Calico网络故障排查(calico_node is not ready: BIRD is not ready)

现象

$ kubectl get pod -n kube-system |grep calico
calico-kube-controllers-845d6f7877-7qnbl   1/1     Running     1          69d
calico-node-9dcqj                          1/1     Running     0          69d
calico-node-cxw4t                          1/1     Running     0          69d
calico-node-jm7tf                          0/1     Running     0          69d
calico-node-s47bs                          0/1     Running     0          19m
calico-node-xm54k                          0/1     Running     0          69d
calico-node-zh7cp                          0/1     Running     0          69d

# 查看相关信息
$ kubectl describe pod -n kube-system calico-node-jm7tf
Events:
  Type     Reason     Age                     From     Message
  ----     ------     ----                    ----     -------
  Warning  Unhealthy  70s (x572842 over 66d)  kubelet  (combined from similar events): Readiness probe failed: 2024-09-26 08:52:40.197 [INFO][2981013] confd/health.go 180: Number of node(s) with BGP peering established = 0
calico/node is not ready: BIRD is not ready: BGP not established with 172.21.0.1,100.99.18.1,100.99.18.2,172.18.0.1
BASH

解决过程

1. 查看calico官网上关于此问题的解释，如下：

官网链接：https://docs.projectcalico.org/archive/v3.18/networking/ip-autodetection

By default, Calico uses the first-found method; the first valid IP address on the first interface (excluding local interfaces such as the docker bridge). However, you can change the default method to any of the following:

• Address used by the node to reach a particular IP or domain (can-reach)
• Regex to include matching interfaces (interface)
• Regex to exclude matching interfaces (skip-interface

大致意思是说：calico默认采用first-found方法，选择第一个接口的第一个有效IP地址（排除本地网桥接口），但是上面的情况，就是calico采用172.19.0.1网桥地址，这个比较疑惑

官网建议采用can-reach、interface、skip-inteface方式之一，通过修改 IP_AUTODETECTION_METHOD，让IP自动探测固定到某一个接口或者IP上

2. 解决方案

kubectl set env daemonset.apps/calico-node  -n kube-system IP_AUTODETECTION_METHOD=interface=ens.*
BASH