All Products
Search
Document Center

Container Service for Kubernetes:Add a vSwitch to a cluster based on a secondary CIDR block

Last Updated:Sep 20, 2023

When you create a Container Service for Kubernetes (ACK) cluster, you need to specify a virtual private cloud (VPC) for the cluster. If you want to expand the cluster, you need to deploy cloud resources in the VPC to which the cluster belongs. If the CIDR block of the VPC does not have sufficient IP addresses, you can add a secondary CIDR block to the VPC. This way, you can expand the cluster based on your business requirements. This topic describes how to add a vSwitch to a cluster based on a secondary CIDR block.

Prerequisites

  • The CIDR block of the VPC to which the cluster belongs does not have sufficient IP addresses.

  • An ACK managed cluster is created in February 2021 or later or an ACK dedicated cluster is created. For more information, see Create an ACK dedicated cluster or Create an ACK managed cluster.

    Important

    You cannot add a secondary CIDR block to the VPC if your ACK managed cluster was created earlier than February 2021. In this case, you can migrate workloads to an ACK Pro cluster and then add a vSwitch to the cluster based on a secondary CIDR block. For more information about how to upgrade your ACK cluster, see Hot migration from ACK Basic clusters to ACK Pro clusters.

Procedure

  1. Select an available CIDR block.

    1. Check the CIDR blocks that are in use.

      The CIDR blocks include but are not limited to:

      • The current CIDR block of the VPC.

        For more information about how to check the current CIDR block of a VPC, see View a VPC.vpc网段

      • The CIDR blocks of the pods and Services that are deployed in the VPC.

        For more information about how to check the CIDR blocks of pods and Services, see View cluster information.

        Note
        • If the cluster uses the Terway network plug-in, check the CIDR block of Services.

        • If the cluster uses the Flannel network plug-in, check the CIDR blocks of pods and Services.

      • The CIDR blocks of connections over Express Connect circuits, VPN gateways, and Cloud Enterprise Network (CEN) instances that are connected to the VPC.

    2. Select a CIDR block that does not overlap with the preceding CIDR blocks, and use this CIDR block as the secondary CIDR block of the VPC.

      For example, a cluster that uses the Flannel network plug-in may use the following CIDR blocks:

      • VPC CIDR block: 192.168.0.0/16

      • Pod CIDR block: 172.20.0.0/16

      • Service CIDR block: 172.21.0.0/16

      • The VPC is not connected with connections over Express Connect circuits, VPN gateways, or CEN instances.

      In this case, you can use 10.0.0.0/8 as a secondary CIDR block.

  2. Add a secondary CIDR block and vSwitch in the VPC console.

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region where the VPC is deployed.

    3. On the VPCs page, find the VPC that you want to manage and click its ID.VPC

    4. On the VPC Details page, click the CIDR Block Management tab. Click Add Secondary IPv4 CIDR Block and add the IPv4 CIDR block that you selected in the preceding step.

    5. You can create a vSwitch in the secondary CIDR block based on your business requirements. The zone of the vSwitch must be the same as the zone of the secondary CIDR block.

      For more information about how to create a vSwitch, see Create a vSwitch.

  3. Add rules to the security group of the cluster to allow inbound and outbound access to the secondary CIDR block over all protocols.

    For more information about how to add security group rules, see Add security group rules.

  4. Deploy nodes in the vSwitch that you created

    You can expand the cluster by deploying nodes in the vSwitch that you created in the secondary CIDR block of the VPC. For more information, see Increase the number of nodes in an ACK cluster.

    Important

    If the cluster uses the Terway network plug-in, you can modify the vSwitch settings of the Terway plug-in to provide more IP addresses for pods. For more information about how to use the vSwitch in the secondary CIDR block to provide more IP addresses for pods, see Increase the number of pod vSwitches in a cluster that uses the Terway plug-in.

    After the nodes are deployed in the vSwitch,

    • For ACK Basic clusters and ACK Pro clusters that are created before February 15, 2023, you need to submit a ticket to contact the technical support to configure the control planes. Otherwise, the control planes cannot access the newly created nodes or the pods on these nodes. Consequently, a lot of issues may occur, such as kubectl exec/logs operation failures, webhook or APIService call failures, and resource (such as pods) creation failures or other cluster anomalies.

    • The control planes and nodes can directly communicate with each other if your cluster is an ACK dedicated cluster. No additional configurations are required.

  5. Verify the secondary CIDR block.

    Perform the following steps:

    • Verify that the IP addresses of the newly added nodes and the IP addresses of the pods on these nodes belong to the secondary CIDR block of the VPC.

    • Verify that the newly added nodes are in the Ready state.

    • Verify that the newly added nodes can communicate with the existing nodes in the cluster and the pods on these nodes can communicate with the pods on the existing nodes.