The elastic IP address (EIP) feature in the Terway network plug-in is deprecated. Use the ack-extend-network-controller component to manage EIPs for pods going forward. This topic describes how to migrate EIP management from Terway to ack-extend-network-controller.
Prerequisites
Before you begin, ensure that you have:
-
An ACK managed cluster or an ACK dedicated cluster that uses Terway as the network plug-in. For more information, see Create an ACK managed cluster or Create an ACK dedicated cluster (no longer available for new creation).
Check whether migration is needed
Run the following command to check whether your cluster has the EIP feature enabled in Terway:
kubectl get cm eni-config -n kube-system -o jsonpath='{.data.eni_conf}'-
If
enable_eip_poolis"true", your cluster uses the Terway EIP feature. Follow the steps in this topic to migrate. -
If
enable_eip_poolis"false"or missing, the EIP feature is not enabled and migration is not required.
How it works
When you trigger the EIP migration in Terway, Terway creates a PodEIP custom resource (CR) for each EIP associated with a pod. A PodEIP CR records the EIP binding information for a pod. After migration completes, Terway stops managing EIPs and ack-extend-network-controller takes over.
The migration does not modify your EIP instance information and does not affect running workloads.
For more information about the Terway EIP feature, see Automatic EIP allocation.
Migrate EIP management to ack-extend-network-controller
Step 1: Uninstall ack-extend-network-controller (if installed)
If ack-extend-network-controller is already installed in your cluster, uninstall it before proceeding.
-
Log on to the ACK console. In the left navigation pane, click Clusters.
-
On the Clusters page, click the name of your cluster. In the left navigation pane, click Applications > Helm.
-
On the Helm page, if a release with the Release Name ack-extend-network-controller exists, click Delete in the Actions column.
Step 2: Upgrade Terway to v1.6.0 or later
Upgrade the Terway network plug-in to v1.6.0 or later. For more information, see Manage components.
Step 3: Enable the EIP migration feature in Terway
-
Edit the Terway ConfigMap:
kubectl edit cm eni-config -n kube-system -
In the
eni_confsection, set the following parameters:Parameter Value Description enable_eip_pool"true"If this parameter is missing or set to "false", the EIP feature is not enabled and migration is not required.enable_eip_migratetrueSet to trueto enable the migration.The following is an example configuration. Do not modify other parameters.
# Other settings are omitted. eni_conf: | { "version": "1", "enable_eip_pool": "true", "enable_eip_migrate": true, "vswitch_selection_policy": "ordered" } # Other settings are omitted. -
After saving the ConfigMap, recreate the Terway pods to apply the changes:
kubectl delete pod -n kube-system -l app=terway-eniipAfter the pods restart, Terway automatically migrates the EIPs and creates the corresponding PodEIP CRs.
Step 4: Verify the migration
-
Get the names of the Terway pods:
kubectl get pods -n kube-system | grep terway -
Check the logs of a Terway pod:
kubectl logs -n kube-system <pod_name>Replace
<pod_name>with the name of a Terway pod.-
Migration complete: The log contains
eip migrate finished.
-
Migration still in progress: The log does not yet contain
eip migrate finished. Wait and check again.
-
Step 5: Verify that PodEIP CRs were created
Run the following command to check that a PodEIP CR exists for a pod that had an EIP:
kubectl get podeip -n <namespace> <name>Replace <namespace> and <name> with the namespace and name of a pod that has an EIP. The CR name and namespace match the corresponding pod.
Step 6: Install ack-extend-network-controller and enable the EIP feature
Install ack-extend-network-controller from the Marketplace and enable the EIP feature. For more information, see Install ack-extend-network-controller from the Marketplace.
Step 7: Verify that the PodEIP CR status is updated
After installing ack-extend-network-controller, run the following command to check whether it has picked up the EIP:
kubectl get podeip -n <namespace> <name> -o yamlReplace <namespace> and <name> with the namespace and name of a pod that has an EIP.
-
Working correctly: The
statusfield is not empty. The following is an example output:apiVersion: alibabacloud.com/v1beta1 kind: PodEIP metadata: creationTimestamp: "2023-10-24T08:24:37Z" finalizers: - podeip-controller.alibabacloud.com/finalizer generation: 1 name: example-xxx-xx namespace: default resourceVersion: "44013" uid: 4744a7af-***-***-ad06-***17aecce spec: allocationID: eip-xxxxxx allocationType: releaseStrategy: Follow type: Auto status: eipAddress: 47.XX.XX.XX internetChargeType: PayByTraffic isp: BGP networkInterfaceID: eni-xxxxxxx podLastSeen: "2023-10-24T08:31:22Z" privateIPAddress: 192.XX.XX.XX resourceGroupID: rg-xxxxxx status: InUse -
Not working: The
statusfield is empty. Check the ack-extend-network-controller configuration and logs.
The following table describes key fields in the PodEIP CR:
| Field | Description |
|---|---|
spec.allocationType.type |
Static: The pod uses a specified EIP ID. Auto: The EIP was automatically created by Terway. |
spec.allocationType.releaseStrategy |
Follow: The EIP is released when the pod is deleted. Suitable for stateless workloads. TTL: The EIP is released after a specified time-to-live (TTL) period after the pod is deleted. Suitable for stateful workloads that require EIP persistence. |
Step 8: Disable the EIP feature in Terway
After ack-extend-network-controller is managing EIPs correctly, disable the EIP feature in Terway:
-
In the Terway ConfigMap, set
enable_eip_migratetofalseor remove the parameter. -
Set
enable_eip_poolto"false"or remove the parameter. -
Restart the Terway pods:
kubectl delete pod -n kube-system -l app=terway-eniip