这篇博文很重要,出现这个问题导致pod之间无法通讯,pod无法连接外网。

出现的问题是二进制方式安装了节点之后, tunl0没有显示,通过ifconfig tunl0 up 启动tunl0  没有意义,只有通过 calico 启动ipip模式,自动分配ip 才能解决这个问题 , 如果tunl0,没有分配到ip,也就意味着他不能跟其他pod通讯,在该node上创建的pod内部不能访问外网。

所以重点就是要解决tunl0,为什么没有启用和分配到集群的ip问题。是本文的重点


本机安装环境

k8s节点是通过二进制方式安装。

[root@ht22 calico]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

[root@ht22 calico]# uname -r
3.10.0-1160.45.1.el7.x86_64

[root@ht22 calico]# docker -v
Docker version 18.03.0-ce, build 0520e24

[root@ht22 calico]# docker -v
Docker version 18.03.0-ce, build 0520e24

[root@ht22 calico]# ifconfig

cali1e4a9cee8dc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)RX packets 568108 bytes 328205511 (313.0 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 568108 bytes 328205511 (313.0 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255ether 02:42:83:9e:06:86 txqueuelen 0 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.129.51.204 netmask 255.255.255.0 broadcast 10.129.51.255ether 06:34:a0:00:0b:81 txqueuelen 1000 (Ethernet)RX packets 401212 bytes 136527652 (130.2 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 207123 bytes 197287098 (188.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.129.53.204 netmask 255.255.255.0 broadcast 10.129.53.255ether 06:0f:2e:00:0d:03 txqueuelen 1000 (Ethernet)RX packets 35636 bytes 2139100 (2.0 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 11 bytes 1421 (1.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0loop txqueuelen 1000 (Local Loopback)RX packets 568108 bytes 328205511 (313.0 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 568108 bytes 328205511 (313.0 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tunl0: flags=193<UP,RUNNING,NOARP> mtu 1440tunnel txqueuelen 1000 (IPIP Tunnel)

RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

解决方式如下:

[root@ht22 calico]# docker rm -f calico-node

[root@ht5 calico]# docker ps | grep calico-node1effd55ba758 quay.io/calico/node:v3.1.0 "start_runit" 5 minutes ago Up 5 minutes calico-noded8aefa455a37 9f355e076ea7 "/install-cni.sh" 2 months ago Up 2 months k8s_install-cni_calico-node-ld4pd_kube-system_249f9a81-1c3d-11ec-9a8a-065c62000e9f_1691f562030f4 k8s.gcr.io/pause-amd64:3.0 "/pause" 2 months ago Up 2 months k8s_POD_calico-node-ld4pd_kube-system_249f9a81-1c3d-11ec-9a8a-065c62000e9f_1

进入到calico安装目录

[root@ht22 calico]# lltotal 392880drwxr-xr-x 2 root root 4096 Nov 26 20:38 calico-rw-r--r-- 1 root root 11829 Sep 26 2019 calico.example.yaml-rw-r--r-- 1 root root 2483 Feb 17 11:33 calico-node.service.sh-rw-r--r-- 1 root root 277872640 Nov 26 20:38 caliconode.v3.1.0.tar-rw-r--r-- 1 root root 1081 Nov 26 20:38 calico.sh-rw-r--r-- 1 root root 19389 Sep 26 2019 calico.yaml-rw-r--r-- 1 root root 69124608 Nov 26 20:38 cni.v3.1.3.tar-rw-r--r-- 1 root root 55256576 Nov 26 20:38 kube-controllers.v3.1.3.tar-rw-r--r-- 1 root root 1247 Nov 26 20:38 rbac.yaml

//删除前

[root@ht5 calico]# docker ps | grep calico-node1effd55ba758 quay.io/calico/node:v3.1.0 "start_runit" 5 minutes ago Up 5 minutes calico-noded8aefa455a37 9f355e076ea7 "/install-cni.sh" 2 months ago Up 2 months k8s_install-cni_calico-node-ld4pd_kube-system_249f9a81-1c3d-11ec-9a8a-065c62000e9f_1691f562030f4 k8s.gcr.io/pause-amd64:3.0 "/pause" 2 months ago Up 2 months k8s_POD_calico-node-ld4pd_kube-system_249f9a81-1c3d-11ec-9a8a-065c62000e9f_1

//删除后

[root@ht22 calico]# docker ps | grep calico-node2f6942eaad74 9f355e076ea7 "/install-cni.sh" 9 hours ago Up 9 hours k8s_install-cni_calico-node-r92zw_kube-system_5e332799-8f14-11ec-b44a-060eb4000e9d_127dfc117821e k8s.gcr.io/pause-amd64:3.0 "/pause" 9 hours ago Up 9 hours k8s_POD_calico-node-r92zw_kube-system_5e332799-8f14-11ec-b44a-060eb4000e9d_1

//重新安装,整个过程就是

[root@ht22 calico]# docker rm -f calico-node//进入到k8snode安装包,进入calico目录[root@ht22 calico]# sh calico-node.service.sh [root@ht22 calico]# systemctl daemon-reload[root@ht22 calico]# systemctl start calico-node[root@ht22 calico]# ifconfig

cali1e4a9cee8dc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)RX packets 569135 bytes 328540747 (313.3 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 569135 bytes 328540747 (313.3 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255ether 02:42:83:9e:06:86 txqueuelen 0 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.129.51.204 netmask 255.255.255.0 broadcast 10.129.51.255ether 06:34:a0:00:0b:81 txqueuelen 1000 (Ethernet)RX packets 408912 bytes 139184171 (132.7 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 211608 bytes 202926820 (193.5 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.129.53.204 netmask 255.255.255.0 broadcast 10.129.53.255ether 06:0f:2e:00:0d:03 txqueuelen 1000 (Ethernet)RX packets 35741 bytes 2145400 (2.0 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 11 bytes 1421 (1.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0loop txqueuelen 1000 (Local Loopback)RX packets 569135 bytes 328540747 (313.3 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 569135 bytes 328540747 (313.3 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tunl0: flags=193<UP,RUNNING,NOARP> mtu 1440inet 172.17.31.0 netmask 255.255.255.255tunnel txqueuelen 1000 (IPIP Tunnel)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

附 [root@ht22 calico]# cat calico-node.service.sh

K8S_MASTER_IP="这里是master ip"HOSTNAME='本机hostname'#HOSTNAME=`cat /etc/hostname`ETCD_ENDPOINTS="https://10.121.5.11:2379,https://10.121.5.12:2379"

cat > /lib/systemd/system/calico-node.service <<EOF[Unit]Description=calico nodeAfter=docker.serviceRequires=docker.service

[Service]User=rootEnvironment=ETCD_ENDPOINTS=${ETCD_ENDPOINTS}PermissionsStartOnly=trueExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \\-e ETCD_ENDPOINTS=\${ETCD_ENDPOINTS} \\-e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-root-ca.pem \\-e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \\-e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \\-e NODENAME=${HOSTNAME} \\-e IP= \\-e IP_AUTODETECTION_METHOD=can-reach=${K8S_MASTER_IP} \\-e AS=64512 \\-e CLUSTER_TYPE=k8s,bgp \\-e CALICO_IPV4POOL_CIDR=172.17.0.0/16 \\-e CALICO_IPV4POOL_IPIP=always \\-e CALICO_LIBNETWORK_ENABLED=true \\-e CALICO_NETWORKING_BACKEND=bird \\-e CALICO_DISABLE_FILE_LOGGING=true \\-e FELIX_IPV6SUPPORT=false \\-e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \\-e FELIX_LOGSEVERITYSCREEN=info \\-e FELIX_IPINIPMTU=1440 \\-e FELIX_HEALTHENABLED=true \\-e CALICO_K8S_NODE_REF=${HOSTNAME} \\-v /etc/calico/etcd-root-ca.pem:/etc/etcd/ssl/etcd-root-ca.pem \\-v /etc/calico/etcd.pem:/etc/etcd/ssl/etcd.pem \\-v /etc/calico/etcd-key.pem:/etc/etcd/ssl/etcd-key.pem \\-v /lib/modules:/lib/modules \\-v /var/lib/calico:/var/lib/calico \\-v /var/run/calico:/var/run/calico \\quay.io/calico/node:v3.1.0ExecStop=/usr/bin/docker rm -f calico-nodeRestart=alwaysRestartSec=10

[Install]WantedBy=multi-user.targetEOF

//我们在查看下

[root@ht22 calico]# route -n

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 10.129.51.1 0.0.0.0 UG 0 0 0 ens19210.121.51.0 0.0.0.0 255.255.255.0 U 0 0 0 ens19210.121.53.0 0.0.0.0 255.255.255.0 U 100 0 0 ens224169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens192172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0172.17.9.128 10.128.51.14 255.255.255.192 UG 0 0 0 tunl0172.17.23.128 10.129.52.191 255.255.255.192 UG 0 0 0 tunl0172.17.23.192 10.129.55.113 255.255.255.192 UG 0 0 0 tunl0172.17.27.64 10.129.55.112 255.255.255.192 UG 0 0 0 tunl0172.17.31.0 0.0.0.0 255.255.255.192 U 0 0 0 *172.17.50.192 10.129.55.111 255.255.255.192 UG 0 0 0 tunl0172.17.157.0 10.128.51.12 255.255.255.192 UG 0 0 0 tunl0172.17.168.0 10.129.52.193 255.255.255.192 UG 0 0 0 tunl0172.17.216.64 10.129.52.192 255.255.255.192 UG 0 0 0 tunl0172.17.246.64 10.128.51.11 255.255.255.192 UG 0 0 0 tunl0

//tunl0 出现,否则这里也不会出现tunl0信息。

注意: 最后一步就是所有在其上的pod都要重新创建,否则还是网络不了外网。

修复tunl0-二进制安装calico的更多相关文章

  1. 8、二进制安装K8s之部署CIN网络

    二进制安装K8s之部署CIN网络 部署CIN网络可以使用flannel或者calico,这里介绍使用calico ecd 方式部署. 1.下载calico二进制安装包 创建所需目录 mkdir -p ...

  2. 1、二进制安装K8s 之 环境准备

    二进制安装K8s 之 环境准备 1.系统&软件 序号 设备\系统 版本 1 宿主机 MacBook Pro 11.4 2 系统 Centos 7.8 3 虚拟机 Parallels Deskt ...

  3. ubuntu14.04下简易二进制安装mysql

    下载mysql-commnunity的5.6.24通用二进制版 tar解压 我安装到/opt目录,所以mv到/opt/ 可选,建了个软链 ln -s *** mysql 添加运行mysql服务的用户和 ...

  4. mysql5.6 通用二进制安装

    mysql5.6 通用二进制安装: #卸载原有的mysqlyum remove mysql*ls /etc/my.cnf*mv /etc/my.cnf* /tmp/ #安装依赖包yum install ...

  5. CentOS 6.2 二进制安装apache2.4.3出现configure: error: APR-util not found. Please read the documentation的解决方

    CentOS 6.2 二进制安装apache2.4.3出现configure: error: APR-util not found. Please read the documentation的解决方 ...

  6. CentOS6+MySQL5.6二进制安装

    一般我们安装mysql采用二进制安装的方式就足以满足我们的生产环境了,不过需要我们配置my.cnf文件 从官网下载二进制MySQL,选择Linux-Generic,最后这两个是二进制包 http:// ...

  7. Mysql的二进制安装和基础入门操作

    前言:Mysql数据库,知识非常的多,要想学精学通这块知识,估计也要花费和学linux一样的精力和时间.小编也是只会些毛皮,给大家分享一下~ 一.MySQL安装 (1)安装方式: 1 .程序包yum安 ...

  8. centos 7.3二进制安装mariadb10.2.8完美步骤

    (1)在centos7系统上,yum info mariadb可以找到提供mariadb包的官方网站,在到官方网站下载最新的mariadb包,然后rz到linux系统上去 (2)准备用户 1.user ...

  9. Linux中MySQL5.6编译安装与MySQL5.7二进制安装步骤

    首先,介绍一下MySQL的几种安装方式 1.RPM.Yum 的安装方式:安装方便.安装速度快,无法定制 2.二进制:不需要安装,解压即可使用,不能定制功能 3.编译安装:可定制,安装慢. 编译安装中需 ...

  10. Centos7 二进制安装 Kubernetes 1.13

    目录 1.目录 1.1.什么是 Kubernetes? 1.2.Kubernetes 有哪些优势? 2.环境准备 2.1.网络配置 2.2.更改 HOSTNAME 2.3.配置ssh免密码登录登录 2 ...

随机推荐

  1. python 装饰器的使用

    装饰器本质上是一个Python函数,它可以让其他函数在不需要做任何代码变动的前提下增加额外功能,装饰器的返回值也是一个函数对象.它经常用于有切面需求的场景,比如:插入日志.性能测试.事务处理.缓存.权 ...

  2. mysql or in union all 使用方法

    or的用法 select * from bt where bt.ID =98 or bt.ID = 1222 or bt.ID = 8903; in 的用法 select * from bt wher ...

  3. 跑马灯带你深入浅出TextView的源码世界

    一.背景 想必大家平时也没那么多时间是单独看源码,又或者只是单纯的看源码遇到问题还是不知道怎么从源码的角度解决. 但是大家平时开发过程中肯定会遇到这样或那样的小问题,通过百度.Google搜索都无果, ...

  4. SpringCloud-Consul

    1. Consul 简介 Consul是 HashiCorp 公司推出的开源工具,用于实现分布式系统的服务发现与配置.与其它分布式服 务注册与发现的方案,Consul 的方案更"一站式&qu ...

  5. 遇到REMOTE HOST IDENTIFICATION HAS CHANGED怎么办?

    今日遇到如下问题: 警告的大概意思就是,主机密钥发生变更,并提示安全风险(可能存在中间人攻击) 但是事实是,这是因为我重装系统之后遇到的问题.重装系统后,指纹当然会发生变化了...在Xshell实验中 ...

  6. 通过blacklist来禁用驱动

    blacklist黑名单 我们在linux中安装驱动,有时会遇到受限或冲突,通常解决方式都是要修改blacklist.conf.对内核模块来说,黑名单是指禁止某个模块装入的机制 在 /etc/modp ...

  7. SQL获取当前时间(日期)

    --获取当前日期(如:yyyymmdd)select CONVERT (nvarchar(12),GETDATE(),112) --获取当前日期(如:yyyymmdd hh:MM:ss)select ...

  8. Linux下mysql的彻底卸载

    1.查看mysql的安装情况 rpm -qa | grep -i mysql 2.删除上图安装的软件 rpm -ev mysql-community-libs-5.7.27-1.el6.x86_64 ...

  9. 通过Kuberneters Goat学习K8S安全(上)

    实验环境:https://katacoda.com/madhuakula/scenarios/kubernetes-goat 0x1.敏感信息泄露利用 第一关是代码泄露利用,打开网站后显示: 告诉我们 ...

  10. BUU findkey

    定位关键函数 跟入flag找到问题位置 两行一样的代码,nop掉第二行,按p生成函数 代码审计 int __userpurge sub_4018C4@<eax>(int a1@<eb ...