[TOC] 前提条件： - KUBERNETES 集群已安装 - calico 网络插件已安装 - calicoctl 工具已安装，参考 [文章](./calicoctl_install.md) ## 判断现有环境模式 ```shell $ ip r # 路由转发网卡是物理网卡的话，则为BGP模式，转发网卡是tunl0的话，则为IPIP $ calicoctl get ippool -owide # IPIPMODE字段为Never，则为BGP模式，IPIPMODE字段为Always，则为IPIP ``` ## 检查环境 ```shell # 查看主机路由(ps: 路由转发的网卡) $ ip r | grep /26 blackhole 172.26.37.128/26 proto bird 172.26.110.128/26 via 192.168.32.129 dev ens33 proto bird onlink 172.26.143.0/26 via 192.168.32.128 dev ens33 proto bird onlink # 查看ipPool现有配置(ps: IPIPMODE字段) $ calicoctl get ippool -owide NAME CIDR NAT IPIPMODE VXLANMODE DISABLED DISABLEBGPEXPORT SELECTOR default-ipv4-ippool 172.26.0.0/16 true Never Never false false all() # 查看calico-node配置 $ kubectl -n kube-system get daemonset calico-node -oyaml | grep -A1 CALICO_IPV4POOL_IPIP$ - name: CALICO_IPV4POOL_IPIP value: Never ``` ## 修改ipPool配置 ```shell $ calicoctl get ippool default-ipv4-ippool -oyaml > default-ipv4-ippool.yaml $ calicoctl patch ippool default-ipv4-ippool --patch '{"spec":{"ipipMode": "Always"}}' ``` ## 修改calico-node配置 ```shell $ kubectl -n kube-system get daemonset calico-node -oyaml > calico-node.yaml $ kubectl -n kube-system patch daemonset calico-node --patch '{"spec": {"template": {"spec": {"containers": [{"name":"calico-node", "env": [{"name": "CALICO_IPV4POOL_IPIP", "value": "Always"}]}]}}}}' ``` ## 查看滚动更新状态 ```shell $ kubectl -n kube-system rollout status daemonset calico-node ``` ## 验证 ```shell # 查看主机路由(ps: 路由转发的网卡) $ ip r | grep /26 # 查看ipPool现有配置(ps: IPIPMODE字段) $ calicoctl get ippool -owide # 查看calico-node配置 $ kubectl -n kube-system get daemonset calico-node -oyaml | grep -A1 CALICO_IPV4POOL_IPIP$ ``` ## 重启所有容器(可选) > 有些环境不需要执行 ```shell $ kubectl delete pod --all --all-namespaces ```