search

xiaods / k8e

K8E - Kubernetes Easy Engine
https://getk8e.com
Apache License 2.0
391 stars 25 forks source link

missing conntrack #254

Closed xiaods closed 2 years ago

xiaods commented 2 years ago 
Jun 30 23:19:06 ubuntu-08 k8e[1529]: E0630 23:19:06.066979    1529 proxier.go:1564] "Failed to delete stale service connections" err="error deleting connection tracking state for UDP service IP: 10.43.0.10, error: error looking for path of conntrack: exec: \"conntrack\": executable file not found in $PATH" ip="10.43.0.10"
xiaods commented 2 years ago 
root@ubuntu-08:~# kubectl get po -A
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
kube-system   cilium-operator-865c67cfff-tpsxp          1/1     Running   1          18m
kube-system   cilium-zj8h5                              1/1     Running   1          18m
kube-system   coredns-574bcc6c46-k2ggk                  0/1     Running   6          18m
kube-system   local-path-provisioner-84bb864455-tllt4   0/1     Error     8          18m
kube-system   metrics-server-b55c49795-8hzxd            0/1     Running   8          18m
root@ubuntu-08:~# kubectl logs coredns-574bcc6c46-k2ggk -n kube-system
[INFO] SIGTERM: Shutting down servers then terminating
[WARNING] plugin/kubernetes: Kubernetes API connection failure: Get "https://10.43.0.1:443/version": dial tcp 10.43.0.1:443: i/o timeout
xiaods commented 2 years ago

cat /etc/sysctl.d/99-override_cilium_rp_filter.conf

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.*.rp_filter = 0

it works

xiaods commented 2 years ago

k8e default bypass iptables and conntrack

xiaods commented 2 years ago

cilium 提供了Ubuntu20.04 修复代码 https://github.com/cilium/cilium/blob/master/tools/sysctlfix/main.go