github.com/kubearmor/cilium@v1.6.12/Documentation/kubernetes/troubleshooting.rst

github.com/kubearmor/cilium@v1.6.12/Documentation/kubernetes/troubleshooting.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      http://docs.cilium.io
     6  
     7  .. _troubleshooting_k8s:
     8  
     9  ***************
    10  Troubleshooting
    11  ***************
    12  
    13  Verifying the installation
    14  ==========================
    15  
    16  Check the status of the `DaemonSet` and verify that all desired instances are in
    17  "ready" state:
    18  
    19  .. code:: bash
    20  
    21          $ kubectl --namespace kube-system get ds
    22          NAME      DESIRED   CURRENT   READY     NODE-SELECTOR   AGE
    23          cilium    1         1         0         <none>          3s
    24  
    25  In this example, we see a desired state of 1 with 0 being ready. This indicates
    26  a problem. The next step is to list all cilium pods by matching on the label
    27  ``k8s-app=cilium`` and also sort the list by the restart count of each pod to
    28  easily identify the failing pods:
    29  
    30  .. code:: bash
    31  
    32          $ kubectl --namespace kube-system get pods --selector k8s-app=cilium \
    33                    --sort-by='.status.containerStatuses[0].restartCount'
    34          NAME           READY     STATUS             RESTARTS   AGE
    35          cilium-813gf   0/1       CrashLoopBackOff   2          44s
    36  
    37  Pod ``cilium-813gf`` is failing and has already been restarted 2 times. Let's
    38  print the logfile of that pod to investigate the cause:
    39  
    40  .. code:: bash
    41  
    42          $ kubectl --namespace kube-system logs cilium-813gf
    43          INFO      _ _ _
    44          INFO  ___|_| |_|_ _ _____
    45          INFO |  _| | | | | |     |
    46          INFO |___|_|_|_|___|_|_|_|
    47          INFO Cilium 0.8.90 f022e2f Thu, 27 Apr 2017 23:17:56 -0700 go version go1.7.5 linux/amd64
    48          CRIT kernel version: NOT OK: minimal supported kernel version is >= 4.8
    49  
    50  In this example, the cause for the failure is a Linux kernel running on the
    51  worker node which is not meeting :ref:`admin_system_reqs`.
    52  
    53  If the cause for the problem is not apparent based on these simple steps,
    54  please come and seek help on our `Slack channel`.
    55  
    56  Apiserver outside of cluster
    57  ==============================
    58  
    59  If you are running Kubernetes Apiserver outside of your cluster for some reason (like keeping master nodes behind a firewall), make sure that you run Cilium on master nodes too.
    60  Otherwise Kubernetes pod proxies created by Apiserver will not be able to route to pod IPs and you may encounter errors when trying to proxy traffic to pods.
    61  
    62  You may run Cilium as a `static pod <https://kubernetes.io/docs/tasks/administer-cluster/static-pod/>`_ or set `tolerations <https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/>`_ for Cilium DaemonSet to ensure
    63  that Cilium pods will be scheduled on your master nodes. The exact way to do it depends on your setup.