the api-server to change the configmaps in step 4: |
@bboreham @weisjohn @patricklucas Thanks a lot for your experience. Could you please give an advice, what should I do on worker nodes after changing ip on master node? |
I know it's an old issue but maybe my comment will be of use to someone. systemctl stop kubelet docker
cd /etc/
# backup old kubernetes data
mv kubernetes kubernetes-backup
mv /var/lib/kubelet /var/lib/kubelet-backup
# restore certificates
mkdir -p kubernetes
cp -r kubernetes-backup/pki kubernetes
rm kubernetes/pki/{apiserver.*,etcd/peer.*}
systemctl start docker
# reinit master with data in etcd
# add --kubernetes-version, --pod-network-cidr and --token options if needed
kubeadm init --ignore-preflight-errors=DirAvailable--var-lib-etcd
# update kubectl config
cp kubernetes/admin.conf ~/.kube/config
# wait for some time and delete old node
sleep 120
kubectl get nodes --sort-by=.metadata.creationTimestamp
kubectl delete node $(kubectl get nodes -o jsonpath='{.items[?(@.status.conditions[0].status=="Unknown")].metadata.name}')
# check running pods
kubectl get pods --all-namespaces |
@valerius257 thank you man, you save our weekend) |
Thanks @valerius257 👍 The instruction mentioned by @valerius257 worked seamlessly, till I hit issues which are very specific to my kubeadm master node. I was trying to recover kubeadm Master Node whose IP got changed. Post continuation of steps mentioned by @valerius257 Resolution: As i have initiated the cluster with kubeadm init with cidr n/w (when IP was old or while commissioning the master node), following step has wiped the cidr settings from "/etc/kubernetes/manifests/kube-controller-manager.yaml" file. Hence, if you have initiated the kubeadm master node(with 1st time IP Address) with command "kubeadm init --token {{ kubeadm_token }} --pod-network-cidr=10.244.0.0/16" ", then post allocation of new IP you should execute following command with --pod-network-cidr=10.244.0.0/16. Or modify the file "/etc/kubernetes/manifests/kube-controller-manager.yaml with following parameters included , if they are missing under Spec:containers:command:
Issue 2: |
in the place of newip which ip should we give? |
@VipinKrizz the context of this issue is that the IP already changed due to factors within the infrastructure. Nobody can answer which IP you should use except someone familiar with your particular set-up. Maybe you can find someone to have a chat with about this on Slack? Kubeadm issues are not the right place. |
@valerius257 thanks much for that script, I now see a number of downsides in my approach. I can confirm that your solution worked, however, there's lots of little edges (as in all of k8s). I had to re-apply any patches to enabled services / built-ins, dns, special storage classes, etc. But yeah, your script saved my bacon today. |
@valerius257 I followed your step but getting below issue root@ubuntu:/etc/kubernetes/pki# kubeadm init --ignore-preflight-errors=DirAvailable--var-lib-etcd Unfortunately, an error has occurred: This error is likely caused by: If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands: Additionally, a control plane component may have crashed or exited when started by the container runtime. kindly help |
Worked for me thanks Only thing is you need to use
For latest kubectl versions |
@bboreham Generate certificate using i've changed in /etc/hosts and tried kubectl --server=https://:6443 still not working :( any specific configuration need to do in /etc/hosts?? |
Thank you for your help, my problem was solved! Great greate job! |
|
I'm using a provider that dynamically assigns private IP addresses on node startup, and it seems to break kubeadm-based setup.
I have set up brand new master server with kubeadm, and it worked well, but after shutting down and bringing the machine back up, the private IP address has changed, and now when using kubectl I get an error
Unable to connect to the server: x509: certificate is valid for 10.96.0.1, 10.4.36.13, not 10.4.20.67
(The latter being the new IP address of the master server.)
Is there a way to run
kubeadm init
in a way to reset the configuration? E.g. I want to keep the cluster pods, RCs, etc, but I want to re-init the certificate to use a hostname instead of IP address.When I try running init again with hostname instead of the default IP address, it disagrees with me:
It picks up the now unusable certificate for 10.4.36.13, which is an IP address outside of my control instead of resetting it.
If I remove
/etc/kubernetes/*.conf
, and re-run the init above it still writesserver: https://10.4.20.67:6443
instead of using the hostname.Should kubeadm init overwrite the setting and create a new certificate? Is there a plan to add
kubeadm reset
or similar functionality that would reset the cluster, or destroy all artifacts created by previouskubeadm init
so that I can have a fresh start?The text was updated successfully, but these errors were encountered: