问题描述
我正在 centos8 上安装带有 calico 的 k8s,一切看起来都很好,但我无法在 pod 之间互相 ping 通。
我使用 k8s 作为 calico 的 DATASTORE,部署文件在 calico.yaml
我不知道为什么错过了一些路线,任何建议都非常感谢。
这里是一些关于集群的信息:
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
instance-4njec0xa-1 Ready <none> 3h55m v1.19.4
instance-4njec0xa-2 Ready <none> 3h55m v1.19.4
instance-4njec0xa-3 Ready master 3h56m v1.19.4
在主节点上
# ./calicoctl node status
Calico process is running.
IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+---------------+-------------------+-------+----------+-------------+
| 192.168.0.194 | node-to-node mesh | up | 04:10:41 | Established |
| 192.168.0.195 | node-to-node mesh | up | 04:10:41 | Established |
+---------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
169.254.169.254 192.168.0.2 255.255.255.255 UGH 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.17.139.128 0.0.0.0 255.255.255.255 UH 0 0 0 cali96f39d92828
172.17.139.128 0.0.0.0 255.255.255.192 U 0 0 0 *
172.17.139.129 0.0.0.0 255.255.255.255 UH 0 0 0 caliccf893b1917
172.17.139.130 0.0.0.0 255.255.255.255 UH 0 0 0 cali09dc1beebda
172.17.153.64 192.168.0.194 255.255.255.192 UG 0 0 0 eth0
172.17.181.64 192.168.0.195 255.255.255.192 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.240.0 U 100 0 0 eth0
在节点 1 上
# ./calicoctl node status
Calico process is running.
IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+---------------+-------------------+-------+----------+-------------+
| 192.168.0.195 | node-to-node mesh | up | 04:10:42 | Established |
| 192.168.0.196 | node-to-node mesh | up | 04:10:40 | Established |
+---------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
169.254.169.254 192.168.0.2 255.255.255.255 UGH 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.17.139.128 192.168.0.196 255.255.255.192 UG 0 0 0 eth0
172.17.153.64 0.0.0.0 255.255.255.192 U 0 0 0 *
172.17.153.69 0.0.0.0 255.255.255.255 UH 0 0 0 cali2587d39bec8
172.17.181.64 192.168.0.195 255.255.255.192 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.240.0 U 100 0 0 eth0
在 node2 上
./calicoctl node status
Calico process is running.
IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+---------------+-------------------+-------+----------+-------------+
| 192.168.0.194 | node-to-node mesh | up | 04:10:42 | Established |
| 192.168.0.196 | node-to-node mesh | up | 04:10:40 | Established |
+---------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
169.254.169.254 192.168.0.2 255.255.255.255 UGH 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.17.139.128 192.168.0.196 255.255.255.192 UG 0 0 0 eth0
172.17.153.64 192.168.0.194 255.255.255.192 UG 0 0 0 eth0
172.17.181.64 0.0.0.0 255.255.255.192 U 0 0 0 *
172.17.181.66 0.0.0.0 255.255.255.255 UH 0 0 0 cali12d4a061371
192.168.0.0 0.0.0.0 255.255.240.0 U 100 0 0 eth0
解决方法
calico file 默认禁用 ipip 和 vxlan,导致网络故障。当我启用 ipip 并设置正确的 veth_mtu 时,一切正常。