国产无码综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

<center id="inbg0"></center>

【大數(shù)據(jù)】kubernetes(k8s)calico跨節(jié)點(diǎn)網(wǎng)絡(luò)不通的問題及排錯(cuò)過程

2年前作者：笑起來賊好看分類：Toy博客閱讀(29)違法舉報(bào)

這篇具有很好參考價(jià)值的文章主要介紹了【大數(shù)據(jù)】kubernetes(k8s)calico跨節(jié)點(diǎn)網(wǎng)絡(luò)不通的問題及排錯(cuò)過程。希望對(duì)大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請(qǐng)大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問。

網(wǎng)絡(luò)不通的表征：

Readiness probe failed: calico/node is not ready: BIRD is not ready: BGP not established with 10.101.236.158,10.101.236.168,10.101.236.169,10.101.236.188,10.101.236.189,10.101.236.27,10.101.236.36,10.101.236.37,10.101.236.382021-08-17 06:12:41.512 [INFO][209] health.go 156: Number of node(s) with BGP peering establish

進(jìn)入節(jié)點(diǎn) k8s-node27 的pod，ping k8s-node28 節(jié)點(diǎn)上的pod的ip都不通，k8s-node28 節(jié)點(diǎn)ping k8s-node27 也不通，但是k8s-node27，k8s-node28 之間他們各自節(jié)點(diǎn)上的pod的ip之間是可以相互ping通。

排查過程：
這種情況讓我們想起了當(dāng)時(shí)設(shè)置路由轉(zhuǎn)發(fā)時(shí)候的配置，主機(jī)上有多個(gè)網(wǎng)卡，而k8s的calico網(wǎng)絡(luò)配置默認(rèn)不修改的情況下，是自動(dòng)獲取第一個(gè)網(wǎng)卡，導(dǎo)致獲取的網(wǎng)卡并非是目標(biāo)網(wǎng)卡。

可以通過calicoctl這個(gè)工具進(jìn)行問題排查。

下載地址為 calicoctl下載網(wǎng)址

登錄到k8s-master節(jié)點(diǎn)，執(zhí)行如下命令

查看各個(gè)節(jié)點(diǎn)的網(wǎng)絡(luò)狀態(tài)

[root@k8s-master k8s_install]# calicoctl node status
Calico process is running.
IPv4 BGP status
+----------------+-------------------+-------+----------+--------------------------------+
|  PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |              INFO              |
+----------------+-------------------+-------+----------+--------------------------------+
| 172.20.0.1     | node-to-node mesh | start | 06:28:53 | Passive                        |
| 10.101.236.168 | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.169 | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.188 | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.189 | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.27  | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.36  | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | closed                         |
| 10.101.236.37  | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | reset by peer                  |
| 10.101.236.38  | node-to-node mesh | start | 06:28:53 | OpenSent Socket: Connection    |
|                |                   |       |          | reset by peer                  |
+----------------+-------------------+-------+----------+--------------------------------+
IPv6 BGP status
No IPv6 peers found.

集群中各節(jié)點(diǎn)都未啟動(dòng)成功，切換到其他節(jié)點(diǎn)繼續(xù)執(zhí)行如下命令：

[root@k8s-node27 ~]# calicoctl node status
Calico process is running.
IPv4 BGP status
+----------------+-------------------+-------+----------+-------------+
|  PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+----------------+-------------------+-------+----------+-------------+
| 172.18.0.1     | node-to-node mesh | start | 06:28:51 | Passive     |
| 172.20.0.1     | node-to-node mesh | start | 06:28:51 | Passive     |
| 10.101.236.168 | node-to-node mesh | up    | 06:28:53 | Established |
| 10.101.236.169 | node-to-node mesh | up    | 06:28:53 | Established |
| 10.101.236.188 | node-to-node mesh | up    | 06:28:53 | Established |
| 10.101.236.189 | node-to-node mesh | up    | 06:28:53 | Established |
| 10.101.236.36  | node-to-node mesh | up    | 06:28:52 | Established |
| 10.101.236.37  | node-to-node mesh | up    | 06:28:53 | Established |
| 10.101.236.38  | node-to-node mesh | up    | 06:28:53 | Established |
+----------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.

master1節(jié)點(diǎn)IP地址并非網(wǎng)絡(luò)流量地址，且狀態(tài)不正常。

解決方案

修改calico的yaml文件，添加配置項(xiàng)
目的就是自動(dòng)探測 eth開頭的網(wǎng)卡

# Valid IP address on interface eth0, eth1, eth2 etc.
            - name: IP_AUTODETECTION_METHOD
              value: "interface=eth.*"

IP_AUTODETECTION_METHOD 配置項(xiàng)默認(rèn)為first-found，這種模式中calico會(huì)使用第一獲取到的有效網(wǎng)卡，雖然會(huì)排除docker網(wǎng)絡(luò)，localhost啥的，但是在復(fù)雜網(wǎng)絡(luò)環(huán)境下還是有出錯(cuò)的可能。在這次異常中master1上的calico選擇了一個(gè)bridge網(wǎng)卡。
為了解決這種情況，IP_AUTODETECTION_METHOD還提供了兩種配置can-reach=DESTINATION，interface=INTERFACE-REGEX。
can-reach=DESTINATION配置可以理解為calico會(huì)從部署節(jié)點(diǎn)路由中獲取到達(dá)目的ip或者域名的源ip地址。例如

# Valid IP address on interface eth0, eth1, eth2 etc.
IP_AUTODETECTION_METHOD=interface=eth.*
IP6_AUTODETECTION_METHOD=interface=eth.*

calico-3.13.1.yaml 配置文件

---
# Source: calico/templates/calico-config.yaml
# This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap
apiVersion: v1
metadata:
  name: calico-config
  namespace: kube-system
data:
  # Typha is disabled.
  typha_service_name: "none"
  # Configure the backend to use.
  calico_backend: "bird"
  # Configure the MTU to use
  veth_mtu: "1440"
  # The CNI network configuration to install on each node.  The special
  # values in this config will be automatically populated.
  cni_network_config: |-
    {
      "name": "k8s-pod-network",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "calico",
          "log_level": "info",
          "datastore_type": "kubernetes",
          "nodename": "__KUBERNETES_NODE_NAME__",
          "mtu": __CNI_MTU__,
          "ipam": {
              "type": "calico-ipam"
          },
          "policy": {
              "type": "k8s"
          },
          "kubernetes": {
              "kubeconfig": "__KUBECONFIG_FILEPATH__"
          }
        },
        {
          "type": "portmap",
          "snat": true,
          "capabilities": {"portMappings": true}
        },
        {
          "type": "bandwidth",
          "capabilities": {"bandwidth": true}
        }
      ]
    }
---
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: bgpconfigurations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: BGPConfiguration
    plural: bgpconfigurations
    singular: bgpconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: bgppeers.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: BGPPeer
    plural: bgppeers
    singular: bgppeer
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: blockaffinities.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: BlockAffinity
    plural: blockaffinities
    singular: blockaffinity
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: clusterinformations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: ClusterInformation
    plural: clusterinformations
    singular: clusterinformation
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: felixconfigurations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: FelixConfiguration
    plural: felixconfigurations
    singular: felixconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: globalnetworkpolicies.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: GlobalNetworkPolicy
    plural: globalnetworkpolicies
    singular: globalnetworkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: globalnetworksets.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: GlobalNetworkSet
    plural: globalnetworksets
    singular: globalnetworkset
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: hostendpoints.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: HostEndpoint
    plural: hostendpoints
    singular: hostendpoint
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ipamblocks.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: IPAMBlock
    plural: ipamblocks
    singular: ipamblock
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ipamconfigs.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: IPAMConfig
    plural: ipamconfigs
    singular: ipamconfig
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ipamhandles.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: IPAMHandle
    plural: ipamhandles
    singular: ipamhandle
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ippools.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: IPPool
    plural: ippools
    singular: ippool
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: networkpolicies.crd.projectcalico.org
spec:
  scope: Namespaced
  group: crd.projectcalico.org
  version: v1
  names:
    kind: NetworkPolicy
    plural: networkpolicies
    singular: networkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: networksets.crd.projectcalico.org
spec:
  scope: Namespaced
  group: crd.projectcalico.org
  version: v1
  names:
    kind: NetworkSet
    plural: networksets
    singular: networkset
---
---
# Source: calico/templates/rbac.yaml
# Include a clusterrole for the kube-controllers component,
# and bind it to the calico-kube-controllers serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: calico-kube-controllers
rules:
  # Nodes are watched to monitor for deletions.
  - apiGroups: [""]
    resources:
      - nodes
    verbs:
      - watch
      - list
      - get
  # Pods are queried to check for existence.
  - apiGroups: [""]
    resources:
      - pods
    verbs:
      - get
  # IPAM resources are manipulated when nodes are deleted.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - ippools
    verbs:
      - list
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - blockaffinities
      - ipamblocks
      - ipamhandles
    verbs:
      - get
      - list
      - create
      - update
      - delete
  # Needs access to update clusterinformations.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - clusterinformations
    verbs:
      - get
      - create
      - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: calico-kube-controllers
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-kube-controllers
subjects:
- kind: ServiceAccount
  name: calico-kube-controllers
  namespace: kube-system
---
# Include a clusterrole for the calico-node DaemonSet,
# and bind it to the calico-node serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: calico-node
rules:
  # The CNI plugin needs to get pods, nodes, and namespaces.
  - apiGroups: [""]
    resources:
      - pods
      - nodes
      - namespaces
    verbs:
      - get
  - apiGroups: [""]
    resources:
      - endpoints
      - services
    verbs:
      # Used to discover service IPs for advertisement.
      - watch
      - list
      # Used to discover Typhas.
      - get
  # Pod CIDR auto-detection on kubeadm needs access to config maps.
  - apiGroups: [""]
    resources:
      - configmaps
    verbs:
      - get
  - apiGroups: [""]
    resources:
      - nodes/status
    verbs:
      # Needed for clearing NodeNetworkUnavailable flag.
      - patch
      # Calico stores some configuration information in node annotations.
      - update
  # Watch for changes to Kubernetes NetworkPolicies.
  - apiGroups: ["networking.k8s.io"]
    resources:
      - networkpolicies
    verbs:
      - watch
      - list
  # Used by Calico for policy information.
  - apiGroups: [""]
    resources:
      - pods
      - namespaces
      - serviceaccounts
    verbs:
      - list
      - watch
  # The CNI plugin patches pods/status.
  - apiGroups: [""]
    resources:
      - pods/status
    verbs:
      - patch
  # Calico monitors various CRDs for config.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - globalfelixconfigs
      - felixconfigurations
      - bgppeers
      - globalbgpconfigs
      - bgpconfigurations
      - ippools
      - ipamblocks
      - globalnetworkpolicies
      - globalnetworksets
      - networkpolicies
      - networksets
      - clusterinformations
      - hostendpoints
      - blockaffinities
    verbs:
      - get
      - list
      - watch
  # Calico must create and update some CRDs on startup.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - ippools
      - felixconfigurations
      - clusterinformations
    verbs:
      - create
      - update
  # Calico stores some configuration information on the node.
  - apiGroups: [""]
    resources:
      - nodes
    verbs:
      - get
      - list
      - watch
  # These permissions are only requried for upgrade from v2.6, and can
  # be removed after upgrade or on fresh installations.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - bgpconfigurations
      - bgppeers
    verbs:
      - create
      - update
  # These permissions are required for Calico CNI to perform IPAM allocations.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - blockaffinities
      - ipamblocks
      - ipamhandles
    verbs:
      - get
      - list
      - create
      - update
      - delete
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - ipamconfigs
    verbs:
      - get
  # Block affinities must also be watchable by confd for route aggregation.
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - blockaffinities
    verbs:
      - watch
  # The Calico IPAM migration needs to get daemonsets. These permissions can be
  # removed if not upgrading from an installation using host-local IPAM.
  - apiGroups: ["apps"]
    resources:
      - daemonsets
    verbs:
      - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: calico-node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-node
subjects:
- kind: ServiceAccount
  name: calico-node
  namespace: kube-system
---
# Source: calico/templates/calico-node.yaml
# This manifest installs the calico-node container, as well
# as the CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: calico-node
  namespace: kube-system
  labels:
    k8s-app: calico-node
spec:
  selector:
    matchLabels:
      k8s-app: calico-node
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        k8s-app: calico-node
      annotations:
        # This, along with the CriticalAddonsOnly toleration below,
        # marks the pod as a critical add-on, ensuring it gets
        # priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      nodeSelector:
        kubernetes.io/os: linux
      hostNetwork: true
      tolerations:
        # Make sure calico-node gets scheduled on all nodes.
        - effect: NoSchedule
          operator: Exists
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
        - effect: NoExecute
          operator: Exists
      serviceAccountName: calico-node
      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
      terminationGracePeriodSeconds: 0
      priorityClassName: system-node-critical
      initContainers:
        # This container performs upgrade from host-local IPAM to calico-ipam.
        # It can be deleted if this is a fresh installation, or if you have already
        # upgraded to use calico-ipam.
        - name: upgrade-ipam
          image: calico/cni:v3.13.1
          command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
          env:
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: CALICO_NETWORKING_BACKEND
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: calico_backend
          volumeMounts:
            - mountPath: /var/lib/cni/networks
              name: host-local-net-dir
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
          securityContext:
            privileged: true
        # This container installs the CNI binaries
        # and CNI network config file on each node.
        - name: install-cni
          image: calico/cni:v3.13.1
          command: ["/install-cni.sh"]
          env:
            # Name of the CNI config file to create.
            - name: CNI_CONF_NAME
              value: "10-calico.conflist"
            # The CNI network config to install on each node.
            - name: CNI_NETWORK_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: cni_network_config
            # Set the hostname based on the k8s node name.
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # CNI MTU Config variable
            - name: CNI_MTU
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: veth_mtu
            # Prevents the container from sleeping forever.
            - name: SLEEP
              value: "false"
          volumeMounts:
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
            - mountPath: /host/etc/cni/net.d
              name: cni-net-dir
          securityContext:
            privileged: true
        # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
        # to communicate with Felix over the Policy Sync API.
        - name: flexvol-driver
          image: calico/pod2daemon-flexvol:v3.13.1
          volumeMounts:
          - name: flexvol-driver-host
            mountPath: /host/driver
          securityContext:
            privileged: true
      containers:
        # Runs calico-node container on each Kubernetes node.  This
        # container programs network policy and routes on each
        # host.
        - name: calico-node
          image: calico/node:v3.13.1
          env:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
              value: "kubernetes"
            # Wait for the datastore.
            - name: WAIT_FOR_DATASTORE
              value: "true"
            # Set based on the k8s node name.
            - name: NODENAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # Choose the backend to use.
            - name: CALICO_NETWORKING_BACKEND
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: calico_backend
            # Cluster type to identify the deployment type
            - name: CLUSTER_TYPE
              value: "k8s,bgp"
            # Valid IP address on interface eth0, eth1, eth2 etc.
            - name: IP_AUTODETECTION_METHOD
              value: "interface=eth.*"
            # Auto-detect the BGP IP address.
            - name: IP
              value: "autodetect"
            # Enable IPIP
            - name: CALICO_IPV4POOL_IPIP
              value: "Always"
            # Set MTU for tunnel device used if ipip is enabled
            - name: FELIX_IPINIPMTU
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: veth_mtu
            # The default IPv4 pool to create on startup if none exists. Pod IPs will be
            # chosen from this range. Changing this value after installation will have
            # no effect. This should fall within `--cluster-cidr`.
            - name: CALICO_IPV4POOL_CIDR
              value: "10.100.0.1/16"
            # Disable file logging so `kubectl logs` works.
            - name: CALICO_DISABLE_FILE_LOGGING
              value: "true"
            # Set Felix endpoint to host default action to ACCEPT.
            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
              value: "ACCEPT"
            # Disable IPv6 on Kubernetes.
            - name: FELIX_IPV6SUPPORT
              value: "false"
            # Set Felix logging to "info"
            - name: FELIX_LOGSEVERITYSCREEN
              value: "info"
            - name: FELIX_HEALTHENABLED
              value: "true"
          securityContext:
            privileged: true
          resources:
            requests:
              cpu: 250m
          livenessProbe:
            exec:
              command:
              - /bin/calico-node
              - -felix-live
              - -bird-live
            periodSeconds: 10
            initialDelaySeconds: 10
            failureThreshold: 6
          readinessProbe:
            exec:
              command:
              - /bin/calico-node
              - -felix-ready
              - -bird-ready
            periodSeconds: 10
          volumeMounts:
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - mountPath: /run/xtables.lock
              name: xtables-lock
              readOnly: false
            - mountPath: /var/run/calico
              name: var-run-calico
              readOnly: false
            - mountPath: /var/lib/calico
              name: var-lib-calico
              readOnly: false
            - name: policysync
              mountPath: /var/run/nodeagent
      volumes:
        # Used by calico-node.
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: var-run-calico
          hostPath:
            path: /var/run/calico
        - name: var-lib-calico
          hostPath:
            path: /var/lib/calico
        - name: xtables-lock
          hostPath:
            path: /run/xtables.lock
            type: FileOrCreate
        # Used to install CNI.
        - name: cni-bin-dir
          hostPath:
            path: /opt/cni/bin
        - name: cni-net-dir
          hostPath:
            path: /etc/cni/net.d
        # Mount in the directory for host-local IPAM allocations. This is
        # used when upgrading from host-local to calico-ipam, and can be removed
        # if not using the upgrade-ipam init container.
        - name: host-local-net-dir
          hostPath:
            path: /var/lib/cni/networks
        # Used to create per-pod Unix Domain Sockets
        - name: policysync
          hostPath:
            type: DirectoryOrCreate
            path: /var/run/nodeagent
        # Used to install Flex Volume Driver
        - name: flexvol-driver-host
          hostPath:
            type: DirectoryOrCreate
            path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: calico-node
  namespace: kube-system
---
# Source: calico/templates/calico-kube-controllers.yaml
# See https://github.com/projectcalico/kube-controllers
apiVersion: apps/v1
kind: Deployment
metadata:
  name: calico-kube-controllers
  namespace: kube-system
  labels:
    k8s-app: calico-kube-controllers
spec:
  # The controllers can only have a single active instance.
  replicas: 1
  selector:
    matchLabels:
      k8s-app: calico-kube-controllers
  strategy:
    type: Recreate
  template:
    metadata:
      name: calico-kube-controllers
      namespace: kube-system
      labels:
        k8s-app: calico-kube-controllers
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      nodeSelector:
        kubernetes.io/os: linux
      tolerations:
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      serviceAccountName: calico-kube-controllers
      priorityClassName: system-cluster-critical
      containers:
        - name: calico-kube-controllers
          image: calico/kube-controllers:v3.13.1
          env:
            # Choose which controllers to run.
            - name: ENABLED_CONTROLLERS
              value: node
            - name: DATASTORE_TYPE
              value: kubernetes
          readinessProbe:
            exec:
              command:
              - /usr/bin/check-status
              - -r
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: calico-kube-controllers
  namespace: kube-system
---
# Source: calico/templates/calico-etcd-secrets.yaml
---
# Source: calico/templates/calico-typha.yaml
---
# Source: calico/templates/configure-canal.yaml

更新 calico.yaml 到集群中

[root@k8s-master k8s_install]#  kubectl apply -f calico-3.13.1.yaml

再檢查各個(gè)節(jié)點(diǎn)的calico網(wǎng)絡(luò)狀態(tài)

希望對(duì)正在查看文章的您有所幫助，記得關(guān)注、評(píng)論、收藏，謝謝您文章來源地址http://www.zghlxwxcb.cn/news/detail-508952.html

到了這里，關(guān)于【大數(shù)據(jù)】kubernetes(k8s)calico跨節(jié)點(diǎn)網(wǎng)絡(luò)不通的問題及排錯(cuò)過程的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！

本文來自互聯(lián)網(wǎng)用戶投稿，該文觀點(diǎn)僅代表作者本人，不代表本站立場。本站僅提供信息存儲(chǔ)空間服務(wù)，不擁有所有權(quán)，不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載，請(qǐng)注明出處：如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實(shí)不符，請(qǐng)點(diǎn)擊違法舉報(bào)進(jìn)行投訴反饋，一經(jīng)查實(shí)，立即刪除！

分享到：

領(lǐng)支付寶紅包贊助服務(wù)器費(fèi)用

Kubernetes（k8s）：網(wǎng)絡(luò)插件之Calico安裝與詳解
??The Begin??點(diǎn)點(diǎn)關(guān)注，收藏不迷路?? 在Kubernetes集群中，網(wǎng)絡(luò)插件對(duì)于容器間的通信以及與外部網(wǎng)絡(luò)的連接至關(guān)重要。Calico是一個(gè)流行的Kubernetes網(wǎng)絡(luò)插件，它提供了高性能的網(wǎng)絡(luò)和安全解決方案，適用于各種部署場景。 Calico是一個(gè)開源的網(wǎng)絡(luò)和安全解決方案，旨在簡化和增
2024年04月11日
瀏覽(23)
k8s集群唯獨(dú)一個(gè)節(jié)點(diǎn)nodeport不通問題調(diào)查
背景： ? 集群3個(gè)節(jié)點(diǎn)，通過svc暴露了一個(gè)nodeport類型的31710端口。對(duì)于nodeport類型的端口，理論上可以通過任何一個(gè)節(jié)點(diǎn)的nodeip+nodeport訪問的，但是該環(huán)境在實(shí)際訪問時(shí)，31710端口呈現(xiàn)頻繁無法訪問的問題，且telnet不通。排查問題：查看對(duì)應(yīng)服務(wù)的pod、svc、endpoint的狀態(tài)，未
2024年02月13日
瀏覽(20)
解決公網(wǎng)下，k8s calico master節(jié)點(diǎn)無法訪問node節(jié)點(diǎn)創(chuàng)建的pod
目的：解決pod部署成功后，只能在node節(jié)點(diǎn)訪問，而master節(jié)點(diǎn)無法訪問原因：集群搭建時(shí)，沒有配置公網(wǎng)進(jìn)行kubectl操作，從而導(dǎo)致系統(tǒng)默認(rèn)node節(jié)點(diǎn)，使用內(nèi)網(wǎng)IP加入k8s集群！如下：解決方案：圍繞公網(wǎng)IP進(jìn)行搭建即可，其實(shí)就是在傳統(tǒng)的搭建步驟下，給master節(jié)點(diǎn)和node節(jié)點(diǎn)添加
2024年02月03日
瀏覽(39)
master節(jié)點(diǎn)上的nodeport端口不通(k8s踩坑)
創(chuàng)建了一個(gè)nodeport類型的service，端口是80，按道理來說會(huì)在每個(gè)節(jié)點(diǎn)上開啟80端口，但是發(fā)現(xiàn)master節(jié)點(diǎn)上沒有開啟80端口，node1、node2上均開啟了80端口。在 k8s 1.22.17 版本中已經(jīng)無法使用 lsof -i:80 或netstat -lntup| grep 80 等方式查看service開啟的nodeport端口了，但是我們可以使用teln
2024年02月15日
瀏覽(27)
【K8S系列】深入解析k8s網(wǎng)絡(luò)插件—Calico
做一件事并不難，難的是在于堅(jiān)持。堅(jiān)持一下也不難，難的是堅(jiān)持到底。文章標(biāo)記顏色說明：黃色：重要標(biāo)題紅色：用來標(biāo)記結(jié)論綠色：用來標(biāo)記論點(diǎn) 藍(lán)色：用來標(biāo)記論點(diǎn) Kubernetes (k8s) 是一個(gè)容器編排平臺(tái)，允許在容器中運(yùn)行應(yīng)用程序和服務(wù)。今天學(xué)習(xí)一下k8s網(wǎng)絡(luò)插件
2024年02月16日
瀏覽(50)
K8s 安裝Calico網(wǎng)絡(luò)插件
Flannel網(wǎng)絡(luò)插件公認(rèn)為是最簡單的一個(gè)插件了，它是一個(gè)overlay網(wǎng)絡(luò)，相對(duì)性能和靈活性方面，比Calico要差一些。此外，Calico還可以與服務(wù)網(wǎng)格Istio集成，以便在服務(wù)網(wǎng)格層和網(wǎng)絡(luò)基礎(chǔ)架構(gòu)層中解釋和實(shí)施集群內(nèi)工作負(fù)載的策略。今天我們就裝一個(gè)Calico網(wǎng)絡(luò)插件。在《Centos7.9
2024年02月11日
瀏覽(23)
k8s calico 網(wǎng)絡(luò)異常處理
故障 worker3故障重啟后，該節(jié)點(diǎn)的 pod 訪問不了其它節(jié)點(diǎn)服務(wù) 2023-06-26T07:44:41.041Z ? ? ? ?ERROR ? setup ? unable to start manager {\\\"error\\\": \\\"Get \\\"https://10.244.64.1:443/api?timeout=32s\\\": dial tcp 10.244.64.1:443: i/o timeout\\\"} 發(fā)現(xiàn)網(wǎng)絡(luò)組件也是有報(bào)錯(cuò)重啟，對(duì)比其它節(jié)點(diǎn)的iptables，少了好多。 ? ? 該節(jié)點(diǎn)
2024年02月11日
瀏覽(21)
k8s 之網(wǎng)絡(luò)組件-Calico（十九）
下載資源：安裝 kubernetes 網(wǎng)絡(luò)組件-Calico 一，簡介 ????????Calico是Kubernetes生態(tài)系統(tǒng)中另一種流行的網(wǎng)絡(luò)選擇。雖然Flannel被公認(rèn)為是最簡單的選擇，但Calico以其性能、靈活性而聞名。Calico的功能更為全面，不僅提供主機(jī)和pod之間的網(wǎng)絡(luò)連接，還涉及網(wǎng)絡(luò)安全和管理。Cali
2024年02月11日
瀏覽(19)
【云原生、k8s】Calico網(wǎng)絡(luò)策略
第四階段時(shí) ?間：2023年8月17日參加人：全班人員內(nèi) ?容： Calico網(wǎng)絡(luò)策略目錄一、前提配置二、Calico網(wǎng)絡(luò)策略基礎(chǔ) 1、創(chuàng)建服務(wù) 2、啟用網(wǎng)絡(luò)隔離 3、測試網(wǎng)絡(luò)隔離 4、允許通過網(wǎng)絡(luò)策略進(jìn)行訪問三、Calico網(wǎng)絡(luò)策略進(jìn)階 1、創(chuàng)建服務(wù) 2、拒絕所有入口流量 3、允許進(jìn)入Nginx的流
2024年02月12日
瀏覽(28)
k8s Calico網(wǎng)絡(luò)和flannel網(wǎng)絡(luò)對(duì)比
Calico 和 Flannel 是 Kubernetes（K8s）中常用的兩種網(wǎng)絡(luò)插件，它們都有各自的優(yōu)點(diǎn)和適用場景。以下是 Calico 網(wǎng)絡(luò)與 Flannel 網(wǎng)絡(luò)的一些主要對(duì)比點(diǎn)： Calico 1. 技術(shù)基礎(chǔ) ：Calico 依賴于 BGP（Border Gateway Protocol）路由協(xié)議來實(shí)現(xiàn)節(jié)點(diǎn)間通信，可以支持大規(guī)模的集群。 2. 性能：由于使用
2024年04月27日
瀏覽(21)

<span id="gkolk"></span>

<pre id="gkolk"><u id="gkolk"></u></pre>