主页 / server / 问题 / 1153192
Accepted
eagercoder
Asked: 2024-02-09 03:05:50 +0800 CST

我怎样才能让 cilium 通过失败的连接测试

  • 772

我正在尝试将 cilium 部署到我的eks集群,就上下文而言,该集群是在私有子网后面运行的私有集群,并通过 NAT 网关和互联网网关路由到互联网。我已经能够按照此处的cilium 安装指南进行操作。我的节点被污染了,我已经按照文档的要求修补了守护进程集。

当我跑步时cilium status,我可以看到一切都好

    /¯¯\
 /¯¯\__/¯¯\    Cilium:             OK
 \__/¯¯\__/    Operator:           OK
 /¯¯\__/¯¯\    Envoy DaemonSet:    disabled (using embedded mode)
 \__/¯¯\__/    Hubble Relay:       disabled
    \__/       ClusterMesh:        disabled

Deployment        cilium-operator    Desired: 2, Ready: 2/2, Available: 2/2
DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Containers:       cilium             Running: 3
                  cilium-operator    Running: 2
Cluster Pods:     2/2 managed by Cilium
Image versions    cilium             quay.io/cilium/cilium:v1.15.0@sha256:9cfd6a0a3a964780e73a11159f93cc363e616f7d9783608f62af6cfdf3759619: 3
                  cilium-operator    quay.io/cilium/operator-aws:v1.15.0@sha256:cf45167a8bb336c763046553c6a97c0d7f12f7e2a498dfb2340fa27832a81b3a: 2

但是,当我运行时cilium connectivity test,并非所有测试都通过。错误如下图所示。

❌ 4/42 tests failed (30/321 actions), 13 tests skipped, 1 scenarios skipped:
Test [no-policies]:
  ❌ no-policies/pod-to-host/ping-ipv4-1: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ no-policies/pod-to-host/ping-ipv4-3: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ no-policies/pod-to-host/ping-ipv4-5: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ no-policies/pod-to-host/ping-ipv4-7: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
  ❌ no-policies/pod-to-host/ping-ipv4-9: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
  ❌ no-policies/pod-to-host/ping-ipv4-11: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
Test [no-policies-extra]:
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-0: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-1: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-2: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-same-node (echo-same-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-3: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-same-node (echo-same-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-4: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-5: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-6: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-same-node (echo-same-node:8080)
  ❌ no-policies-extra/pod-to-remote-nodeport/curl-7: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-same-node (echo-same-node:8080)
  ❌ no-policies-extra/pod-to-local-nodeport/curl-0: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-local-nodeport/curl-1: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> cilium-test/echo-same-node (echo-same-node:8080)
  ❌ no-policies-extra/pod-to-local-nodeport/curl-2: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-other-node (echo-other-node:8080)
  ❌ no-policies-extra/pod-to-local-nodeport/curl-3: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> cilium-test/echo-same-node (echo-same-node:8080)
Test [allow-all-except-world]:
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-1: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> 18.130.173.145 (<NODE_IP>:0)
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-3: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> 18.171.241.88 (<NODE_IP>:0)
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-5: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> 13.40.120.114 (<NODE_IP>:0)
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-7: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> 18.130.173.145 (<NODE_IP>:0)
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-9: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> 18.171.241.88 (<NODE_IP>:0)
  ❌ allow-all-except-world/pod-to-host/ping-ipv4-11: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> 13.40.120.114 (<NODE_IP>:0)
Test [host-entity]:
  ❌ host-entity/pod-to-host/ping-ipv4-1: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ host-entity/pod-to-host/ping-ipv4-3: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ host-entity/pod-to-host/ping-ipv4-5: cilium-test/client-846d67868c-mpfrc (10.0.1.217) -> <NODE_IP> (<NODE_IP>:0)
  ❌ host-entity/pod-to-host/ping-ipv4-7: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
  ❌ host-entity/pod-to-host/ping-ipv4-9: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
  ❌ host-entity/pod-to-host/ping-ipv4-11: cilium-test/client2-865b7d7b6f-469vq (10.0.1.178) -> <NODE_IP> (<NODE_IP>:0)
connectivity test failed: 4 tests failed

问题

我怎样才能解决这个问题并让 cilium 运行。

PS 我只是为了发布这个问题而将变量 <NODE_IP> 的节点 IP 地址换掉。

amazon-web-services

1 个回答

  1. Best Answer

    为了解决这个问题,我所做的就是禁用向我的 eks 节点分配公共 IP 地址。我通过我的 ec2 实例运行的启动模板上的网络接口进行了配置。通过将关联公共 IP 地址设置为 false。

    • 0

相关问题