Questions tagged as ['calico']
I am trying to configure a network configuration in our Kubernetes cluster via Helm with Calico, we are running minikube with calico like this:
minikube start --network-plugin=cni --cni=calico
And we include the network config like this:
# network attachement
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: sriov-albora
namespace: test
annotations:
...
I am attempting to direct client traffic to a kubernetes cluster NodePort listening on 192.168.1.100.30000 (https port).
Client's needs to make a request to 192.168.1.100.8000 so I added the following REDIRECT rule in iptables:
iptables -t nat -I PREROUTING -p tcp --dst 192.168.1.100 --dport 8000 -j REDIRECT --to-port 30000
iptables -t nat -I OUTPUT -d 192.168.1.100 -p tcp --dport 8000 -j REDIRECT --t ...
We currently have a kubernetes cluster (using calico) where all worker nodes are connected together with lacp bonds (2x10GB links with LACP Mode 4 - 802.3ad).
However, the maximum throughput we manage to get between 2 pods is 10 GB/s. According to some documentation, we should be able to achieve 20 GB/s. According to wikipedia, it seems to be a normal behavior:
This selects the same NIC slave for e ...
Team,
I have Mellanox Nic ConnectX-4 on a k8s worker node and it hosts a nodeLocal dns pod on it. The nodeLocalDns pod is timing out when trying to connect to coreDns service on k8s cluster.
Same works on Ubuntu18.
Versions failing with
k8s v1.13.5 Baremetal
Ubuntu 20.04.4 LTS
kernel 5.4.0-100-generic
docker://19.3.13
below works well.
k8s v1.13.5 Baremetal
Ubuntu 18.04.2 LTS
kernel ...
I have a lab environment for studying Kubernetes.
It has Calico CNI installed.
Kuberentes version: 1.20.
I would like to rename the single master node in the cluster.
Preferably, without recreating the whole Kubernetes cluster or overriding the master node name.
The idea is to learn to do it right too.
I tought about adding a temporary master node in addition and remove the original master node ...
I am trying to migrate from flannel to calico in k8s cluster. I am able to do it successfully in 3 node cluster. Live migration from flannel to calico is working as described in the documentation.
But migration from flannel to calico on single node k8s cluster is not supported as per this issue.
I have to do live migration from flannel to calico on single node, any suggestions on approaches is apprec ...
I'm trying to set up k8s cluster on Hetzner and export pods routes to server (172.20.0.5 in topology below) with FRR(Quagga) running on it. I use calico with BIRD as cni plugin. The problem is that FRR incorrectly exports (recursive) routes to kernel table.
Frr config:
show running-config
Current configuration:
!
frr version 8.1
frr defaults traditional
hostname deb-front-1
log sysl ...
My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated EIP per namespace. AFAIK there are no off the shelf solutions available for this problem. I have searched long and hard on the internet but in vain. Here are some of the solutions that I have tired, but even ...
I am learning k8s and I have 3 nodes k8s cluster. I have just recently deployed k8s with kubeadmin and so far it is working great. everything working perfectly but the only problem that I am facing is network throughput. my three nodes and replica sets are like this
2 Pods on each node can communicate to each other just fine with 9GB throughput in iperf test. However, when pods on different nodes ...
I am currently running Kubernetes with Calico v3.20.2 as the CNI. I have a very unique case where I need to send UDP traffic from a specific DaemonSet Pod to an external server which will read the sourceIP:sourcePort combination of the IP headers, and send the response by setting those two as the destIP:destPort fields. Since different UDP sessions will randomly choose different randomised source ports ...
I have a fresh install of Ubuntu, a fresh install of k3s, and a fresh download of calicoctl. I have installed it the following way.
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644"\
INSTALL_K3S_EXEC="--flannel-backend=none --cluster-cidr=192.168.0.0/16\
--disable-network-policy --disable=traefik" sh -
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operato ...My network setup:
With this setup, only nodes on same subnet can establish bgp connection. Other nodes (that do a full 3 way tcp handshake), responds to hte OPEN message with [FIN, ACK] then a [RST] hence the Connection reset by peer message in my calicoctl node status <- is on controller 3 (10.0.3.100)
IPv4 BGP status
+--------------+-------------------+-------+----- ...I'm playing with Kubernetes and got two VirtualBox machines - master and worker. Every one has two network interfaces - one for Internet and other for communication between each other VM and host machine. And I got troubles with Calico setup because it autodetects wrong network interface. I've made few settings to fix it but one trouble remains - worker takes wrong IP. And I found how to fix it - but it ...
I have this use case: Setup multiple k8s clusters that can communicate with each other. I also have one network per cluster for intra-cluster communication and another network for inter-cluster communication and for external access in general. Like below:
I am currently leveraging flannel as the network plugin. My understanding is that flannel does not support this use-case (assumption).
Is this s ...
I have a baremetal K8 cluster setup using Kubespray (Calico as CNI) and have dual stack enabled. I can see that all the pods that get deployed get both IPv4 and IPv6 addresses but when I try to install nginx-ingress controller using nginx helm chart the services only have IPv4 enabled and assigned. I can see the following spec when I do kubectl get on the service:
kubectl get svc ingress-nginx-cont ...
I've installed kubernetes master and one node v 1.20. I deployed nginx with
kubectl run nginxpod --image=nginx
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginxpod 1/1 Running 0 19s 192.168.2.195 xps15-9560 <none> <none>
On master when I curl on master it times out ...
I am trying to install calico on an existing single-node kubernetes cluster (installed through kubeadm). The two manifests are tigera-operator and custom-resources. This works fine if I manually install it through kubectl:
kubectl -f apply tigera-operator.yaml
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgp ...
I have a Kubernetes cluster with calico policy applied. Below pods display in my cluster:
kube-system pod/calico-node-xxxx
kube-system pod/calico-kube-controllers-xxxxxx
kube-system pod/metrics-server-xxxxx
kube-system pod/local-path-provisioner-xxxxx
kube-system pod/coredns-xxxxx
app-system pod/my-app-xxxx
Is there any calicoctl or kubectl command to re ...
I have a pod with a cluster IP of 10.233.70.35 in a bare metal Kubernetes 1.19 cluster with Calico 3.16.9 as CNI. Let's call this Pod A. In most nodes (which is different from the node of Pod A), a pod (Pod B) in the same Kubernetes namespace can reach Pod A as shown in the pcap on the node where Pod A is below:
# tcpdump -vv -i calib33bd7211a6|grep 10.233.109.62
tcpdump: listening on calib33bd7211a6, l ...
I have a Kubernetes cluster with 3 masters and 3 workers, this cluster uses Weavenet as network CNI and I want to change network CNI and use Calico, can I change it inplace without removing resources? this is my cluster version:
$kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", Build ...
We are about to start setting up a new kubernetes cluster on bare metal at our own datacenter. The documentation for the k8s moduls and services is great, however I was not able to find any comprehensive top view documentation on the components necessary to meet our requirements:
Pods need to be reachable via IPv4 and IPv6 Pods need to be able to move between hosts and still be reachable on both ...
ENVIRONMENT:
I am running RKE2 Rancher's Kubernetes distribution. (docs)
I have a single node cluster.
CNI: Calico; Calico is using iptables backend
iptables version: iptables v1.8.7 (legacy)
firewalld version: 0.9.3 (uses nftables by default)
Issue: I have a Hashicorp vault and Kubernetes cronjob running responsible for unsealing and initializing the vault on K8s cluster.
Because of some issue in netwo ...
I have a K3s setup with calico pods [calico-node- & calico-kube-controllers-] running. On uninstalling K3s, calico pods get deleted but I see that calicoctl and iptables -S commands still running and shows data.
I want to delete calico (including calicoctl and Iptables created by calico) completely. Which commands will help me to do so ?
K3s uninstalltion command: /usr/local/bin/k3s-uninstall ...
Is that possible to assign pod an IP address which the same as the IP range of my K8s node?
For example:
I have an on-premise K8s cluster that includes 3 work nodes. All nodes are using the 10.138.1.0/24 IP range as INTERNAL-IP. It is the IP address of the server NIC.
Can I use the 10.138.1.100 IP address in my pod?
I am very new to K8s, any help is appreciated!
I have Calico installed on my cluster but a few days ago pod routing stopped working. I noticed the calico pods went offline and from the logs I got this:
2021-07-12 08:36:43.524 [INFO][1] main.go 92: Loaded configuration from environment config=&config.Config{LogLevel:"info", WorkloadEndpointWorkers:1, ProfileWorkers:1, PolicyWorkers:1, NodeWorkers:1, Kubeconfig:"", DatastoreType:"kubernetes"} ...
kube-system pod/calico-node-9czgm 0/1 Running 3 42d
kube-system pod/calico-node-msfjk 0/1 Running 0 5m37s
...is what I get when a let "moon" to join the cluster as outlined below...
NAMESPACE NAME STATUS ROLES AGE VERSION
node/moon Ready <none> ...
I installed flannel as a CNI for my Kubernetes cluster. Now I want to add a network policy to my cluster. After searching I find Canal (Calico for policy and flannel for networking).
How I can migrate from flannel to canal? Or is there any way to install Calico network policy alongside current flannel installation?
Thanks
I have an application running with kubernetes orchestrator. I want to implement calico network policy based on domain name or wildcard characters so that domain names (FQDN/DNS) can be used to allow access from a pod or set of pods (via label selector).
I came across calico doc which says the same thing, but not sure if this is free or paid ? Can someone confirm this? also where I can get example of ...
I have a application running with kubernetes orchestrator. I want to implement calico network policy based on domain name Regex matching. I am seeing in calico doc that they are using ip range(CIDR) to control incoming and outgoing calls.
Can same thing be done using domain name regex matching instead of CIDR ? Some example would be helpful.
For instance I want my calico network policy to allow in ...