Closed suiny closed 3 years ago
Anyone can answer? :(
@neiljerram Could you look into this?
@song-jiang @suiny Sure, I've started to take a look. Please be patient though, as I don't see a really obvious cause here!
@suiny Sorry for such a long hiatus. Is this issue still live for you?
So I tried to apply it manually, but it didn't work either.
I think you need a semicolon at the end of listen bgp port 11179
.
Recommend birdcl configure
, instead of sv hup bird
, as birdcl
will tell you if the new configuration is valid.
calicoctl get BGPConfiguration default
When you use BGPConfiguration to set the listen port, can you use cat /etc/calico/confd/config/bird.cfg
to show us the BIRD config that you have?
@neiljerram thanks for reply I tried as you told, but listen port(179 -> 11179) doesn't change.
[root@worker /]# grep 11179 /etc/calico/confd/config/bird.cfg
listen bgp port 11179;
[root@worker /]# birdcl configure
BIRD v0.3.3+birdv1.6.8 ready.
Reading configuration from /etc/calico/confd/config/bird.cfg
Reconfigured
[root@worker ~]# netstat -nap|grep -w LISTEN|grep bird
tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 121692/bird
[root@worker /]# cat /etc/calico/confd/config/bird.cfg
function apply_communities ()
{
}
include "bird_aggr.cfg"; include "bird_ipam.cfg";
router id 10.0.0.1;
protocol kernel { learn; # Learn all alien routes from the kernel persist; # Don't remove routes on bird shutdown scan time 2; # Scan kernel routing table every 2 seconds import all; export filter calico_kernel_programming; # Default is export none graceful restart; # Turn on graceful restart to reduce potential flaps in
# automatic mesh, there is no way to prevent BGP from
# flapping since multiple nodes update their BGP
# configuration at the same time, GR is not guaranteed to
# work correctly in this scenario.
}
protocol device { debug { states }; scan time 2; # Scan interfaces every 2 seconds }
protocol direct { debug { states }; interface -"cali", -"kube-ipvs", ""; # Exclude cali and kube-ipvs* but
# IPVS-mode, kube-proxy creates a
# kube-ipvs0 interface. We exclude
# kube-ipvs0 because this interface
# gets an address for every in use
# cluster IP. We use static routes
# for when we legitimately want to
# export cluster IPs.
}
template bgp bgp_template { debug { states }; description "Connection to BGP peer"; local as 64512; multihop; gateway recursive; # This should be the default, but just in case. import all; # Import all routes, since we don't know what the upstream
export filter calico_export_to_bgp_peers; # Only want to export routes for workloads. source address 10.0.0.1; # The local address we use for the TCP connection add paths on; graceful restart; # See comment in kernel section about graceful restart. connect delay time 2; connect retry time 5; error wait time 5,30; }
protocol bgp Mesh_10_0_1_1 from bgp_template { neighbor 10.0.1.1 as 64512; }
protocol bgp Mesh_10_0_2_1 from bgp_template { neighbor 10.0.2.1 as 64512; passive on; # Mesh is unidirectional, peer will connect to us. }
listen bgp port 11179;
* Calico image version
[root@worker ~]# docker images |grep calico calico/node v3.16.3 f0d3b0d0e32c 8 months ago 164MB calico/pod2daemon-flexvol v3.16.3 a0b97353aa18 8 months ago 22.9MB calico/cni v3.16.3 fe49caa20c30 8 months ago 133MB
I checked that changes bgpport (179->11179) as the yaml file on the v3.18.4 version.
@suiny Thanks. Reviewing this whole issue, I have a guess at the problem.
[root@master ~]# calicoctl version Client Version: v3.16.3 Git commit: 7d066703 Cluster Version: v3.15.2 Cluster Type: kubespray,bgp,kubeadm,k8s
Note v3.15.2
- It looks like you haven't actually upgraded the running Calico components on each node. That would explain why the BGP port configuration was not reflected in your bird.cfg (until you added it manually).
That's strange. I upgraded calico to 3.16.3 but it was not reflected. (follow this link) However, the image was used as 3.16.3.
[root@master ~]# calicoctl version
Client Version: v3.16.3
Git commit: 7d066703
Cluster Version: v3.15.2
Cluster Type: kubespray,bgp,kubeadm,k8s
[root@master ~]# docker images |grep calico
calico/node v3.16.3 f0d3b0d0e32c 8 months ago 164MB
calico/pod2daemon-flexvol v3.16.3 a0b97353aa18 8 months ago 22.9MB
calico/cni v3.16.3 fe49caa20c30 8 months ago 133MB
The docker image might not be same as what the Kubernetes runtime has available, or is actually using. What do you get for kubectl get ds calico-node -n calico-system -o yaml | grep image:
? (Or you might need kube-system
instead of calico-system
.)
@neiljerram
I used same image (v3.16.3)
[root@master ~]# kubectl get pods -n kube-system calico-node-89pm4 -oyaml | grep image:
f:image: {}
f:image: {}
f:image: {}
f:image: {}
image: calico/node:v3.16.3
image: calico/cni:v3.16.3
image: calico/cni:v3.16.3
- image: calico/pod2daemon-flexvol:v3.16.3
image: calico/node:v3.16.3
image: calico/cni:v3.16.3
image: calico/cni:v3.16.3
image: calico/pod2daemon-flexvol:v3.16.3
Looks good, thanks. Did you change that just now, or has it been like that for a long time?
It's been like that for a long time. The bgport did't change when using v3.16.3 version's image, and I think that it was a bug. I recently created a new cluster with v3.18.4 , the bgp port changed. It's goot that the bug is resolved.
This issue is what I asked on slack and is related to #4098 https://calicousers.slack.com/archives/CPTH1KS00/p1602833003052900
So I tried to apply it manually, but it didn't work either.
Expected Behavior
Change BGP listen port. (179->11179)
Current Behavior
BGP listen port is not changed.