gpt4 book ai didi

kubernetes - 印花布/节点未准备好 : BIRD is not ready: BGP not established

转载 作者:行者123 更新时间:2023-12-02 11:30:31 25 4
gpt4 key购买 nike

我正在运行 Kubernetes 1.13.2,使用 kubeadm 进行设置,并且正在努力启动和运行 calico 3.5。集群运行在 KVM 之上。

设置:

  • kubeadm init --apiserver-advertise-address=10.255.253.20 --pod-network-cidr=192.168.0.0/16
  • 修改 calico.yaml要包含的文件:
        - name: IP_AUTODETECTION_METHOD
    value: "interface=ens.*"
  • 已申请 rbac.yaml , etcd.yaml , calico.yaml

  • 来自 kubectl describe pods 的输出:
    Events:
    Type Reason Age From Message
    ---- ------ ---- ---- -------
    Normal Scheduled 23m default-scheduler Successfully assigned kube-system/calico-node-hjwrc to k8s-master-01
    Normal Pulling 23m kubelet, k8s-master-01 pulling image "quay.io/calico/cni:v3.5.0"
    Normal Pulled 23m kubelet, k8s-master-01 Successfully pulled image "quay.io/calico/cni:v3.5.0"
    Normal Created 23m kubelet, k8s-master-01 Created container
    Normal Started 23m kubelet, k8s-master-01 Started container
    Normal Pulling 23m kubelet, k8s-master-01 pulling image "quay.io/calico/node:v3.5.0"
    Normal Pulled 23m kubelet, k8s-master-01 Successfully pulled image "quay.io/calico/node:v3.5.0"
    Warning Unhealthy 23m kubelet, k8s-master-01 Readiness probe failed: calico/node is not ready: felix is not ready: Get http://localhost:9099/readiness: dial tcp [::1]:9099: connect: connection refused
    Warning Unhealthy 23m kubelet, k8s-master-01 Liveness probe failed: Get http://localhost:9099/liveness: dial tcp [::1]:9099: connect: connection refused
    Normal Created 23m (x2 over 23m) kubelet, k8s-master-01 Created container
    Normal Started 23m (x2 over 23m) kubelet, k8s-master-01 Started container
    Normal Pulled 23m kubelet, k8s-master-01 Container image "quay.io/calico/node:v3.5.0" already present on machine
    Warning Unhealthy 3m32s (x23 over 7m12s) kubelet, k8s-master-01 Readiness probe failed: calico/node is not ready: BIRD is not ready: BGP not established with 10.255.253.22

    来自 calicoctl node status 的输出:
    Calico process is running.

    IPv4 BGP status
    +---------------+-------------------+-------+----------+---------+
    | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
    +---------------+-------------------+-------+----------+---------+
    | 10.255.253.22 | node-to-node mesh | start | 16:24:44 | Passive |
    +---------------+-------------------+-------+----------+---------+

    IPv6 BGP status
    No IPv6 peers found.

    来自 ETCD_ENDPOINTS=http://localhost:6666 calicoctl get nodes -o yaml 的输出:
        apiVersion: projectcalico.org/v3
    items:
    - apiVersion: projectcalico.org/v3
    kind: Node
    metadata:
    annotations:
    projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/hostname":"k8s-master-01","node-role.kubernetes.io/master":""}'
    creationTimestamp: 2019-01-31T16:08:56Z
    labels:
    beta.kubernetes.io/arch: amd64
    beta.kubernetes.io/os: linux
    kubernetes.io/hostname: k8s-master-01
    node-role.kubernetes.io/master: ""
    name: k8s-master-01
    resourceVersion: "28"
    uid: 82fee4dc-2572-11e9-8ab7-5254002c725d
    spec:
    bgp:
    ipv4Address: 10.255.253.20/24
    ipv4IPIPTunnelAddr: 192.168.151.128
    orchRefs:
    - nodeName: k8s-master-01
    orchestrator: k8s
    - apiVersion: projectcalico.org/v3
    kind: Node
    metadata:
    annotations:
    projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/hostname":"k8s-worker-01"}'
    creationTimestamp: 2019-01-31T16:24:44Z
    labels:
    beta.kubernetes.io/arch: amd64
    beta.kubernetes.io/os: linux
    kubernetes.io/hostname: k8s-worker-01
    name: k8s-worker-01
    resourceVersion: "170"
    uid: b7c2c5a6-2574-11e9-aaa4-5254007d5f6a
    spec:
    bgp:
    ipv4Address: 10.255.253.22/24
    ipv4IPIPTunnelAddr: 192.168.36.192
    orchRefs:
    - nodeName: k8s-worker-01
    orchestrator: k8s
    kind: NodeList
    metadata:
    resourceVersion: "395"

    来自 ETCD_ENDPOINTS=http://localhost:6666 calicoctl get bgppeers 的输出:
    NAME   PEERIP   NODE   ASN

    来自 kubectl logs 的输出:
    2019-01-31 17:01:20.519 [INFO][48] int_dataplane.go 751: Applying dataplane updates
    2019-01-31 17:01:20.519 [INFO][48] ipsets.go 223: Asked to resync with the dataplane on next update. family="inet"
    2019-01-31 17:01:20.519 [INFO][48] ipsets.go 254: Resyncing ipsets with dataplane. family="inet"
    2019-01-31 17:01:20.523 [INFO][48] ipsets.go 304: Finished resync family="inet" numInconsistenciesFound=0 resyncDuration=3.675284ms
    2019-01-31 17:01:20.523 [INFO][48] int_dataplane.go 765: Finished applying updates to dataplane. msecToApply=4.124166000000001
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 36329)
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 52383)
    2019-01-31 17:01:23.182 [INFO][48] health.go 150: Overall health summary=&health.HealthReport{Live:true, Ready:true}
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 39661)
    2019-01-31 17:01:25.433 [INFO][48] health.go 150: Overall health summary=&health.HealthReport{Live:true, Ready:true}
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 57359)
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 47151)
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 39243)
    2019-01-31 17:01:30.943 [INFO][48] int_dataplane.go 751: Applying dataplane updates
    2019-01-31 17:01:30.943 [INFO][48] ipsets.go 223: Asked to resync with the dataplane on next update. family="inet"
    2019-01-31 17:01:30.943 [INFO][48] ipsets.go 254: Resyncing ipsets with dataplane. family="inet"
    2019-01-31 17:01:30.945 [INFO][48] ipsets.go 304: Finished resync family="inet" numInconsistenciesFound=0 resyncDuration=2.369997ms
    2019-01-31 17:01:30.946 [INFO][48] int_dataplane.go 765: Finished applying updates to dataplane. msecToApply=2.8165820000000004
    bird: BGP: Unexpected connect from unknown address 10.255.253.14 (port 60641)
    2019-01-31 17:01:33.190 [INFO][48] health.go 150: Overall health summary=&health.HealthReport{Live:true, Ready:true}

    注意:上面的未知地址(10.255.253.14)是 br0下的IP在 KVM 主机上,不太确定它为什么出现。

    最佳答案

    我得到了解决方案:

    ifconfig 的第一个偏好(在我的例子中)它会尝试连接到不是正确 ip 的工作节点。

    解决方案:使用以下步骤更改 calico.yaml 文件以将该 ip 覆盖为 etho-ip。

    需要开放端口Calico networking (BGP) - TCP 179

     # Specify interface
    - name: IP_AUTODETECTION_METHOD
    value: "interface=eth1"

    calico.yaml
    ---
    # Source: calico/templates/calico-config.yaml
    # This ConfigMap is used to configure a self-hosted Calico installation.
    kind: ConfigMap
    apiVersion: v1
    metadata:
    name: calico-config
    namespace: kube-system
    data:
    # Typha is disabled.
    typha_service_name: "none"
    # Configure the backend to use.
    calico_backend: "bird"

    # Configure the MTU to use
    veth_mtu: "1440"

    # The CNI network configuration to install on each node. The special
    # values in this config will be automatically populated.
    cni_network_config: |-
    {
    "name": "k8s-pod-network",
    "cniVersion": "0.3.1",
    "plugins": [
    {
    "type": "calico",
    "log_level": "info",
    "datastore_type": "kubernetes",
    "nodename": "__KUBERNETES_NODE_NAME__",
    "mtu": __CNI_MTU__,
    "ipam": {
    "type": "calico-ipam"
    },
    "policy": {
    "type": "k8s"
    },
    "kubernetes": {
    "kubeconfig": "__KUBECONFIG_FILEPATH__"
    }
    },
    {
    "type": "portmap",
    "snat": true,
    "capabilities": {"portMappings": true}
    }
    ]
    }

    ---
    # Source: calico/templates/kdd-crds.yaml
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: felixconfigurations.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: FelixConfiguration
    plural: felixconfigurations
    singular: felixconfiguration
    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: ipamblocks.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: IPAMBlock
    plural: ipamblocks
    singular: ipamblock

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: blockaffinities.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: BlockAffinity
    plural: blockaffinities
    singular: blockaffinity

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: ipamhandles.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: IPAMHandle
    plural: ipamhandles
    singular: ipamhandle

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: ipamconfigs.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: IPAMConfig
    plural: ipamconfigs
    singular: ipamconfig

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: bgppeers.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: BGPPeer
    plural: bgppeers
    singular: bgppeer

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: bgpconfigurations.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: BGPConfiguration
    plural: bgpconfigurations
    singular: bgpconfiguration

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: ippools.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: IPPool
    plural: ippools
    singular: ippool

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: hostendpoints.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: HostEndpoint
    plural: hostendpoints
    singular: hostendpoint

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: clusterinformations.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: ClusterInformation
    plural: clusterinformations
    singular: clusterinformation

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: globalnetworkpolicies.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: GlobalNetworkPolicy
    plural: globalnetworkpolicies
    singular: globalnetworkpolicy

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: globalnetworksets.crd.projectcalico.org
    spec:
    scope: Cluster
    group: crd.projectcalico.org
    version: v1
    names:
    kind: GlobalNetworkSet
    plural: globalnetworksets
    singular: globalnetworkset

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: networkpolicies.crd.projectcalico.org
    spec:
    scope: Namespaced
    group: crd.projectcalico.org
    version: v1
    names:
    kind: NetworkPolicy
    plural: networkpolicies
    singular: networkpolicy

    ---

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: networksets.crd.projectcalico.org
    spec:
    scope: Namespaced
    group: crd.projectcalico.org
    version: v1
    names:
    kind: NetworkSet
    plural: networksets
    singular: networkset
    ---
    # Source: calico/templates/rbac.yaml

    # Include a clusterrole for the kube-controllers component,
    # and bind it to the calico-kube-controllers serviceaccount.
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: calico-kube-controllers
    rules:
    # Nodes are watched to monitor for deletions.
    - apiGroups: [""]
    resources:
    - nodes
    verbs:
    - watch
    - list
    - get
    # Pods are queried to check for existence.
    - apiGroups: [""]
    resources:
    - pods
    verbs:
    - get
    # IPAM resources are manipulated when nodes are deleted.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - ippools
    verbs:
    - list
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - blockaffinities
    - ipamblocks
    - ipamhandles
    verbs:
    - get
    - list
    - create
    - update
    - delete
    # Needs access to update clusterinformations.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - clusterinformations
    verbs:
    - get
    - create
    - update
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: calico-kube-controllers
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: calico-kube-controllers
    subjects:
    - kind: ServiceAccount
    name: calico-kube-controllers
    namespace: kube-system
    ---
    # Include a clusterrole for the calico-node DaemonSet,
    # and bind it to the calico-node serviceaccount.
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: calico-node
    rules:
    # The CNI plugin needs to get pods, nodes, and namespaces.
    - apiGroups: [""]
    resources:
    - pods
    - nodes
    - namespaces
    verbs:
    - get
    - apiGroups: [""]
    resources:
    - endpoints
    - services
    verbs:
    # Used to discover service IPs for advertisement.
    - watch
    - list
    # Used to discover Typhas.
    - get
    - apiGroups: [""]
    resources:
    - nodes/status
    verbs:
    # Needed for clearing NodeNetworkUnavailable flag.
    - patch
    # Calico stores some configuration information in node annotations.
    - update
    # Watch for changes to Kubernetes NetworkPolicies.
    - apiGroups: ["networking.k8s.io"]
    resources:
    - networkpolicies
    verbs:
    - watch
    - list
    # Used by Calico for policy information.
    - apiGroups: [""]
    resources:
    - pods
    - namespaces
    - serviceaccounts
    verbs:
    - list
    - watch
    # The CNI plugin patches pods/status.
    - apiGroups: [""]
    resources:
    - pods/status
    verbs:
    - patch
    # Calico monitors various CRDs for config.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - globalfelixconfigs
    - felixconfigurations
    - bgppeers
    - globalbgpconfigs
    - bgpconfigurations
    - ippools
    - ipamblocks
    - globalnetworkpolicies
    - globalnetworksets
    - networkpolicies
    - networksets
    - clusterinformations
    - hostendpoints
    verbs:
    - get
    - list
    - watch
    # Calico must create and update some CRDs on startup.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - ippools
    - felixconfigurations
    - clusterinformations
    verbs:
    - create
    - update
    # Calico stores some configuration information on the node.
    - apiGroups: [""]
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
    # These permissions are only requried for upgrade from v2.6, and can
    # be removed after upgrade or on fresh installations.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - bgpconfigurations
    - bgppeers
    verbs:
    - create
    - update
    # These permissions are required for Calico CNI to perform IPAM allocations.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - blockaffinities
    - ipamblocks
    - ipamhandles
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - ipamconfigs
    verbs:
    - get
    # Block affinities must also be watchable by confd for route aggregation.
    - apiGroups: ["crd.projectcalico.org"]
    resources:
    - blockaffinities
    verbs:
    - watch
    # The Calico IPAM migration needs to get daemonsets. These permissions can be
    # removed if not upgrading from an installation using host-local IPAM.
    - apiGroups: ["apps"]
    resources:
    - daemonsets
    verbs:
    - get
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
    name: calico-node
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: calico-node
    subjects:
    - kind: ServiceAccount
    name: calico-node
    namespace: kube-system

    ---
    # Source: calico/templates/calico-node.yaml
    # This manifest installs the calico-node container, as well
    # as the CNI plugins and network config on
    # each master and worker node in a Kubernetes cluster.
    kind: DaemonSet
    apiVersion: apps/v1
    metadata:
    name: calico-node
    namespace: kube-system
    labels:
    k8s-app: calico-node
    spec:
    selector:
    matchLabels:
    k8s-app: calico-node
    updateStrategy:
    type: RollingUpdate
    rollingUpdate:
    maxUnavailable: 1
    template:
    metadata:
    labels:
    k8s-app: calico-node
    annotations:
    # This, along with the CriticalAddonsOnly toleration below,
    # marks the pod as a critical add-on, ensuring it gets
    # priority scheduling and that its resources are reserved
    # if it ever gets evicted.
    scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
    nodeSelector:
    beta.kubernetes.io/os: linux
    hostNetwork: true
    tolerations:
    # Make sure calico-node gets scheduled on all nodes.
    - effect: NoSchedule
    operator: Exists
    # Mark the pod as a critical add-on for rescheduling.
    - key: CriticalAddonsOnly
    operator: Exists
    - effect: NoExecute
    operator: Exists
    serviceAccountName: calico-node
    # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
    # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
    terminationGracePeriodSeconds: 0
    priorityClassName: system-node-critical
    initContainers:
    # This container performs upgrade from host-local IPAM to calico-ipam.
    # It can be deleted if this is a fresh installation, or if you have already
    # upgraded to use calico-ipam.
    - name: upgrade-ipam
    image: calico/cni:v3.8.2
    command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
    env:
    - name: KUBERNETES_NODE_NAME
    valueFrom:
    fieldRef:
    fieldPath: spec.nodeName
    - name: CALICO_NETWORKING_BACKEND
    valueFrom:
    configMapKeyRef:
    name: calico-config
    key: calico_backend
    volumeMounts:
    - mountPath: /var/lib/cni/networks
    name: host-local-net-dir
    - mountPath: /host/opt/cni/bin
    name: cni-bin-dir
    # This container installs the CNI binaries
    # and CNI network config file on each node.
    - name: install-cni
    image: calico/cni:v3.8.2
    command: ["/install-cni.sh"]
    env:
    # Name of the CNI config file to create.
    - name: CNI_CONF_NAME
    value: "10-calico.conflist"
    # The CNI network config to install on each node.
    - name: CNI_NETWORK_CONFIG
    valueFrom:
    configMapKeyRef:
    name: calico-config
    key: cni_network_config
    # Set the hostname based on the k8s node name.
    - name: KUBERNETES_NODE_NAME
    valueFrom:
    fieldRef:
    fieldPath: spec.nodeName
    # CNI MTU Config variable
    - name: CNI_MTU
    valueFrom:
    configMapKeyRef:
    name: calico-config
    key: veth_mtu
    # Prevents the container from sleeping forever.
    - name: SLEEP
    value: "false"
    volumeMounts:
    - mountPath: /host/opt/cni/bin
    name: cni-bin-dir
    - mountPath: /host/etc/cni/net.d
    name: cni-net-dir
    # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
    # to communicate with Felix over the Policy Sync API.
    - name: flexvol-driver
    image: calico/pod2daemon-flexvol:v3.8.2
    volumeMounts:
    - name: flexvol-driver-host
    mountPath: /host/driver
    containers:
    # Runs calico-node container on each Kubernetes node. This
    # container programs network policy and routes on each
    # host.
    - name: calico-node
    image: calico/node:v3.8.2
    env:
    # Use Kubernetes API as the backing datastore.
    - name: DATASTORE_TYPE
    value: "kubernetes"
    # Wait for the datastore.
    - name: WAIT_FOR_DATASTORE
    value: "true"
    # Set based on the k8s node name.
    - name: NODENAME
    valueFrom:
    fieldRef:
    fieldPath: spec.nodeName
    # Choose the backend to use.
    - name: CALICO_NETWORKING_BACKEND
    valueFrom:
    configMapKeyRef:
    name: calico-config
    key: calico_backend
    # Cluster type to identify the deployment type
    - name: CLUSTER_TYPE
    value: "k8s,bgp"
    # Specify interface
    - name: IP_AUTODETECTION_METHOD
    value: "interface=eth1"
    # Auto-detect the BGP IP address.
    - name: IP
    value: "autodetect"
    # Enable IPIP
    - name: CALICO_IPV4POOL_IPIP
    value: "Always"
    # Set MTU for tunnel device used if ipip is enabled
    - name: FELIX_IPINIPMTU
    valueFrom:
    configMapKeyRef:
    name: calico-config
    key: veth_mtu
    # The default IPv4 pool to create on startup if none exists. Pod IPs will be
    # chosen from this range. Changing this value after installation will have
    # no effect. This should fall within `--cluster-cidr`.
    - name: CALICO_IPV4POOL_CIDR
    value: "192.168.0.0/16"
    # Disable file logging so `kubectl logs` works.
    - name: CALICO_DISABLE_FILE_LOGGING
    value: "true"
    # Set Felix endpoint to host default action to ACCEPT.
    - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
    value: "ACCEPT"
    # Disable IPv6 on Kubernetes.
    - name: FELIX_IPV6SUPPORT
    value: "false"
    # Set Felix logging to "info"
    - name: FELIX_LOGSEVERITYSCREEN
    value: "info"
    - name: FELIX_HEALTHENABLED
    value: "true"
    securityContext:
    privileged: true
    resources:
    requests:
    cpu: 250m
    livenessProbe:
    httpGet:
    path: /liveness
    port: 9099
    host: localhost
    periodSeconds: 10
    initialDelaySeconds: 10
    failureThreshold: 6
    readinessProbe:
    exec:
    command:
    - /bin/calico-node
    - -bird-ready
    - -felix-ready
    periodSeconds: 10
    volumeMounts:
    - mountPath: /lib/modules
    name: lib-modules
    readOnly: true
    - mountPath: /run/xtables.lock
    name: xtables-lock
    readOnly: false
    - mountPath: /var/run/calico
    name: var-run-calico
    readOnly: false
    - mountPath: /var/lib/calico
    name: var-lib-calico
    readOnly: false
    - name: policysync
    mountPath: /var/run/nodeagent
    volumes:
    # Used by calico-node.
    - name: lib-modules
    hostPath:
    path: /lib/modules
    - name: var-run-calico
    hostPath:
    path: /var/run/calico
    - name: var-lib-calico
    hostPath:
    path: /var/lib/calico
    - name: xtables-lock
    hostPath:
    path: /run/xtables.lock
    type: FileOrCreate
    # Used to install CNI.
    - name: cni-bin-dir
    hostPath:
    path: /opt/cni/bin
    - name: cni-net-dir
    hostPath:
    path: /etc/cni/net.d
    # Mount in the directory for host-local IPAM allocations. This is
    # used when upgrading from host-local to calico-ipam, and can be removed
    # if not using the upgrade-ipam init container.
    - name: host-local-net-dir
    hostPath:
    path: /var/lib/cni/networks
    # Used to create per-pod Unix Domain Sockets
    - name: policysync
    hostPath:
    type: DirectoryOrCreate
    path: /var/run/nodeagent
    # Used to install Flex Volume Driver
    - name: flexvol-driver-host
    hostPath:
    type: DirectoryOrCreate
    path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
    ---

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: calico-node
    namespace: kube-system

    ---
    # Source: calico/templates/calico-kube-controllers.yaml

    # See https://github.com/projectcalico/kube-controllers
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: calico-kube-controllers
    namespace: kube-system
    labels:
    k8s-app: calico-kube-controllers
    spec:
    # The controllers can only have a single active instance.
    replicas: 1
    selector:
    matchLabels:
    k8s-app: calico-kube-controllers
    strategy:
    type: Recreate
    template:
    metadata:
    name: calico-kube-controllers
    namespace: kube-system
    labels:
    k8s-app: calico-kube-controllers
    annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
    nodeSelector:
    beta.kubernetes.io/os: linux
    tolerations:
    # Mark the pod as a critical add-on for rescheduling.
    - key: CriticalAddonsOnly
    operator: Exists
    - key: node-role.kubernetes.io/master
    effect: NoSchedule
    serviceAccountName: calico-kube-controllers
    priorityClassName: system-cluster-critical
    containers:
    - name: calico-kube-controllers
    image: calico/kube-controllers:v3.8.2
    env:
    # Choose which controllers to run.
    - name: ENABLED_CONTROLLERS
    value: node
    - name: DATASTORE_TYPE
    value: kubernetes
    readinessProbe:
    exec:
    command:
    - /usr/bin/check-status
    - -r

    ---

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: calico-kube-controllers
    namespace: kube-system
    ---
    # Source: calico/templates/calico-etcd-secrets.yaml

    ---
    # Source: calico/templates/calico-typha.yaml

    ---
    # Source: calico/templates/configure-canal.yaml

    关于kubernetes - 印花布/节点未准备好 : BIRD is not ready: BGP not established,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54465963/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com