前言
K8s 集群部署使用了 calico 网络插件,而calico node 节点发生如下报错:
2023-03-13 11:19:36.622 [FATAL][828] int_dataplane.go 1032: Kernel's RPF check is set to 'loose'.
This would allow endpoints to spoof their IP address.
Calico requires net.ipv4.conf.all.rp_filter to be set to 0 or 1.
If you require loose RPF and you are not concerned about spoofing,
this check can be disabled by setting the IgnoreLooseRPF configuration parameter to 'true'.
解决方法有两种:
- Calico requires net.ipv4.conf.all.rp_filter to be set to 0 or 1.
- this check can be disabled by setting the IgnoreLooseRPF configuration parameter to 'true'.
第一种
修改内核参数
sysctl net.ipv4.conf.all.rp_filter=0
第二种
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true