calico问题排障
这个问题几乎每个人都会遇到。因为官方的step by step太傻白甜,没有把IP_AUTODETECTION_METHOD这个IP检测方法的参数放入calico.yaml中,calico会使用第一个找到的network interface(往往是错误的interface),导致Calico把master也算进nodes,于是master BGP启动失败,而其他workers则启动成功。
问题描述
k8s集群安装网络组件calico后,查看pod
[ansible@k8s-cp calico]$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-node-jm74b 1/2 Running 0 7m16s
kube-system calico-node-xk4fg 1/2 Running 0 2m5s
kube-system coredns-7b47b4c577-447cn 1/1 Running 0 8m27s
kube-system coredns-7b47b4c577-svm5v 1/1 Running 0 8m27s
kube-system etcd-k8s-cp 1/1 Running 0 7m51s
kube-system kube-apiserver-k8s-cp 1/1 Running 0 8m1s
kube-system kube-controller-manager-k8s-cp 1/1 Running 0 8m4s
kube-system kube-proxy-nzmhh 1/1 Running 0 8m27s
kube-system kube-proxy-pjbp8 1/1 Running 0 2m5s
kube-system kube-scheduler-k8s-cp 1/1 Running 0 7m43s
等待几分钟后,pod calico-node-jm74b和calico-node-xk4fg的READY值依然是1/2
查看pod calico-node-xk4fg的详细信息,发现有如下错误信息
Warning Unhealthy 11s (x19 over 3m11s) kubelet, k8s-agent-1 Readiness probe failed: calico/node is not ready: BIRD is not ready: BGP not established with 172.18.0.1
这个问题会导致部署完业务容器后,网络上有问题,导致业务无法正常访问。
问题解决
calico在多网络接口时自动检测到错误的网络接口,导致网络无法连通,通过指定网络接口(网卡名)解决问题
修改calico.yaml
在
- name: CLUSTER_TYPE
value: "k8s,bgp"
下增加两行
- name: IP_AUTODETECTION_METHOD
value: "interface=enp0s3"
enp0s3是我机器的网卡名
重新部署网络组件calico, READY值变为2/2
[ansible@k8s-cp calico]$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-node-jm74b 2/2 Running 0 15m
kube-system calico-node-xk4fg 2/2 Running 0 9m51s
kube-system coredns-7b47b4c577-447cn 1/1 Running 0 16m
kube-system coredns-7b47b4c577-svm5v 1/1 Running 0 16m
kube-system etcd-k8s-cp 1/1 Running 0 15m
kube-system kube-apiserver-k8s-cp 1/1 Running 0 15m
kube-system kube-controller-manager-k8s-cp 1/1 Running 0 15m
kube-system kube-proxy-nzmhh 1/1 Running 0 16m
kube-system kube-proxy-pjbp8 1/1 Running 0 9m51s
kube-system kube-proxy-wgz2c 1/1 Running 0 114s
kube-system kube-scheduler-k8s-cp 1/1 Running 0 15m