概要
Kubernetes を構築し、CNI として Calico をインストールした際に calico-node
Pod が READY
とならず、BGP 関連のエラーが出ていた。
[root@bastion ~]# kubectl get pods -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-57758d645c-zz6qc 1/1 Running 0 6m33s 10.85.0.2 k8s-worker01.myhomelab.test <none> <none>
kube-system calico-node-5t6bk 0/1 Running 0 5m17s 192.168.104.12 k8s-worker02.myhomelab.test <none> <none>
kube-system calico-node-6f44x 0/1 Running 0 6m33s 192.168.104.11 k8s-worker01.myhomelab.test <none> <none>
kube-system calico-node-77wlx 0/1 Running 0 6m33s 192.168.104.10 localhost.localdomain <none> <none>
:
[root@bastion ~]# kubectl -n kube-system describe po calico-node-77wlx
:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 20s default-scheduler Successfully assigned kube-system/calico-node-77wlx to k8s-worker02.myhomelab.test
Normal Pulled 20s kubelet Container image "docker.io/calico/cni:master" already present on machine
Normal Created 20s kubelet Created container upgrade-ipam
Normal Started 20s kubelet Started container upgrade-ipam
Normal Pulled 19s kubelet Container image "docker.io/calico/cni:master" already present on machine
Normal Created 19s kubelet Created container install-cni
Normal Started 19s kubelet Started container install-cni
Normal Pulled 18s kubelet Container image "docker.io/calico/node:master" already present on machine
Normal Created 18s kubelet Created container mount-bpffs
Normal Started 18s kubelet Started container mount-bpffs
Normal Pulled 17s kubelet Container image "docker.io/calico/node:master" already present on machine
Normal Created 17s kubelet Created container calico-node
Normal Started 17s kubelet Started container calico-node
Warning Unhealthy 15s (x2 over 16s) kubelet Readiness probe failed: calico/node is not ready: BIRD is not ready: Error querying BIRD: unable to connect to BIRDv4 socket: dial unix /var/run/calico/bird.ctl: connect: connection refused
Warning Unhealthy 10s kubelet Readiness probe failed: 2024-04-06 11:21:47.916 [INFO][210] confd/health.go 202: Number of node(s) with BGP peering established = 0
calico/node is not ready: BIRD is not ready: BGP not established with 192.168.104.11,192.168.104.10 <<<<<< Errors
解決方法
各ノードで BGP が許可されていないことによるエラー。BGP は 179/tcp
を使用するため、各ノードで当該ポートの穴あけをする。
今回は CentOS9 だったので firewalld
の設定を追加:
[root@k8s-worker02 ~]# firewall-cmd --add-port=179/tcp --zone=public --permanent
success
[root@k8s-worker02 ~]# firewall-cmd --reload