Calico Kernel's RPF check is set to 'loose'

前言

K8s 集群部署使用了 calico 网络插件，而calico node 节点发生如下报错：

复制代码

2023-03-13 11:19:36.622 [FATAL][828] int_dataplane.go 1032: Kernel's RPF check is set to 'loose'.  
This would allow endpoints to spoof their IP address.  
Calico requires net.ipv4.conf.all.rp_filter to be set to 0 or 1. 
If you require loose RPF and you are not concerned about spoofing, 
this check can be disabled by setting the IgnoreLooseRPF configuration parameter to 'true'.

解决方法有两种：

Calico requires net.ipv4.conf.all.rp_filter to be set to 0 or 1.
this check can be disabled by setting the IgnoreLooseRPF configuration parameter to 'true'.

第一种

修改内核参数

复制代码

sysctl net.ipv4.conf.all.rp_filter=0

第二种

复制代码

kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true

posted @ 2023-03-13 19:35 牛奔阅读(128) 评论(0) 编辑收藏举报

牛奔

每个优秀的人,都有一段沉默的时光,那段时光,是付出了很多努力,却得不到结果的日子,我们把它叫做扎根。

Calico Kernel's RPF check is set to 'loose'

前言

第一种

第二种

导航目录