Cannot make a curl to pod's IP probably due to interface mismatch #10233
Comments
|
You have a whole bunch of interfaces on your node, k8s may have picked one of the ifaces as the main and use its IP as the node's internal IP, calico may have auto detected another IP. Check out https://docs.tigera.io/calico/latest/networking/ipam/ip-autodetection Could you provide |
|
I tried IP autodection modes (can-reach and interface) but it doesn't work. My |
|
Just add more information to narrow down the problem. The same installation procedure above works on the K8S cluster with a single VM having several interfaces. The problem described in this issue is with a physical machine with multiple network cards |
|
@tomastigera Anything else do you need for your investigation ? It seems to me that this is a bug. Thanks, |
|
Your node from the logs above picked The It also says VXLAN always, but I do not see any vxlan device. I do see a vxlan device in the list of device of the VM. However I do see So I think the device is missing and the routes to pods on other nodes via the vxlan device are missing too. And that is the problem. But I cannot tell, why they are missing 🤔 |
|
Have you tried a newer version than v3.27.2? |
|
I tried with the latest version v3.30 (https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises) but the problem is always there.
I modified only the CIDR field in the example file https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/custom-resources.yaml calico-node.log ip r Anything else do you want to look at ? |
|
@TuanTranBPK I see this line in your calico-node log: And it seems like the VXLAN device does get that interface Do you know if that interface choice is "wrong"? (not the one connected to the rest of the cluster or something to that effect?) You mentioned this
But what were the results when trying these modes? Did you try using CIDR(s) as well (https://docs.tigera.io/calico/latest/networking/ipam/ip-autodetection#change-the-autodetection-method)? |
Uh oh!
There was an error while loading. Please reload this page.
I install a K8S cluster using kubeadm
sudo kubeadm init --pod-network-cidr=10.42.0.0/16kubectl taint nodes --all node-role.kubernetes.io/control-plane-kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.2/manifests/tigera-operator.yamlkubectl apply -f calico-config.yamlcalico-config.txt
Then install nginx pod
Expected Behavior
From the node, I should be able to make a curl to nginx's pod IP
Current Behavior
The curl is failed
[trant@eam32 calico]$ curl -v 10.42.53.71
curl: (7) Failed to connect to 10.42.53.71 port 80: No route to host
The confusing part is when I perform a tcpdump on the cali7072c88a915 interface, I see ARP message with different IP address/interface (172.30.2.1) than the IP address/interface shown on the node (10.12.178.104)
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on cali7072c88a915, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:55:37.324031 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
22:55:38.368903 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
22:55:39.392902 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
22:55:40.417003 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
22:55:41.440908 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
22:55:42.464908 ARP, Request who-has 10.42.53.71 tell 172.30.2.1, length 28
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
eam32 Ready control-plane 28m v1.30.5 10.12.178.104 Rocky Linux 9.5 (Blue Onyx) 5.14.0-503.19.1.el9_5.x86_64 cri-o://1.22.5
Possible Solution
Don't know
Steps to Reproduce (for bugs)
Se above
Context
Your Environment
The network/interface configuration is in the attachment
ip_a.txt
Calico log:
calico-node.log
The text was updated successfully, but these errors were encountered: