diff --git a/.spelling b/.spelling index 2178208c62..f4343676a0 100644 --- a/.spelling +++ b/.spelling @@ -643,6 +643,7 @@ kubectl kubelet Kubelet kubelogin +Kubenet Kubernetes kubernetes.default KubeSphere diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md index d0d25d1221..0bcbc5cee2 100644 --- a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md +++ b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md @@ -389,9 +389,49 @@ servicesIpv4Cidr: 10.7.240.0/20 Use `--set values.global.proxy.includeIPRanges="10.4.0.0/14\,10.7.240.0/20"` -#### Azure Container Service(ACS) +#### Azure Kubernetes Service (AKS) -Use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.240.0.0/16` +##### Kubenet + +To see which service CIDR and pod CIDR are used in the cluster, use `az aks show` and look for the `serviceCidr`: + +{{< text bash >}} +$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr + "podCidr": "10.244.0.0/16", + "podCidrs": [ + "serviceCidr": "10.0.0.0/16", + "serviceCidrs": [ +{{< /text >}} + +Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"` + +##### Azure CNI + +Follow these steps if you are using Azure CNI with a non-overlay networking mode. If using Azure CNI with overlay networking, please follow the [Kubenet instructions](#kubenet). For more information, see the [Azure CNI Overlay documentation](https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay). + +To see which service CIDR is used in the cluster, use `az aks show` and look for the `serviceCidr`: + +{{< text bash >}} +$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr + "serviceCidr": "10.0.0.0/16", + "serviceCidrs": [ +{{< /text >}} + +To see which pod CIDR is used in the cluster, use `az` CLI to inspect the `vnet`: + +{{< text bash >}} +$ az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup + "nodeResourceGroup": "MC_user-rg_user-cluster_region", + "nodeResourceGroupProfile": null, +$ az network vnet list -g MC_user-rg_user-cluster_region | grep name + "name": "aks-vnet-74242220", + "name": "aks-subnet", +$ az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix + "addressPrefixes": [ + "addressPrefix": "10.224.0.0/16", +{{< /text >}} + +Then use `--set values.global.proxy.includeIPRanges="10.244.0.0/16\,10.0.0.0/16"` #### Minikube, Docker For Desktop, Bare Metal diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh b/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh index 68d234c534..f8a3cbc15c 100644 --- a/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh +++ b/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh @@ -211,6 +211,41 @@ clusterIpv4Cidr: 10.4.0.0/14 servicesIpv4Cidr: 10.7.240.0/20 ENDSNIP +snip_kubenet_1() { +az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep Cidr +} + +! read -r -d '' snip_kubenet_1_out <<\ENDSNIP + "podCidr": "10.244.0.0/16", + "podCidrs": [ + "serviceCidr": "10.0.0.0/16", + "serviceCidrs": [ +ENDSNIP + +snip_azure_cni_1() { +az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep serviceCidr +} + +! read -r -d '' snip_azure_cni_1_out <<\ENDSNIP + "serviceCidr": "10.0.0.0/16", + "serviceCidrs": [ +ENDSNIP + +snip_azure_cni_2() { +az aks show --resource-group "${RESOURCE_GROUP}" --name "${CLUSTER}" | grep nodeResourceGroup +} + +! read -r -d '' snip_azure_cni_2_out <<\ENDSNIP + "nodeResourceGroup": "MC_user-rg_user-cluster_region", + "nodeResourceGroupProfile": null, +az network vnet list -g MC_user-rg_user-cluster_region | grep name + "name": "aks-vnet-74242220", + "name": "aks-subnet", +az network vnet show -g MC_user-rg_user-cluster_region -n aks-vnet-74242220 | grep addressPrefix + "addressPrefixes": [ + "addressPrefix": "10.224.0.0/16", +ENDSNIP + snip_minikube_docker_for_desktop_bare_metal_1() { kubectl describe pod kube-apiserver -n kube-system | grep 'service-cluster-ip-range' }