calico icon indicating copy to clipboard operation
calico copied to clipboard

Published 20 hours ago verified publisher icon projectcalico

Failed to connect to kube-dns after setting up calico cni

Open sqaisar opened this issue 9 months ago • 23 comments

Expected Behavior

Should be able to connect with kube-dns ip from any of the pods

Current Behavior

Fails to connect with kube-dns service ip from within the pod and because of this any operation that needs dns resolution fails inside any of the scheduled pods in the cluster.

Possible Solution

Steps to Reproduce (for bugs)

Context

I've setup kubernetes v1.29 using kubeadm and using tiegra operator for setting up the calico version v3.27.3. All of the calico-nodes are running fine without any restarts and I don't see any obvious errors. Installation config

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  logging:
    cni:
     logSeverity: Debug
  serviceCIDRs:
    - "172.31.0.0/16"
  calicoNetwork:
    # Note: The ipPools section cannot be modified post-install.
    bgp: Disabled
    ipPools:
    - blockSize: 26
      cidr: 192.168.0.0/16
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()

---
I also tried by removing `serviceCIDRs` from the `Installation` manifest because it's defined in kubadm config too `ClusterConfiguration`,  but didn't work for me
# This section configures the Calico API server.
# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

Nodes

main-k8s-master-1    Ready    control-plane   67m   v1.29.4
main-k8s-master-2    Ready    control-plane   68m   v1.29.4
main-k8s-master-3    Ready    control-plane   67m   v1.29.4
main-k8s-regular-1   Ready    <none>          66m   v1.29.4

All pods in calico-system namespace

NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-7f94fb7cd8-jsqpg   1/1     Running   0          8m29s
calico-node-4b9l6                          1/1     Running   0          8m29s
calico-node-88kqr                          1/1     Running   0          8m29s
calico-node-nsks9                          1/1     Running   0          8m29s
calico-node-zppdr                          1/1     Running   0          8m29s
calico-typha-677c4f7b68-6d6qn              1/1     Running   0          8m29s
calico-typha-677c4f7b68-pqwxb              1/1     Running   0          8m21s
csi-node-driver-7t6zz                      2/2     Running   0          8m29s
csi-node-driver-gpbrz                      2/2     Running   0          8m29s
csi-node-driver-rjbrg                      2/2     Running   0          8m29s
csi-node-driver-s5xhk                      2/2     Running   0          8m29s
ubuntu                                     1/1     Running   0          6m43s

Service kube-dns

kube-dns                        ClusterIP   172.31.0.10     <none>        53/UDP,53/TCP,9153/TCP   62m

From withing the pod I'm able to connect to any external public IP but the dns resolution fails because of timeout. the rest of pods ip allocation and everything works as expected.

ubuntu:~# curl google.com
curl: (6) Could not resolve host: google.com
ubuntu:~# telnet 172.31.0.10 53
telnet: can't connect to remote host (172.31.0.10): Operation timed out
ubuntu:~# telnet 142.250.181.142 443
Connected to 142.250.181.142

Although I'm able to connect with other service IP's for example

ubuntu:~# telnet 172.31.219.128 5473
Connected to 172.31.219.128

I'm sure I've allowed all required ports from the firewall ingress/egress from all the k8s nodes that are listed here https://docs.tigera.io/calico/latest/getting-started/kubernetes/requirements#network-requirements

Your Environment

  • Calico version: v3.27.3
  • Kubernetes version: v1.29
  • Operating System and version: Ubuntu 22.04
  • Containerd: v1.29.0 SystemdCgroup = true Systemd Groups are configured correctly BTW

I'm new to setting up calico so I'd really appreciate all the help, I can shared the calico-node logs if that's required.

sqaisar avatar May 10 '24 22:05 sqaisar

I even allowed communication between workers and masters for all ports from wildcard range 0.0.0.0/0 but that didn't help so I'm sure it's not firewall issue.

sqaisar avatar May 10 '24 22:05 sqaisar

Logs from calico-node

Defaulted container "calico-node" out of: calico-node, flexvol-driver (init), install-cni (init)
2024-05-10 21:47:36.985 [INFO][9] startup/startup.go 445: Early log level set to info
2024-05-10 21:47:36.985 [INFO][9] startup/utils.go 126: Using NODENAME environment for node name main-k8s-master-2
2024-05-10 21:47:36.985 [INFO][9] startup/utils.go 138: Determined node name: main-k8s-master-2
2024-05-10 21:47:36.985 [INFO][9] startup/startup.go 95: Starting node main-k8s-master-2 with version v3.27.3
2024-05-10 21:47:36.986 [INFO][9] startup/startup.go 450: Checking datastore connection
2024-05-10 21:47:37.008 [INFO][9] startup/startup.go 474: Datastore connection verified
2024-05-10 21:47:37.009 [INFO][9] startup/startup.go 105: Datastore is ready
2024-05-10 21:47:37.028 [WARNING][9] startup/winutils.go 144: Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2024-05-10 21:47:37.057 [INFO][9] startup/autodetection_methods.go 103: Using autodetected IPv4 address on interface ens3: 10.140.20.162/24
2024-05-10 21:47:37.057 [INFO][9] startup/startup.go 726: No AS number configured on node resource, using global value
2024-05-10 21:47:37.057 [INFO][9] startup/startup.go 776: found v6= in the kubeadm config map
2024-05-10 21:47:37.063 [INFO][9] startup/startup.go 694: FELIX_IPV6SUPPORT is false through environment variable
2024-05-10 21:47:37.083 [INFO][9] startup/startup.go 222: Using node name: main-k8s-master-2
2024-05-10 21:47:37.083 [INFO][9] startup/utils.go 190: Setting NetworkUnavailable to false
2024-05-10 21:47:37.106 [INFO][9] startup/utils.go 94: removed shutdown timestamp timestamp="2024-05-10T21:44:43Z"
2024-05-10 21:47:37.174 [INFO][19] tunnel-ip-allocator/param_types.go 718: StringSliceParam StringSliceParam raw="docker+"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhak8sservicename"="calico-typha"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacafile"="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "healthenabled"="true"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacertfile"="/node-certs/tls.crt"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacn"="typha-server"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhakeyfile"="/node-certs/tls.key"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "defaultendpointtohostaction"="ACCEPT"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhak8snamespace"="calico-system"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "healthport"="9099"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "ipv6support"="false"
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/config_params.go 491: Merging in config from environment variable: map[defaultendpointtohostaction:ACCEPT healthenabled:true healthport:9099 ipv6support:false typhacafile:/etc/pki/tls/certs/tigera-ca-bundle.crt typhacertfile:/node-certs/tls.crt typhacn:typha-server typhak8snamespace:calico-system typhak8sservicename:calico-typha typhakeyfile:/node-certs/tls.key]
2024-05-10 21:47:37.176 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/node-certs/tls.crt"
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:37.177 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:37.178 [INFO][19] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:37.178 [INFO][19] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/node-certs/tls.key"
2024-05-10 21:47:37.178 [INFO][19] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:37.315 [INFO][19] tunnel-ip-allocator/allocateip.go 340: Current address is still valid, do nothing currentAddr="192.168.168.0" type="vxlanTunnelAddress"
CALICO_NETWORKING_BACKEND is vxlan - no need to run a BGP daemon
Calico node started successfully
2024-05-10 21:47:38.499 [INFO][60] tunnel-ip-allocator/param_types.go 718: StringSliceParam StringSliceParam raw="docker+"
2024-05-10 21:47:38.501 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhak8sservicename"="calico-typha"
2024-05-10 21:47:38.501 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacafile"="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:38.501 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "healthenabled"="true"
2024-05-10 21:47:38.501 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacertfile"="/node-certs/tls.crt"
2024-05-10 21:47:38.501 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhacn"="typha-server"
2024-05-10 21:47:38.502 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhakeyfile"="/node-certs/tls.key"
2024-05-10 21:47:38.502 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "defaultendpointtohostaction"="ACCEPT"
2024-05-10 21:47:38.502 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "typhak8snamespace"="calico-system"
2024-05-10 21:47:38.502 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "healthport"="9099"
2024-05-10 21:47:38.502 [INFO][60] tunnel-ip-allocator/env_var_loader.go 40: Found felix environment variable: "ipv6support"="false"
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 491: Merging in config from environment variable: map[defaultendpointtohostaction:ACCEPT healthenabled:true healthport:9099 ipv6support:false typhacafile:/etc/pki/tls/certs/tigera-ca-bundle.crt typhacertfile:/node-certs/tls.crt typhacn:typha-server typhak8snamespace:calico-system typhak8sservicename:calico-typha typhakeyfile:/node-certs/tls.key]
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.504 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.505 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.505 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/node-certs/tls.crt"
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/param_types.go 312: Looking for required file path="/node-certs/tls.key"
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.509 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.510 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.510 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.510 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.510 [INFO][60] tunnel-ip-allocator/config_params.go 622: Parsing value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.510 [INFO][60] tunnel-ip-allocator/config_params.go 658: Parsed value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.512 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHAK8SSERVICENAME=calico-typha
2024-05-10 21:47:38.512 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHAK8SNAMESPACE=calico-system
2024-05-10 21:47:38.512 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHAKEYFILE=/node-certs/tls.key
2024-05-10 21:47:38.512 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHACERTFILE=/node-certs/tls.crt
2024-05-10 21:47:38.513 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHACAFILE=/etc/pki/tls/certs/tigera-ca-bundle.crt
2024-05-10 21:47:38.513 [INFO][60] tunnel-ip-allocator/config.go 65: Found FELIX_TYPHACN=typha-server
2024-05-10 21:47:38.513 [INFO][60] tunnel-ip-allocator/discovery.go 179: Creating Kubernetes client for Typha discovery...
2024-05-10 21:47:38.513 [INFO][60] tunnel-ip-allocator/discovery.go 195: (Re)discovering Typha endpoints using the Kubernetes API...
2024-05-10 21:47:38.522 [INFO][58] status-reporter/startup.go 445: Early log level set to info
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHAK8SSERVICENAME=calico-typha
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHAK8SNAMESPACE=calico-system
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHAKEYFILE=/node-certs/tls.key
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHACERTFILE=/node-certs/tls.crt
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHACAFILE=/etc/pki/tls/certs/tigera-ca-bundle.crt
2024-05-10 21:47:38.523 [INFO][58] status-reporter/config.go 65: Found FELIX_TYPHACN=typha-server
2024-05-10 21:47:38.523 [INFO][58] status-reporter/discovery.go 179: Creating Kubernetes client for Typha discovery...
2024-05-10 21:47:38.524 [INFO][58] status-reporter/discovery.go 195: (Re)discovering Typha endpoints using the Kubernetes API...
2024-05-10 21:47:38.531 [WARNING][57] cni-config-monitor/winutils.go 144: Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/discovery.go 250: Found ready Typha addresses. addresses=[]discovery.Typha{discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)}}
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/startsyncerclient.go 69: Connecting to Typha. addr=[]discovery.Typha{discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)}}
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/sync_client.go 189: Starting Typha client... myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/sync_client.go 205: Connecting to typha endpoint 10.140.20.91:5473. myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/sync_client.go 276: Starting Typha client
2024-05-10 21:47:38.538 [INFO][60] tunnel-ip-allocator/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.539 [INFO][60] tunnel-ip-allocator/tlsutils.go 39: Make certificate verifier requiredCN="typha-server" requiredURISAN="" roots=&x509.CertPool{byName:map[string][]int{"0!1\x1f0\x1d\x06\x03U\x04\x03\x13\x16tigera-operator-signer":[]int{0}}, lazyCerts:[]x509.lazyCert{x509.lazyCert{rawSubject:[]uint8{0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x16, 0x74, 0x69, 0x67, 0x65, 0x72, 0x61, 0x2d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72}, getCert:(func() (*x509.Certificate, error))(0x722880)}}, haveSum:map[x509.sum224]bool{x509.sum224{0xa9, 0xe9, 0x87, 0x20, 0xc2, 0xa9, 0x57, 0x27, 0x8, 0x41, 0xcb, 0x6a, 0x92, 0x59, 0x19, 0xc, 0x6f, 0xd5, 0x31, 0x4c, 0x24, 0xf1, 0xaa, 0xc7, 0x60, 0x9a, 0x3e, 0xf4}:true}, systemPool:false}
2024-05-10 21:47:38.539 [INFO][60] tunnel-ip-allocator/sync_client.go 329: Connecting to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.541 [INFO][58] status-reporter/discovery.go 250: Found ready Typha addresses. addresses=[]discovery.Typha{discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)}}
2024-05-10 21:47:38.541 [INFO][58] status-reporter/startsyncerclient.go 69: Connecting to Typha. addr=[]discovery.Typha{discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)}}
2024-05-10 21:47:38.541 [INFO][58] status-reporter/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.541 [INFO][58] status-reporter/sync_client.go 189: Starting Typha client... myID=0x1 type="node-status"
2024-05-10 21:47:38.541 [INFO][58] status-reporter/sync_client.go 205: Connecting to typha endpoint 10.140.20.91:5473. myID=0x1 type="node-status"
2024-05-10 21:47:38.541 [INFO][58] status-reporter/sync_client.go 276: Starting Typha client
2024-05-10 21:47:38.541 [INFO][58] status-reporter/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.545 [INFO][60] tunnel-ip-allocator/tlsutils.go 46: Verify certificate chain signing address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.545 [INFO][58] status-reporter/tlsutils.go 39: Make certificate verifier requiredCN="typha-server" requiredURISAN="" roots=&x509.CertPool{byName:map[string][]int{"0!1\x1f0\x1d\x06\x03U\x04\x03\x13\x16tigera-operator-signer":[]int{0}}, lazyCerts:[]x509.lazyCert{x509.lazyCert{rawSubject:[]uint8{0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x16, 0x74, 0x69, 0x67, 0x65, 0x72, 0x61, 0x2d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72}, getCert:(func() (*x509.Certificate, error))(0x722880)}}, haveSum:map[x509.sum224]bool{x509.sum224{0xa9, 0xe9, 0x87, 0x20, 0xc2, 0xa9, 0x57, 0x27, 0x8, 0x41, 0xcb, 0x6a, 0x92, 0x59, 0x19, 0xc, 0x6f, 0xd5, 0x31, 0x4c, 0x24, 0xf1, 0xaa, 0xc7, 0x60, 0x9a, 0x3e, 0xf4}:true}, systemPool:false}
2024-05-10 21:47:38.545 [INFO][58] status-reporter/sync_client.go 329: Connecting to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 type="node-status"
2024-05-10 21:47:38.546 [INFO][57] cni-config-monitor/token_watch.go 232: Update of CNI kubeconfig triggered based on elapsed time.
2024-05-10 21:47:38.546 [WARNING][57] cni-config-monitor/winutils.go 144: Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2024-05-10 21:47:38.547 [INFO][57] cni-config-monitor/token_watch.go 293: Wrote updated CNI kubeconfig file. path="/host/etc/cni/net.d/calico-kubeconfig"
2024-05-10 21:47:38.549 [INFO][58] status-reporter/tlsutils.go 46: Verify certificate chain signing address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 type="node-status"
2024-05-10 21:47:38.553 [INFO][58] status-reporter/sync_client.go 363: Connected to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 type="node-status"
2024-05-10 21:47:38.554 [INFO][58] status-reporter/sync_client.go 211: Successfully connected to Typha at 10.140.20.91:5473. myID=0x1 type="node-status"
2024-05-10 21:47:38.554 [INFO][58] status-reporter/sync_client.go 411: Started Typha client main loop connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 type="node-status"
2024-05-10 21:47:38.554 [INFO][60] tunnel-ip-allocator/sync_client.go 363: Connected to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.554 [INFO][60] tunnel-ip-allocator/sync_client.go 211: Successfully connected to Typha at 10.140.20.91:5473. myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.554 [INFO][60] tunnel-ip-allocator/sync_client.go 411: Started Typha client main loop connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 type="tunnel-ip-allocation"
2024-05-10 21:47:38.555 [INFO][58] status-reporter/sync_client.go 454: ServerHello message received connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 serverConnID=0x4 serverMsg=syncproto.MsgServerHello{Version:"v3.27.3", SyncerType:"node-status", SupportsNodeResourceUpdates:true, ServerConnID:0x4} type="node-status"
2024-05-10 21:47:38.555 [INFO][58] status-reporter/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} msg=syncproto.MsgDecoderRestart{Message:"enable compression: snappy;send binary snapshot", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0x4 type="node-status"
2024-05-10 21:47:38.555 [INFO][58] status-reporter/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 serverConnID=0x4 type="node-status"
2024-05-10 21:47:38.556 [INFO][58] status-reporter/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} msg=syncproto.MsgDecoderRestart{Message:"End of compressed snapshot.", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0x4 type="node-status"
2024-05-10 21:47:38.556 [INFO][58] status-reporter/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 serverConnID=0x4 type="node-status"
2024-05-10 21:47:38.558 [INFO][58] status-reporter/sync_client.go 486: Status update from Typha. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000b227c0)} myID=0x1 newStatus=in-sync serverConnID=0x4 type="node-status"
2024-05-10 21:47:38.564 [INFO][60] tunnel-ip-allocator/sync_client.go 454: ServerHello message received connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 serverConnID=0x3 serverMsg=syncproto.MsgServerHello{Version:"v3.27.3", SyncerType:"tunnel-ip-allocation", SupportsNodeResourceUpdates:true, ServerConnID:0x3} type="tunnel-ip-allocation"
2024-05-10 21:47:38.565 [INFO][60] tunnel-ip-allocator/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} msg=syncproto.MsgDecoderRestart{Message:"enable compression: snappy;send binary snapshot", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0x3 type="tunnel-ip-allocation"
2024-05-10 21:47:38.565 [INFO][60] tunnel-ip-allocator/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 serverConnID=0x3 type="tunnel-ip-allocation"
2024-05-10 21:47:38.570 [INFO][60] tunnel-ip-allocator/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} msg=syncproto.MsgDecoderRestart{Message:"End of compressed snapshot.", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0x3 type="tunnel-ip-allocation"
2024-05-10 21:47:38.570 [INFO][60] tunnel-ip-allocator/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 serverConnID=0x3 type="tunnel-ip-allocation"
2024-05-10 21:47:38.572 [INFO][60] tunnel-ip-allocator/sync_client.go 486: Status update from Typha. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc0004be620)} myID=0x1 newStatus=in-sync serverConnID=0x3 type="tunnel-ip-allocation"
2024-05-10 21:47:38.578 [INFO][62] felix/daemon.go 398: Successfully loaded configuration. GOMAXPROCS=4 builddate="2024-04-01T18:15:19+0000" config=&config.Config{UseInternalDataplaneDriver:true, DataplaneDriver:"calico-iptables-plugin", DataplaneWatchdogTimeout:90000000000, WireguardEnabled:false, WireguardEnabledV6:false, WireguardListeningPort:51820, WireguardListeningPortV6:51821, WireguardRoutingRulePriority:99, WireguardInterfaceName:"wireguard.cali", WireguardInterfaceNameV6:"wg-v6.cali", WireguardMTU:0, WireguardMTUV6:0, WireguardHostEncryptionEnabled:false, WireguardPersistentKeepAlive:0, BPFEnabled:false, BPFDisableUnprivileged:true, BPFLogLevel:"off", BPFLogFilters:map[string]string(nil), BPFCTLBLogFilter:"", BPFDataIfacePattern:(*regexp.Regexp)(0xc0005d03c0), BPFL3IfacePattern:(*regexp.Regexp)(nil), BPFConnectTimeLoadBalancingEnabled:false, BPFConnectTimeLoadBalancing:"TCP", BPFHostNetworkedNATWithoutCTLB:"Enabled", BPFExternalServiceMode:"tunnel", BPFDSROptoutCIDRs:[]string(nil), BPFKubeProxyIptablesCleanupEnabled:true, BPFKubeProxyMinSyncPeriod:1000000000, BPFKubeProxyEndpointSlicesEnabled:true, BPFExtToServiceConnmark:0, BPFPSNATPorts:numorstring.Port{MinPort:0x4e20, MaxPort:0x752f, PortName:""}, BPFMapSizeNATFrontend:65536, BPFMapSizeNATBackend:262144, BPFMapSizeNATAffinity:65536, BPFMapSizeRoute:262144, BPFMapSizeConntrack:512000, BPFMapSizeIPSets:1048576, BPFMapSizeIfState:1000, BPFHostConntrackBypass:true, BPFEnforceRPF:"Loose", BPFPolicyDebugEnabled:true, BPFForceTrackPacketsFromIfaces:[]string{"docker+"}, BPFDisableGROForIfaces:(*regexp.Regexp)(nil), BPFExcludeCIDRsFromNAT:[]string(nil), DebugBPFCgroupV2:"", DebugBPFMapRepinEnabled:false, DatastoreType:"kubernetes", FelixHostname:"main-k8s-master-2", EtcdAddr:"127.0.0.1:2379", EtcdScheme:"http", EtcdKeyFile:"", EtcdCertFile:"", EtcdCaFile:"", EtcdEndpoints:[]string(nil), TyphaAddr:"", TyphaK8sServiceName:"calico-typha", TyphaK8sNamespace:"calico-system", TyphaReadTimeout:30000000000, TyphaWriteTimeout:10000000000, TyphaKeyFile:"/node-certs/tls.key", TyphaCertFile:"/node-certs/tls.crt", TyphaCAFile:"/etc/pki/tls/certs/tigera-ca-bundle.crt", TyphaCN:"typha-server", TyphaURISAN:"", Ipv6Support:false, IptablesBackend:"auto", RouteRefreshInterval:90000000000, InterfaceRefreshInterval:90000000000, DeviceRouteSourceAddress:net.IP(nil), DeviceRouteSourceAddressIPv6:net.IP(nil), DeviceRouteProtocol:3, RemoveExternalRoutes:true, IptablesRefreshInterval:180000000000, IptablesPostWriteCheckIntervalSecs:5000000000, IptablesLockFilePath:"/run/xtables.lock", IptablesLockTimeoutSecs:0, IptablesLockProbeIntervalMillis:50000000, FeatureDetectOverride:map[string]string(nil), FeatureGates:map[string]string(nil), IpsetsRefreshInterval:10000000000, MaxIpsetSize:1048576, XDPRefreshInterval:90000000000, PolicySyncPathPrefix:"", NetlinkTimeoutSecs:10000000000, MetadataAddr:"", MetadataPort:8775, OpenstackRegion:"", InterfacePrefix:"cali", InterfaceExclude:[]*regexp.Regexp{(*regexp.Regexp)(0xc0005d0640)}, ChainInsertMode:"insert", DefaultEndpointToHostAction:"ACCEPT", IptablesFilterAllowAction:"ACCEPT", IptablesMangleAllowAction:"ACCEPT", IptablesFilterDenyAction:"DROP", LogPrefix:"calico-packet", LogFilePath:"", LogSeverityFile:"", LogSeverityScreen:"INFO", LogSeveritySys:"", LogDebugFilenameRegex:(*regexp.Regexp)(nil), VXLANEnabled:(*bool)(nil), VXLANPort:4789, VXLANVNI:4096, VXLANMTU:0, VXLANMTUV6:0, IPv4VXLANTunnelAddr:net.IP{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xc0, 0xa8, 0xa8, 0x0}, IPv6VXLANTunnelAddr:net.IP(nil), VXLANTunnelMACAddr:"", VXLANTunnelMACAddrV6:"", IpInIpEnabled:(*bool)(nil), IpInIpMtu:0, IpInIpTunnelAddr:net.IP(nil), FloatingIPs:"Disabled", WindowsManageFirewallRules:"Disabled", AllowVXLANPacketsFromWorkloads:false, AllowIPIPPacketsFromWorkloads:false, AWSSrcDstCheck:"DoNothing", ServiceLoopPrevention:"Drop", WorkloadSourceSpoofing:"Disabled", ReportingIntervalSecs:0, ReportingTTLSecs:90000000000, EndpointReportingEnabled:false, EndpointReportingDelaySecs:1000000000, IptablesMarkMask:0xffff0000, DisableConntrackInvalidCheck:false, HealthEnabled:true, HealthPort:9099, HealthHost:"localhost", HealthTimeoutOverrides:map[string]time.Duration(nil), PrometheusMetricsEnabled:false, PrometheusMetricsHost:"", PrometheusMetricsPort:9091, PrometheusGoMetricsEnabled:true, PrometheusProcessMetricsEnabled:true, PrometheusWireGuardMetricsEnabled:true, FailsafeInboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"tcp", Port:0x16}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x44}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, FailsafeOutboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"udp", Port:0x35}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x43}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, KubeNodePortRanges:[]numorstring.Port{numorstring.Port{MinPort:0x7530, MaxPort:0x7fff, PortName:""}}, NATPortRange:numorstring.Port{MinPort:0x0, MaxPort:0x0, PortName:""}, NATOutgoingAddress:net.IP(nil), UsageReportingEnabled:true, UsageReportingInitialDelaySecs:300000000000, UsageReportingIntervalSecs:86400000000000, ClusterGUID:"a67d29bc359f4aa2a450000b755000d7", ClusterType:"typha,kdd,k8s,operator,kubeadm", CalicoVersion:"v3.27.3", ExternalNodesCIDRList:[]string(nil), DebugMemoryProfilePath:"", DebugCPUProfilePath:"/tmp/felix-cpu-<timestamp>.pprof", DebugDisableLogDropping:false, DebugSimulateCalcGraphHangAfter:0, DebugSimulateDataplaneHangAfter:0, DebugPanicAfter:0, DebugSimulateDataRace:false, RouteSource:"CalicoIPAM", RouteTableRange:idalloc.IndexRange{Min:0, Max:0}, RouteTableRanges:[]idalloc.IndexRange(nil), RouteSyncDisabled:false, IptablesNATOutgoingInterfaceFilter:"", SidecarAccelerationEnabled:false, XDPEnabled:true, GenericXDPEnabled:false, Variant:"Calico", MTUIfacePattern:(*regexp.Regexp)(0xc0005d0b40), Encapsulation:config.Encapsulation{IPIPEnabled:false, VXLANEnabled:true, VXLANEnabledV6:false}, internalOverrides:map[string]string{}, sourceToRawConfig:map[config.Source]map[string]string{0x1:map[string]string{"BPFConnectTimeLoadBalancing":"TCP", "BPFHostNetworkedNATWithoutCTLB":"Enabled", "CalicoVersion":"v3.27.3", "ClusterGUID":"a67d29bc359f4aa2a450000b755000d7", "ClusterType":"typha,kdd,k8s,operator,kubeadm", "FloatingIPs":"Disabled", "HealthPort":"9099", "LogSeverityScreen":"Info", "ReportingIntervalSecs":"0", "VXLANVNI":"4096"}, 0x2:map[string]string{"IPv4VXLANTunnelAddr":"192.168.168.0"}, 0x3:map[string]string{"LogFilePath":"None", "LogSeverityFile":"None", "LogSeveritySys":"None", "MetadataAddr":"None"}, 0x4:map[string]string{"datastoretype":"kubernetes", "defaultendpointtohostaction":"ACCEPT", "felixhostname":"main-k8s-master-2", "healthenabled":"true", "healthport":"9099", "ipv6support":"false", "typhacafile":"/etc/pki/tls/certs/tigera-ca-bundle.crt", "typhacertfile":"/node-certs/tls.crt", "typhacn":"typha-server", "typhak8snamespace":"calico-system", "typhak8sservicename":"calico-typha", "typhakeyfile":"/node-certs/tls.key"}}, rawValues:map[string]string{"BPFConnectTimeLoadBalancing":"TCP", "BPFHostNetworkedNATWithoutCTLB":"Enabled", "CalicoVersion":"v3.27.3", "ClusterGUID":"a67d29bc359f4aa2a450000b755000d7", "ClusterType":"typha,kdd,k8s,operator,kubeadm", "DatastoreType":"kubernetes", "DefaultEndpointToHostAction":"ACCEPT", "FelixHostname":"main-k8s-master-2", "FloatingIPs":"Disabled", "HealthEnabled":"true", "HealthPort":"9099", "IPv4VXLANTunnelAddr":"192.168.168.0", "Ipv6Support":"false", "LogFilePath":"None", "LogSeverityFile":"None", "LogSeverityScreen":"Info", "LogSeveritySys":"None", "MetadataAddr":"None", "ReportingIntervalSecs":"0", "TyphaCAFile":"/etc/pki/tls/certs/tigera-ca-bundle.crt", "TyphaCN":"typha-server", "TyphaCertFile":"/node-certs/tls.crt", "TyphaK8sNamespace":"calico-system", "TyphaK8sServiceName":"calico-typha", "TyphaKeyFile":"/node-certs/tls.key", "VXLANVNI":"4096"}, Err:error(nil), loadClientConfigFromEnvironment:(func() (*apiconfig.CalicoAPIConfig, error))(0x15c5580), useNodeResourceUpdates:false} gitcommit="638464f946657417dd4900724112eb844ce5be03" version="v3.27.3"
2024-05-10 21:47:38.579 [INFO][62] felix/driver.go 74: Using internal (linux) dataplane driver.
2024-05-10 21:47:38.580 [INFO][62] felix/driver.go 159: Calculated iptables mark bits acceptMark=0x10000 endpointMark=0xfff00000 endpointMarkNonCali=0x0 passMark=0x20000 scratch0Mark=0x40000 scratch1Mark=0x80000
2024-05-10 21:47:38.589 [INFO][62] felix/int_dataplane.go 363: Creating internal dataplane driver. config=intdataplane.Config{Hostname:"main-k8s-master-2", NodeZone:"compute", IPv6Enabled:false, RuleRendererOverride:rules.RuleRenderer(nil), IPIPMTU:0, VXLANMTU:0, VXLANMTUV6:0, VXLANPort:4789, MaxIPSetSize:1048576, RouteSyncDisabled:false, IptablesBackend:"auto", IPSetsRefreshInterval:10000000000, RouteRefreshInterval:90000000000, DeviceRouteSourceAddress:net.IP(nil), DeviceRouteSourceAddressIPv6:net.IP(nil), DeviceRouteProtocol:3, RemoveExternalRoutes:true, IptablesRefreshInterval:180000000000, IptablesPostWriteCheckInterval:5000000000, IptablesInsertMode:"insert", IptablesLockFilePath:"/run/xtables.lock", IptablesLockTimeout:0, IptablesLockProbeInterval:50000000, XDPRefreshInterval:90000000000, FloatingIPsEnabled:false, Wireguard:wireguard.Config{Enabled:false, EnabledV6:false, ListeningPort:51820, ListeningPortV6:51821, FirewallMark:0, RoutingRulePriority:99, RoutingTableIndex:1, RoutingTableIndexV6:2, InterfaceName:"wireguard.cali", InterfaceNameV6:"wg-v6.cali", MTU:0, MTUV6:0, RouteSource:"CalicoIPAM", EncryptHostTraffic:false, PersistentKeepAlive:0, RouteSyncDisabled:false}, NetlinkTimeout:10000000000, RulesConfig:rules.Config{IPSetConfigV4:(*ipsets.IPVersionConfig)(0xc0002802d0), IPSetConfigV6:(*ipsets.IPVersionConfig)(0xc0002803c0), WorkloadIfacePrefixes:[]string{"cali"}, IptablesMarkAccept:0x10000, IptablesMarkPass:0x20000, IptablesMarkScratch0:0x40000, IptablesMarkScratch1:0x80000, IptablesMarkEndpoint:0xfff00000, IptablesMarkNonCaliEndpoint:0x0, KubeNodePortRanges:[]numorstring.Port{numorstring.Port{MinPort:0x7530, MaxPort:0x7fff, PortName:""}}, KubeIPVSSupportEnabled:false, OpenStackMetadataIP:net.IP(nil), OpenStackMetadataPort:0x2247, OpenStackSpecialCasesEnabled:false, VXLANEnabled:true, VXLANEnabledV6:false, VXLANPort:4789, VXLANVNI:4096, IPIPEnabled:false, FelixConfigIPIPEnabled:(*bool)(nil), IPIPTunnelAddress:net.IP(nil), VXLANTunnelAddress:net.IP{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xc0, 0xa8, 0xa8, 0x0}, VXLANTunnelAddressV6:net.IP(nil), AllowVXLANPacketsFromWorkloads:false, AllowIPIPPacketsFromWorkloads:false, WireguardEnabled:false, WireguardEnabledV6:false, WireguardInterfaceName:"wireguard.cali", WireguardInterfaceNameV6:"wg-v6.cali", WireguardIptablesMark:0x0, WireguardListeningPort:51820, WireguardListeningPortV6:51821, WireguardEncryptHostTraffic:false, RouteSource:"CalicoIPAM", IptablesLogPrefix:"calico-packet", EndpointToHostAction:"ACCEPT", IptablesFilterAllowAction:"ACCEPT", IptablesMangleAllowAction:"ACCEPT", IptablesFilterDenyAction:"DROP", FailsafeInboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"tcp", Port:0x16}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x44}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, FailsafeOutboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"udp", Port:0x35}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x43}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, DisableConntrackInvalid:false, NATPortRange:numorstring.Port{MinPort:0x0, MaxPort:0x0, PortName:""}, IptablesNATOutgoingInterfaceFilter:"", NATOutgoingAddress:net.IP(nil), BPFEnabled:false, BPFForceTrackPacketsFromIfaces:[]string{"docker+"}, ServiceLoopPrevention:"Drop"}, IfaceMonitorConfig:ifacemonitor.Config{InterfaceExcludes:[]*regexp.Regexp{(*regexp.Regexp)(0xc0005d0640)}, ResyncInterval:90000000000, NetlinkTimeout:10000000000}, StatusReportingInterval:0, ConfigChangedRestartCallback:(func())(0x2c7e8c0), FatalErrorRestartCallback:(func(error))(0x2c7e7a0), PostInSyncCallback:(func())(0x2c6d280), HealthAggregator:(*health.HealthAggregator)(0xc0005d7e00), WatchdogTimeout:90000000000, RouteTableManager:(*idalloc.IndexAllocator)(0xc000075820), DebugSimulateDataplaneHangAfter:0, ExternalNodesCidrs:[]string(nil), BPFEnabled:false, BPFPolicyDebugEnabled:true, BPFDisableUnprivileged:true, BPFKubeProxyIptablesCleanupEnabled:true, BPFLogLevel:"off", BPFLogFilters:map[string]string(nil), BPFCTLBLogFilter:"", BPFExtToServiceConnmark:0, BPFDataIfacePattern:(*regexp.Regexp)(0xc0005d03c0), BPFL3IfacePattern:(*regexp.Regexp)(nil), XDPEnabled:true, XDPAllowGeneric:false, BPFConntrackTimeouts:conntrack.Timeouts{CreationGracePeriod:10000000000, TCPPreEstablished:20000000000, TCPEstablished:3600000000000, TCPFinsSeen:30000000000, TCPResetSeen:40000000000, UDPLastSeen:60000000000, GenericIPLastSeen:600000000000, ICMPLastSeen:5000000000}, BPFCgroupV2:"", BPFConnTimeLBEnabled:false, BPFConnTimeLB:"TCP", BPFHostNetworkedNAT:"Enabled", BPFMapRepin:false, BPFNodePortDSREnabled:false, BPFDSROptoutCIDRs:[]string(nil), BPFPSNATPorts:numorstring.Port{MinPort:0x4e20, MaxPort:0x752f, PortName:""}, BPFMapSizeRoute:262144, BPFMapSizeConntrack:512000, BPFMapSizeNATFrontend:65536, BPFMapSizeNATBackend:262144, BPFMapSizeNATAffinity:65536, BPFMapSizeIPSets:1048576, BPFMapSizeIfState:1000, BPFIpv6Enabled:false, BPFHostConntrackBypass:true, BPFEnforceRPF:"Loose", BPFDisableGROForIfaces:(*regexp.Regexp)(nil), BPFExcludeCIDRsFromNAT:[]string(nil), KubeProxyMinSyncPeriod:1000000000, SidecarAccelerationEnabled:false, LookPathOverride:(func(string) (string, error))(nil), KubeClientSet:(*kubernetes.Clientset)(0xc0005e0ea0), FeatureDetectOverrides:map[string]string(nil), FeatureGates:map[string]string(nil), hostMTU:0, MTUIfacePattern:(*regexp.Regexp)(0xc0005d0b40), RouteSource:"CalicoIPAM", KubernetesProvider:0x0}
2024-05-10 21:47:38.589 [INFO][62] felix/rule_defs.go 381: Creating rule renderer. config=rules.Config{IPSetConfigV4:(*ipsets.IPVersionConfig)(0xc0002802d0), IPSetConfigV6:(*ipsets.IPVersionConfig)(0xc0002803c0), WorkloadIfacePrefixes:[]string{"cali"}, IptablesMarkAccept:0x10000, IptablesMarkPass:0x20000, IptablesMarkScratch0:0x40000, IptablesMarkScratch1:0x80000, IptablesMarkEndpoint:0xfff00000, IptablesMarkNonCaliEndpoint:0x0, KubeNodePortRanges:[]numorstring.Port{numorstring.Port{MinPort:0x7530, MaxPort:0x7fff, PortName:""}}, KubeIPVSSupportEnabled:false, OpenStackMetadataIP:net.IP(nil), OpenStackMetadataPort:0x2247, OpenStackSpecialCasesEnabled:false, VXLANEnabled:true, VXLANEnabledV6:false, VXLANPort:4789, VXLANVNI:4096, IPIPEnabled:false, FelixConfigIPIPEnabled:(*bool)(nil), IPIPTunnelAddress:net.IP(nil), VXLANTunnelAddress:net.IP{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xc0, 0xa8, 0xa8, 0x0}, VXLANTunnelAddressV6:net.IP(nil), AllowVXLANPacketsFromWorkloads:false, AllowIPIPPacketsFromWorkloads:false, WireguardEnabled:false, WireguardEnabledV6:false, WireguardInterfaceName:"wireguard.cali", WireguardInterfaceNameV6:"wg-v6.cali", WireguardIptablesMark:0x0, WireguardListeningPort:51820, WireguardListeningPortV6:51821, WireguardEncryptHostTraffic:false, RouteSource:"CalicoIPAM", IptablesLogPrefix:"calico-packet", EndpointToHostAction:"ACCEPT", IptablesFilterAllowAction:"ACCEPT", IptablesMangleAllowAction:"ACCEPT", IptablesFilterDenyAction:"DROP", FailsafeInboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"tcp", Port:0x16}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x44}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, FailsafeOutboundHostPorts:[]config.ProtoPort{config.ProtoPort{Net:"", Protocol:"udp", Port:0x35}, config.ProtoPort{Net:"", Protocol:"udp", Port:0x43}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0xb3}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x94c}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1561}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x192b}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0a}, config.ProtoPort{Net:"", Protocol:"tcp", Port:0x1a0b}}, DisableConntrackInvalid:false, NATPortRange:numorstring.Port{MinPort:0x0, MaxPort:0x0, PortName:""}, IptablesNATOutgoingInterfaceFilter:"", NATOutgoingAddress:net.IP(nil), BPFEnabled:false, BPFForceTrackPacketsFromIfaces:[]string{"docker+"}, ServiceLoopPrevention:"Drop"}
2024-05-10 21:47:38.589 [INFO][62] felix/rule_defs.go 391: packets that are not passed by any policy or profile will be dropped.
2024-05-10 21:47:38.590 [INFO][62] felix/rule_defs.go 406: Workload to host packets will be accepted.
2024-05-10 21:47:38.590 [INFO][62] felix/rule_defs.go 420: filter table allowed packets will be accepted immediately.
2024-05-10 21:47:38.590 [INFO][62] felix/rule_defs.go 428: mangle table allowed packets will be accepted immediately.
2024-05-10 21:47:38.590 [INFO][62] felix/rule_defs.go 436: Packets to unknown service IPs will be dropped
2024-05-10 21:47:38.590 [INFO][62] felix/int_dataplane.go 1157: Determined pod MTU mtu=1450
2024-05-10 21:47:38.590 [INFO][62] felix/iface_monitor.go 92: configured to periodically rescan interfaces. interval=1m30s
2024-05-10 21:47:38.591 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"ip6tables-nft-save", "ip6tables-save"} command="ip6tables-nft-save" ipVersion=0x6 saveOrRestore="save"
2024-05-10 21:47:38.591 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-save", "iptables-save"} command="iptables-nft-save" ipVersion=0x4 saveOrRestore="save"
2024-05-10 21:47:38.611 [INFO][62] felix/feature_detect_linux.go 170: Updating detected iptables features features=environment.Features{SNATFullyRandom:true, MASQFullyRandom:true, RestoreSupportsLock:true, ChecksumOffloadBroken:true, IPIPDeviceIsL3:true, KernelSideRouteFiltering:true} iptablesVersion=1.8.8 kernelVersion=5.15.0-106
2024-05-10 21:47:38.612 [INFO][62] felix/table.go 344: Calculated old-insert detection regex. pattern="(?:-j|--jump) cali-|(?:-j|--jump) califw-|(?:-j|--jump) calitw-|(?:-j|--jump) califh-|(?:-j|--jump) calith-|(?:-j|--jump) calipi-|(?:-j|--jump) calipo-|(?:-j|--jump) felix-"
2024-05-10 21:47:38.612 [INFO][62] felix/table.go 462: Enabling iptables-in-nftables-mode workarounds.
2024-05-10 21:47:38.612 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-restore", "iptables-restore"} command="iptables-nft-restore" ipVersion=0x4 saveOrRestore="restore"
2024-05-10 21:47:38.612 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-save", "iptables-save"} command="iptables-nft-save" ipVersion=0x4 saveOrRestore="save"
2024-05-10 21:47:38.612 [INFO][62] felix/table.go 344: Calculated old-insert detection regex. pattern="(?:-j|--jump) cali-|(?:-j|--jump) califw-|(?:-j|--jump) calitw-|(?:-j|--jump) califh-|(?:-j|--jump) calith-|(?:-j|--jump) calipi-|(?:-j|--jump) calipo-|(?:-j|--jump) felix-|-A POSTROUTING .* felix-masq-ipam-pools .*|-A POSTROUTING -o tunl0 -m addrtype ! --src-type LOCAL --limit-iface-out -m addrtype --src-type LOCAL -j MASQUERADE"
2024-05-10 21:47:38.612 [INFO][62] felix/table.go 462: Enabling iptables-in-nftables-mode workarounds.
2024-05-10 21:47:38.612 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-restore", "iptables-restore"} command="iptables-nft-restore" ipVersion=0x4 saveOrRestore="restore"
2024-05-10 21:47:38.612 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-save", "iptables-save"} command="iptables-nft-save" ipVersion=0x4 saveOrRestore="save"
2024-05-10 21:47:38.613 [INFO][62] felix/table.go 344: Calculated old-insert detection regex. pattern="(?:-j|--jump) cali-|(?:-j|--jump) califw-|(?:-j|--jump) calitw-|(?:-j|--jump) califh-|(?:-j|--jump) calith-|(?:-j|--jump) calipi-|(?:-j|--jump) calipo-|(?:-j|--jump) felix-"
2024-05-10 21:47:38.613 [INFO][62] felix/table.go 462: Enabling iptables-in-nftables-mode workarounds.
2024-05-10 21:47:38.613 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-restore", "iptables-restore"} command="iptables-nft-restore" ipVersion=0x4 saveOrRestore="restore"
2024-05-10 21:47:38.613 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-save", "iptables-save"} command="iptables-nft-save" ipVersion=0x4 saveOrRestore="save"
2024-05-10 21:47:38.613 [INFO][62] felix/table.go 344: Calculated old-insert detection regex. pattern="(?:-j|--jump) cali-|(?:-j|--jump) califw-|(?:-j|--jump) calitw-|(?:-j|--jump) califh-|(?:-j|--jump) calith-|(?:-j|--jump) calipi-|(?:-j|--jump) calipo-|(?:-j|--jump) felix-"
2024-05-10 21:47:38.613 [INFO][62] felix/table.go 462: Enabling iptables-in-nftables-mode workarounds.
2024-05-10 21:47:38.613 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-restore", "iptables-restore"} command="iptables-nft-restore" ipVersion=0x4 saveOrRestore="restore"
2024-05-10 21:47:38.613 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"iptables-nft-save", "iptables-save"} command="iptables-nft-save" ipVersion=0x4 saveOrRestore="save"
2024-05-10 21:47:38.613 [INFO][62] felix/route_table.go 324: Calculated interface name regexp ifaceRegex="^vxlan.calico$" ipVersion=0x4 tableIndex=254
2024-05-10 21:47:38.614 [INFO][62] felix/route_table.go 317: No interface matches required for routetable ipVersion=0x4 tableIndex=254
2024-05-10 21:47:38.614 [INFO][62] felix/vxlan_mgr.go 535: VXLAN tunnel device thread started. ipVersion=0x4 mtu=1450 wait=10s xsumBroken=true
2024-05-10 21:47:38.617 [INFO][62] felix/int_dataplane.go 541: XDP acceleration enabled.
2024-05-10 21:47:38.623 [INFO][62] felix/table.go 344: Calculated old-insert detection regex. pattern="(?:-j|--jump) cali-|(?:-j|--jump) califw-|(?:-j|--jump) calitw-|(?:-j|--jump) califh-|(?:-j|--jump) calith-|(?:-j|--jump) calipi-|(?:-j|--jump) calipo-|(?:-j|--jump) felix-"
2024-05-10 21:47:38.623 [INFO][62] felix/table.go 462: Enabling iptables-in-nftables-mode workarounds.
2024-05-10 21:47:38.623 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"ip6tables-nft-restore", "ip6tables-restore"} command="ip6tables-nft-restore" ipVersion=0x6 saveOrRestore="restore"
2024-05-10 21:47:38.623 [INFO][62] felix/feature_detect_linux.go 410: Looked up iptables command backendMode="nft" candidates=[]string{"ip6tables-nft-save", "ip6tables-save"} command="ip6tables-nft-save" ipVersion=0x6 saveOrRestore="save"
2024-05-10 21:47:38.625 [INFO][62] felix/connecttime.go 57: Running bpftool to look up programs attached to cgroup args=[]string{"bpftool", "-j", "-p", "cgroup", "show", "/run/calico/cgroup"}
2024-05-10 21:47:38.637 [INFO][62] felix/route_table.go 324: Calculated interface name regexp ifaceRegex="^cali.*" ipVersion=0x4 tableIndex=254
2024-05-10 21:47:38.637 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="all-ipam-pools" setType="hash:net"
2024-05-10 21:47:38.638 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="masq-ipam-pools" setType="hash:net"
2024-05-10 21:47:38.638 [INFO][62] felix/route_table.go 324: Calculated interface name regexp ifaceRegex="^wireguard.cali$" ipVersion=0x4 tableIndex=1
2024-05-10 21:47:38.638 [INFO][62] felix/int_dataplane.go 1051: Registering to report health.
2024-05-10 21:47:38.642 [INFO][62] felix/int_dataplane.go 2060: attempted to modprobe nf_conntrack_proto_sctp error=exit status 1 output=""
2024-05-10 21:47:38.643 [INFO][62] felix/int_dataplane.go 2062: Making sure IPv4 forwarding is enabled.
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-in" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-out" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-PREROUTING" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-rpf-skip" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-from-host-endpoint" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.644 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-wireguard-incoming-mark" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.645 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-OUTPUT" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.645 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-to-host-endpoint" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.645 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-PREROUTING" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.645 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-OUTPUT" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.646 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-FORWARD" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.646 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-from-hep-forward" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.646 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-from-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.646 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-to-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.646 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-to-hep-forward" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.647 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-cidr-block" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.647 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-INPUT" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.647 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-wl-to-host" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.647 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-from-host-endpoint" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.647 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-wl-to-host" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-in" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-OUTPUT" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-to-host-endpoint" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-out" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-FORWARD" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.648 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-INPUT" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-OUTPUT" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-PREROUTING" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-fip-dnat" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-POSTROUTING" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-fip-snat" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.649 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-nat-outgoing" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.650 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-OUTPUT" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.650 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-PREROUTING" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-POSTROUTING" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-OUTPUT" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-in" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-failsafe-out" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-PREROUTING" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-from-host-endpoint" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.651 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-POSTROUTING" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.652 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-to-host-endpoint" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.652 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-PREROUTING" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.652 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-POSTROUTING" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1800: Set XDP failsafe ports: [{Net: Protocol:tcp Port:22} {Net: Protocol:udp Port:68} {Net: Protocol:tcp Port:179} {Net: Protocol:tcp Port:2379} {Net: Protocol:tcp Port:2380} {Net: Protocol:tcp Port:5473} {Net: Protocol:tcp Port:6443} {Net: Protocol:tcp Port:6666} {Net: Protocol:tcp Port:6667}]
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1495: IPIP disabled. Not starting tunnel update thread.
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1829: Started internal iptables dataplane driver loop
2024-05-10 21:47:38.741 [INFO][62] felix/daemon.go 440: Connect to the dataplane driver.
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1934: Will refresh IP sets on timer interval=10s
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 2323: Started internal status report thread
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1934: Will refresh routes on timer interval=1m30s
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 2325: Process status reports disabled
2024-05-10 21:47:38.741 [INFO][62] felix/int_dataplane.go 1934: Will refresh XDP state on timer interval=1m30s
2024-05-10 21:47:38.742 [INFO][62] felix/iface_monitor.go 117: Interface monitoring thread started.
2024-05-10 21:47:38.741 [INFO][62] felix/daemon.go 497: Connecting to Typha.
2024-05-10 21:47:38.742 [INFO][62] felix/iface_monitor.go 137: Subscribed to netlink updates.
2024-05-10 21:47:38.742 [INFO][62] felix/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.742 [INFO][62] felix/daemon.go 522: Created Syncer syncer=<nil>
2024-05-10 21:47:38.742 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=1 ifaceName="lo" state="up"
2024-05-10 21:47:38.742 [INFO][62] felix/daemon.go 534: Starting the Typha connection...
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"lo", State:"up", Index:1}
2024-05-10 21:47:38.743 [INFO][62] felix/sync_client.go 189: Starting Typha client... myID=0x1 type=""
2024-05-10 21:47:38.743 [INFO][62] felix/sync_client.go 205: Connecting to typha endpoint 10.140.20.91:5473. myID=0x1 type=""
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{127.0.0.1,::1,127.0.0.0} ifaceName="lo"
2024-05-10 21:47:38.743 [INFO][62] felix/sync_client.go 276: Starting Typha client
2024-05-10 21:47:38.743 [INFO][62] felix/sync_client.go 91:  requiringTLS=true
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"lo", Addrs:set.Typed[string]{"127.0.0.0":set.v{}, "127.0.0.1":set.v{}, "::1":set.v{}}}
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=2 ifaceName="ens3" state="up"
2024-05-10 21:47:38.743 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"lo", Addrs:set.Typed[string]{"127.0.0.0":set.v{}, "127.0.0.1":set.v{}, "::1":set.v{}}}
2024-05-10 21:47:38.743 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="this-host" setType="hash:ip"
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{fe80::f816:3eff:fed0:7178,10.140.20.162} ifaceName="ens3"
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"ens3", State:"up", Index:2}
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=6 ifaceName="vxlan.calico" state="up"
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"ens3", Addrs:set.Typed[string]{"10.140.20.162":set.v{}, "fe80::f816:3eff:fed0:7178":set.v{}}}
2024-05-10 21:47:38.743 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"ens3", Addrs:set.Typed[string]{"10.140.20.162":set.v{}, "fe80::f816:3eff:fed0:7178":set.v{}}}
2024-05-10 21:47:38.743 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="this-host" setType="hash:ip"
2024-05-10 21:47:38.743 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{fe80::642d:6aff:fe01:7c51,192.168.168.0} ifaceName="vxlan.calico"
2024-05-10 21:47:38.744 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"vxlan.calico", State:"up", Index:6}
2024-05-10 21:47:38.744 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"vxlan.calico", Addrs:set.Typed[string]{"192.168.168.0":set.v{}, "fe80::642d:6aff:fe01:7c51":set.v{}}}
2024-05-10 21:47:38.744 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"vxlan.calico", Addrs:set.Typed[string]{"192.168.168.0":set.v{}, "fe80::642d:6aff:fe01:7c51":set.v{}}}
2024-05-10 21:47:38.744 [INFO][62] felix/tlsutils.go 39: Make certificate verifier requiredCN="typha-server" requiredURISAN="" roots=&x509.CertPool{byName:map[string][]int{"0!1\x1f0\x1d\x06\x03U\x04\x03\x13\x16tigera-operator-signer":[]int{0}}, lazyCerts:[]x509.lazyCert{x509.lazyCert{rawSubject:[]uint8{0x30, 0x21, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x16, 0x74, 0x69, 0x67, 0x65, 0x72, 0x61, 0x2d, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72}, getCert:(func() (*x509.Certificate, error))(0x722880)}}, haveSum:map[x509.sum224]bool{x509.sum224{0xa9, 0xe9, 0x87, 0x20, 0xc2, 0xa9, 0x57, 0x27, 0x8, 0x41, 0xcb, 0x6a, 0x92, 0x59, 0x19, 0xc, 0x6f, 0xd5, 0x31, 0x4c, 0x24, 0xf1, 0xaa, 0xc7, 0x60, 0x9a, 0x3e, 0xf4}:true}, systemPool:false}
2024-05-10 21:47:38.744 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="this-host" setType="hash:ip"
2024-05-10 21:47:38.744 [INFO][62] felix/int_dataplane.go 2005: Interface monitor now in sync.
2024-05-10 21:47:38.744 [INFO][62] felix/sync_client.go 329: Connecting to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 type=""
2024-05-10 21:47:38.751 [INFO][62] felix/tlsutils.go 46: Verify certificate chain signing address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 type=""
2024-05-10 21:47:38.755 [INFO][62] felix/sync_client.go 363: Connected to Typha. address=discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 type=""
2024-05-10 21:47:38.755 [INFO][62] felix/sync_client.go 211: Successfully connected to Typha at 10.140.20.91:5473. myID=0x1 type=""
2024-05-10 21:47:38.755 [INFO][62] felix/daemon.go 553: Connected to Typha on attempt 1
2024-05-10 21:47:38.755 [INFO][62] felix/sync_client.go 411: Started Typha client main loop connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 type=""
2024-05-10 21:47:38.758 [INFO][62] felix/sync_client.go 454: ServerHello message received connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 serverConnID=0xa serverMsg=syncproto.MsgServerHello{Version:"v3.27.3", SyncerType:"felix", SupportsNodeResourceUpdates:true, ServerConnID:0xa} type=""
2024-05-10 21:47:38.758 [INFO][62] felix/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} msg=syncproto.MsgDecoderRestart{Message:"enable compression: snappy;send binary snapshot", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0xa type=""
2024-05-10 21:47:38.758 [INFO][62] felix/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 serverConnID=0xa type=""
2024-05-10 21:47:38.758 [INFO][62] felix/calc_graph.go 149: Creating calculation graph, filtered to hostname main-k8s-master-2
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac5ba0)
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x1ac5ba0)
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac5a80)
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x1ac5a80)
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac7060)
2024-05-10 21:47:38.760 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x1ac7060)
2024-05-10 21:47:38.761 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.PolicyKey: (dispatcher.UpdateHandler)(0x1ac7060)
2024-05-10 21:47:38.761 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ProfileRulesKey: (dispatcher.UpdateHandler)(0x1ac7060)
2024-05-10 21:47:38.761 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1ac7060)
2024-05-10 21:47:38.761 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1a6d3e0)
2024-05-10 21:47:38.761 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x19feb20)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x19feb20)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x19feb20)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.NetworkSetKey: (dispatcher.UpdateHandler)(0x19feb20)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.PolicyKey: (dispatcher.UpdateHandler)(0x1ac5f80)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac5f80)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x1ac5f80)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostIPKey: (dispatcher.UpdateHandler)(0x1ac6e00)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.IPPoolKey: (dispatcher.UpdateHandler)(0x1ac6e00)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WireguardKey: (dispatcher.UpdateHandler)(0x1ac6e00)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1ac6e00)
2024-05-10 21:47:38.762 [INFO][62] felix/l3_route_resolver.go 175: Creating L3 route resolver
2024-05-10 21:47:38.762 [INFO][62] felix/l3_route_resolver.go 196: Registering L3 route resolver (node resources on)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1ac6860)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.IPPoolKey: (dispatcher.UpdateHandler)(0x1ac6aa0)
2024-05-10 21:47:38.762 [INFO][62] felix/l3_route_resolver.go 207: Registering for L3 route updates routeSource="CalicoIPAM"
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.BlockKey: (dispatcher.UpdateHandler)(0x1ac6ce0)
2024-05-10 21:47:38.762 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac6bc0)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1ac6500)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostConfigKey: (dispatcher.UpdateHandler)(0x1ac6740)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.GlobalConfigKey: (dispatcher.UpdateHandler)(0x1ac6380)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostConfigKey: (dispatcher.UpdateHandler)(0x1ac6380)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ReadyFlagKey: (dispatcher.UpdateHandler)(0x1ac6380)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.ResourceKey: (dispatcher.UpdateHandler)(0x1ac6260)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.IPPoolKey: (dispatcher.UpdateHandler)(0x1ac60e0)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostIPKey: (dispatcher.UpdateHandler)(0x1ac5820)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.WorkloadEndpointKey: (dispatcher.UpdateHandler)(0x1ac5820)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostEndpointKey: (dispatcher.UpdateHandler)(0x1ac5820)
2024-05-10 21:47:38.763 [INFO][62] felix/dispatcher.go 68: Registering listener for type model.HostConfigKey: (dispatcher.UpdateHandler)(0x1ac5820)
2024-05-10 21:47:38.764 [INFO][62] felix/async_calc_graph.go 256: Starting AsyncCalcGraph
2024-05-10 21:47:38.764 [INFO][62] felix/async_calc_graph.go 137: AsyncCalcGraph running
2024-05-10 21:47:38.764 [INFO][62] felix/daemon.go 639: Started the processing graph
2024-05-10 21:47:38.765 [INFO][62] felix/daemon.go 999: Reading from dataplane driver pipe...
2024-05-10 21:47:38.765 [INFO][62] felix/daemon.go 707: No driver process to monitor
2024-05-10 21:47:38.765 [INFO][62] felix/daemon.go 1256: Configuration update from calculation graph. configBySource=map[string]map[string]string{"config file":map[string]string{"LogFilePath":"None", "LogSeverityFile":"None", "LogSeveritySys":"None", "MetadataAddr":"None"}, "datastore (global)":map[string]string{"BPFConnectTimeLoadBalancing":"TCP", "BPFHostNetworkedNATWithoutCTLB":"Enabled", "CalicoVersion":"v3.27.3", "ClusterGUID":"a67d29bc359f4aa2a450000b755000d7", "ClusterType":"typha,kdd,k8s,operator,kubeadm", "FloatingIPs":"Disabled", "HealthPort":"9099", "LogSeverityScreen":"Info", "ReportingIntervalSecs":"0", "VXLANVNI":"4096"}, "datastore (per-host)":map[string]string{"IPv4VXLANTunnelAddr":"192.168.168.0"}, "environment variable":map[string]string{"datastoretype":"kubernetes", "defaultendpointtohostaction":"ACCEPT", "felixhostname":"main-k8s-master-2", "healthenabled":"true", "healthport":"9099", "ipv6support":"false", "typhacafile":"/etc/pki/tls/certs/tigera-ca-bundle.crt", "typhacertfile":"/node-certs/tls.crt", "typhacn":"typha-server", "typhak8snamespace":"calico-system", "typhak8sservicename":"calico-typha", "typhakeyfile":"/node-certs/tls.key"}} configUpdate=config:<key:"BPFConnectTimeLoadBalancing" value:"TCP" > config:<key:"BPFHostNetworkedNATWithoutCTLB" value:"Enabled" > config:<key:"CalicoVersion" value:"v3.27.3" > config:<key:"ClusterGUID" value:"a67d29bc359f4aa2a450000b755000d7" > config:<key:"ClusterType" value:"typha,kdd,k8s,operator,kubeadm" > config:<key:"DatastoreType" value:"kubernetes" > config:<key:"DefaultEndpointToHostAction" value:"ACCEPT" > config:<key:"FelixHostname" value:"main-k8s-master-2" > config:<key:"FloatingIPs" value:"Disabled" > config:<key:"HealthEnabled" value:"true" > config:<key:"HealthPort" value:"9099" > config:<key:"IPv4VXLANTunnelAddr" value:"192.168.168.0" > config:<key:"Ipv6Support" value:"false" > config:<key:"LogFilePath" value:"None" > config:<key:"LogSeverityFile" value:"None" > config:<key:"LogSeverityScreen" value:"Info" > config:<key:"LogSeveritySys" value:"None" > config:<key:"MetadataAddr" value:"None" > config:<key:"ReportingIntervalSecs" value:"0" > config:<key:"TyphaCAFile" value:"/etc/pki/tls/certs/tigera-ca-bundle.crt" > config:<key:"TyphaCN" value:"typha-server" > config:<key:"TyphaCertFile" value:"/node-certs/tls.crt" > config:<key:"TyphaK8sNamespace" value:"calico-system" > config:<key:"TyphaK8sServiceName" value:"calico-typha" > config:<key:"TyphaKeyFile" value:"/node-certs/tls.key" > config:<key:"VXLANVNI" value:"4096" > source_to_raw_config:<key:1 value:<source:"datastore (global)" config:<key:"BPFConnectTimeLoadBalancing" value:"TCP" > config:<key:"BPFHostNetworkedNATWithoutCTLB" value:"Enabled" > config:<key:"CalicoVersion" value:"v3.27.3" > config:<key:"ClusterGUID" value:"a67d29bc359f4aa2a450000b755000d7" > config:<key:"ClusterType" value:"typha,kdd,k8s,operator,kubeadm" > config:<key:"FloatingIPs" value:"Disabled" > config:<key:"HealthPort" value:"9099" > config:<key:"LogSeverityScreen" value:"Info" > config:<key:"ReportingIntervalSecs" value:"0" > config:<key:"VXLANVNI" value:"4096" > > > source_to_raw_config:<key:2 value:<source:"datastore (per-host)" config:<key:"IPv4VXLANTunnelAddr" value:"192.168.168.0" > > > source_to_raw_config:<key:3 value:<source:"config file" config:<key:"LogFilePath" value:"None" > config:<key:"LogSeverityFile" value:"None" > config:<key:"LogSeveritySys" value:"None" > config:<key:"MetadataAddr" value:"None" > > > source_to_raw_config:<key:4 value:<source:"environment variable" config:<key:"datastoretype" value:"kubernetes" > config:<key:"defaultendpointtohostaction" value:"ACCEPT" > config:<key:"felixhostname" value:"main-k8s-master-2" > config:<key:"healthenabled" value:"true" > config:<key:"healthport" value:"9099" > config:<key:"ipv6support" value:"false" > config:<key:"typhacafile" value:"/etc/pki/tls/certs/tigera-ca-bundle.crt" > config:<key:"typhacertfile" value:"/node-certs/tls.crt" > config:<key:"typhacn" value:"typha-server" > config:<key:"typhak8snamespace" value:"calico-system" > config:<key:"typhak8sservicename" value:"calico-typha" > config:<key:"typhakeyfile" value:"/node-certs/tls.key" > > >
2024-05-10 21:47:38.766 [INFO][62] felix/config_params.go 622: Parsing value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.767 [INFO][62] felix/config_params.go 658: Parsed value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.767 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.767 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.767 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.767 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 622: Parsing value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.key"
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 658: Parsed value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/param_types.go 312: Looking for required file path="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 622: Parsing value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.768 [INFO][62] felix/config_params.go 658: Parsed value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.769 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.769 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.769 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.769 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.crt"
2024-05-10 21:47:38.769 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.769 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 622: Parsing value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 658: Parsed value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 622: Parsing value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 658: Parsed value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.770 [INFO][62] felix/config_params.go 622: Parsing value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.771 [INFO][62] felix/config_params.go 658: Parsed value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.771 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityFile: None (from config file)
2024-05-10 21:47:38.771 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityFile:  (from config file)
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 622: Parsing value for LogSeveritySys: None (from config file)
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 658: Parsed value for LogSeveritySys:  (from config file)
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 622: Parsing value for MetadataAddr: None (from config file)
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 658: Parsed value for MetadataAddr:  (from config file)
2024-05-10 21:47:38.772 [INFO][62] felix/config_params.go 622: Parsing value for LogFilePath: None (from config file)
2024-05-10 21:47:38.773 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.773 [INFO][62] felix/config_params.go 658: Parsed value for LogFilePath:  (from config file)
2024-05-10 21:47:38.773 [INFO][62] felix/config_params.go 622: Parsing value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.773 [INFO][62] felix/config_params.go 658: Parsed value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.777 [INFO][62] felix/config_params.go 622: Parsing value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.777 [INFO][62] felix/config_params.go 658: Parsed value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.777 [INFO][62] felix/config_params.go 622: Parsing value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.777 [INFO][62] felix/config_params.go 658: Parsed value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 622: Parsing value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 658: Parsed value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 622: Parsing value for ReportingIntervalSecs: 0 (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 658: Parsed value for ReportingIntervalSecs: 0s (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 661: Skipping config value for HealthPort from datastore (global); already have a value from environment variable
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 622: Parsing value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 658: Parsed value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 622: Parsing value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.778 [INFO][62] felix/config_params.go 658: Parsed value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 622: Parsing value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 658: Parsed value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityScreen: Info (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityScreen: INFO (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 622: Parsing value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/config_params.go 658: Parsed value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.779 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ConfigUpdate update from calculation graph msg=config:<key:"BPFConnectTimeLoadBalancing" value:"TCP" > config:<key:"BPFHostNetworkedNATWithoutCTLB" value:"Enabled" > config:<key:"CalicoVersion" value:"v3.27.3" > config:<key:"ClusterGUID" value:"a67d29bc359f4aa2a450000b755000d7" > config:<key:"ClusterType" value:"typha,kdd,k8s,operator,kubeadm" > config:<key:"DatastoreType" value:"kubernetes" > config:<key:"DefaultEndpointToHostAction" value:"ACCEPT" > config:<key:"FelixHostname" value:"main-k8s-master-2" > config:<key:"FloatingIPs" value:"Disabled" > config:<key:"HealthEnabled" value:"true" > config:<key:"HealthPort" value:"9099" > config:<key:"IPv4VXLANTunnelAddr" value:"192.168.168.0" > config:<key:"Ipv6Support" value:"false" > config:<key:"LogFilePath" value:"None" > config:<key:"LogSeverityFile" value:"None" > config:<key:"LogSeverityScreen" value:"Info" > config:<key:"LogSeveritySys" value:"None" > config:<key:"MetadataAddr" value:"None" > config:<key:"ReportingIntervalSecs" value:"0" > config:<key:"TyphaCAFile" value:"/etc/pki/tls/certs/tigera-ca-bundle.crt" > config:<key:"TyphaCN" value:"typha-server" > config:<key:"TyphaCertFile" value:"/node-certs/tls.crt" > config:<key:"TyphaK8sNamespace" value:"calico-system" > config:<key:"TyphaK8sServiceName" value:"calico-typha" > config:<key:"TyphaKeyFile" value:"/node-certs/tls.key" > config:<key:"VXLANVNI" value:"4096" > source_to_raw_config:<key:1 value:<source:"datastore (global)" config:<key:"BPFConnectTimeLoadBalancing" value:"TCP" > config:<key:"BPFHostNetworkedNATWithoutCTLB" value:"Enabled" > config:<key:"CalicoVersion" value:"v3.27.3" > config:<key:"ClusterGUID" value:"a67d29bc359f4aa2a450000b755000d7" > config:<key:"ClusterType" value:"typha,kdd,k8s,operator,kubeadm" > config:<key:"FloatingIPs" value:"Disabled" > config:<key:"HealthPort" value:"9099" > config:<key:"LogSeverityScreen" value:"Info" > config:<key:"ReportingIntervalSecs" value:"0" > config:<key:"VXLANVNI" value:"4096" > > > source_to_raw_config:<key:2 value:<source:"datastore (per-host)" config:<key:"IPv4VXLANTunnelAddr" value:"192.168.168.0" > > > source_to_raw_config:<key:3 value:<source:"config file" config:<key:"LogFilePath" value:"None" > config:<key:"LogSeverityFile" value:"None" > config:<key:"LogSeveritySys" value:"None" > config:<key:"MetadataAddr" value:"None" > > > source_to_raw_config:<key:4 value:<source:"environment variable" config:<key:"datastoretype" value:"kubernetes" > config:<key:"defaultendpointtohostaction" value:"ACCEPT" > config:<key:"felixhostname" value:"main-k8s-master-2" > config:<key:"healthenabled" value:"true" > config:<key:"healthport" value:"9099" > config:<key:"ipv6support" value:"false" > config:<key:"typhacafile" value:"/etc/pki/tls/certs/tigera-ca-bundle.crt" > config:<key:"typhacertfile" value:"/node-certs/tls.crt" > config:<key:"typhacn" value:"typha-server" > config:<key:"typhak8snamespace" value:"calico-system" > config:<key:"typhak8sservicename" value:"calico-typha" > config:<key:"typhakeyfile" value:"/node-certs/tls.key" > > >
2024-05-10 21:47:38.779 [INFO][60] tunnel-ip-allocator/allocateip.go 340: Current address is still valid, do nothing currentAddr="192.168.168.0" type="vxlanTunnelAddress"
2024-05-10 21:47:38.790 [INFO][62] felix/sync_client.go 540: Server asked us to restart our decoder connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} msg=syncproto.MsgDecoderRestart{Message:"End of compressed snapshot.", CompressionAlgorithm:"snappy"} myID=0x1 serverConnID=0xa type=""
2024-05-10 21:47:38.790 [INFO][62] felix/sync_client.go 544: Server selected snappy compression. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 serverConnID=0xa type=""
2024-05-10 21:47:38.797 [INFO][62] felix/vxlan_resolver.go 304: Missing both IPv4 and IPv6 VTEP information for node, cannot send VTEP yet node="main-k8s-master-1"
2024-05-10 21:47:38.798 [INFO][62] felix/vxlan_resolver.go 304: Missing both IPv4 and IPv6 VTEP information for node, cannot send VTEP yet node="main-k8s-master-2"
2024-05-10 21:47:38.800 [INFO][62] felix/vxlan_resolver.go 304: Missing both IPv4 and IPv6 VTEP information for node, cannot send VTEP yet node="main-k8s-master-3"
2024-05-10 21:47:38.800 [INFO][62] felix/vxlan_resolver.go 304: Missing both IPv4 and IPv6 VTEP information for node, cannot send VTEP yet node="main-k8s-regular-1"
2024-05-10 21:47:38.802 [INFO][62] felix/sync_client.go 486: Status update from Typha. connection=&discovery.Typha{Addr:"10.140.20.91:5473", IP:"10.140.20.91", NodeName:(*string)(0xc000127a80)} myID=0x1 newStatus=in-sync serverConnID=0xa type=""
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=BPFConnectTimeLoadBalancing) TCP 4878 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=BPFHostNetworkedNATWithoutCTLB) Enabled 4878 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=CalicoVersion) v3.27.3 4877 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=ClusterGUID) a67d29bc359f4aa2a450000b755000d7 4877 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=ClusterType) typha,kdd,k8s,operator,kubeadm 4877 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=FloatingIPs) Disabled 4878 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=HealthPort) 9099 4878 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=LogSeverityScreen) Info 4878 <nil> 0s} 1}
2024-05-10 21:47:38.802 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=ReportingIntervalSecs) 0 4878 <nil> 0s} 1}
2024-05-10 21:47:38.804 [INFO][62] felix/config_batcher.go 74: Global config update: {{GlobalFelixConfig(name=VXLANVNI) 4096 4878 <nil> 0s} 1}
2024-05-10 21:47:38.804 [INFO][62] felix/vxlan_resolver.go 332: Sending VTEP update node="main-k8s-master-1"
2024-05-10 21:47:38.805 [INFO][62] felix/vxlan_resolver.go 332: Sending VTEP update node="main-k8s-master-2"
2024-05-10 21:47:38.805 [INFO][62] felix/config_batcher.go 61: Host config update for this host: {{HostConfig(node=main-k8s-master-2,name=IPv4VXLANTunnelAddr) 192.168.168.0 12055 <nil> 0s} 1}
2024-05-10 21:47:38.805 [INFO][62] felix/vxlan_resolver.go 332: Sending VTEP update node="main-k8s-master-3"
2024-05-10 21:47:38.805 [INFO][62] felix/vxlan_resolver.go 332: Sending VTEP update node="main-k8s-regular-1"
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"default" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-public" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.805 [INFO][62] felix/l3_route_resolver.go 633: Pool is active newPool=calc.l3rrPoolInfo{CIDR:ip.V4CIDR{addr:ip.V4Addr{0xc0, 0xa8, 0x0, 0x0}, prefix:0x10}, PoolType:2, NATOutgoing:true, CrossSubnet:false, AWSSubnetID:""} newType=VXLAN oldType=NONE
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"persistent-volume-binder" > labels:<key:"projectcalico.org/name" value:"persistent-volume-binder" >
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"endpointslicemirroring-controller" > labels:<key:"projectcalico.org/name" value:"endpointslicemirroring-controller" >
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"ttl-after-finished-controller" > labels:<key:"projectcalico.org/name" value:"ttl-after-finished-controller" >
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"disruption-controller" > labels:<key:"projectcalico.org/name" value:"disruption-controller" >
2024-05-10 21:47:38.805 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"endpointslice-controller" > labels:<key:"projectcalico.org/name" value:"endpointslice-controller" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"legacy-service-account-token-cleaner" > labels:<key:"projectcalico.org/name" value:"legacy-service-account-token-cleaner" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"pod-garbage-collector" > labels:<key:"projectcalico.org/name" value:"pod-garbage-collector" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-node-lease" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"horizontal-pod-autoscaler" > labels:<key:"projectcalico.org/name" value:"horizontal-pod-autoscaler" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"tigera-operator" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"bootstrap-signer" > labels:<key:"projectcalico.org/name" value:"bootstrap-signer" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"cloud-controller-manager" > labels:<key:"projectcalico.org/name" value:"cloud-controller-manager" >
2024-05-10 21:47:38.806 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"csi-cinder-node-sa" > labels:<key:"projectcalico.org/name" value:"csi-cinder-node-sa" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"endpoint-controller" > labels:<key:"projectcalico.org/name" value:"endpoint-controller" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"resourcequota-controller" > labels:<key:"projectcalico.org/name" value:"resourcequota-controller" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"cronjob-controller" > labels:<key:"projectcalico.org/name" value:"cronjob-controller" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"kube-proxy" > labels:<key:"projectcalico.org/name" value:"kube-proxy" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"replicaset-controller" > labels:<key:"projectcalico.org/name" value:"replicaset-controller" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-apiserver" name:"calico-apiserver" > labels:<key:"projectcalico.org/name" value:"calico-apiserver" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-system" name:"calico-kube-controllers" > labels:<key:"projectcalico.org/name" value:"calico-kube-controllers" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-system" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"attachdetach-controller" > labels:<key:"projectcalico.org/name" value:"attachdetach-controller" >
2024-05-10 21:47:38.807 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"clusterrole-aggregation-controller" > labels:<key:"projectcalico.org/name" value:"clusterrole-aggregation-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-system" name:"calico-typha" > labels:<key:"projectcalico.org/name" value:"calico-typha" >
2024-05-10 21:47:38.806 [INFO][62] felix/label_inheritance_index.go 182: Updating selector selID=Policy(name=calico-apiserver/knp.default.allow-apiserver)
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"csi-cinder-controller-sa" > labels:<key:"projectcalico.org/name" value:"csi-cinder-controller-sa" >
2024-05-10 21:47:38.808 [INFO][62] felix/config_batcher.go 102: Datamodel in sync, flushing config update
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"deployment-controller" > labels:<key:"projectcalico.org/name" value:"deployment-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/config_batcher.go 112: Sending config update global: map[BPFConnectTimeLoadBalancing:TCP BPFHostNetworkedNATWithoutCTLB:Enabled CalicoVersion:v3.27.3 ClusterGUID:a67d29bc359f4aa2a450000b755000d7 ClusterType:typha,kdd,k8s,operator,kubeadm FloatingIPs:Disabled HealthPort:9099 LogSeverityScreen:Info ReportingIntervalSecs:0 VXLANVNI:4096], host: map[IPv4VXLANTunnelAddr:192.168.168.0].
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"node-controller" > labels:<key:"projectcalico.org/name" value:"node-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/async_calc_graph.go 166: First time we've been in sync
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"ttl-controller" > labels:<key:"projectcalico.org/name" value:"ttl-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/health.go 206: Health of component changed name="CalculationGraph" newReport="live,ready" oldReport="live,non-ready"
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"tigera-operator" name:"tigera-operator" > labels:<key:"projectcalico.org/name" value:"tigera-operator" >
2024-05-10 21:47:38.808 [INFO][62] felix/event_sequencer.go 273: Possible config update. global=map[string]string{"BPFConnectTimeLoadBalancing":"TCP", "BPFHostNetworkedNATWithoutCTLB":"Enabled", "CalicoVersion":"v3.27.3", "ClusterGUID":"a67d29bc359f4aa2a450000b755000d7", "ClusterType":"typha,kdd,k8s,operator,kubeadm", "FloatingIPs":"Disabled", "HealthPort":"9099", "LogSeverityScreen":"Info", "ReportingIntervalSecs":"0", "VXLANVNI":"4096"} host=map[string]string{"IPv4VXLANTunnelAddr":"192.168.168.0"}
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"daemon-set-controller" > labels:<key:"projectcalico.org/name" value:"daemon-set-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"namespace-controller" > labels:<key:"projectcalico.org/name" value:"namespace-controller" >
2024-05-10 21:47:38.808 [INFO][62] felix/config_params.go 491: Merging in config from datastore (global): map[BPFConnectTimeLoadBalancing:TCP BPFHostNetworkedNATWithoutCTLB:Enabled CalicoVersion:v3.27.3 ClusterGUID:a67d29bc359f4aa2a450000b755000d7 ClusterType:typha,kdd,k8s,operator,kubeadm FloatingIPs:Disabled HealthPort:9099 LogSeverityScreen:Info ReportingIntervalSecs:0 VXLANVNI:4096]
2024-05-10 21:47:38.808 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"pv-protection-controller" > labels:<key:"projectcalico.org/name" value:"pv-protection-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"replication-controller" > labels:<key:"projectcalico.org/name" value:"replication-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"service-account-controller" > labels:<key:"projectcalico.org/name" value:"service-account-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-apiserver" name:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"job-controller" > labels:<key:"projectcalico.org/name" value:"job-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"root-ca-cert-publisher" > labels:<key:"projectcalico.org/name" value:"root-ca-cert-publisher" >
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 622: Parsing value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"ephemeral-volume-controller" > labels:<key:"projectcalico.org/name" value:"ephemeral-volume-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/usagerep.go 91: Waiting before first check-in delay=5m2.265s
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 658: Parsed value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"generic-garbage-collector" > labels:<key:"projectcalico.org/name" value:"generic-garbage-collector" >
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"pvc-protection-controller" > labels:<key:"projectcalico.org/name" value:"pvc-protection-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-system" name:"calico-node" > labels:<key:"projectcalico.org/name" value:"calico-node" >
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"certificate-controller" > labels:<key:"projectcalico.org/name" value:"certificate-controller" >
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.809 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"coredns" > labels:<key:"projectcalico.org/name" value:"coredns" >
2024-05-10 21:47:38.809 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.810 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"expand-controller" > labels:<key:"projectcalico.org/name" value:"expand-controller" >
2024-05-10 21:47:38.810 [INFO][62] felix/config_params.go 622: Parsing value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 658: Parsed value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 622: Parsing value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 658: Parsed value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/param_types.go 312: Looking for required file path="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.811 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"statefulset-controller" > labels:<key:"projectcalico.org/name" value:"statefulset-controller" >
2024-05-10 21:47:38.812 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.crt"
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"kube-system" name:"token-cleaner" > labels:<key:"projectcalico.org/name" value:"token-cleaner" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceAccountUpdate update from calculation graph msg=id:<namespace:"calico-system" name:"calico-cni-plugin" > labels:<key:"projectcalico.org/name" value:"calico-cni-plugin" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 622: Parsing value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 658: Parsed value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"kube-public" > labels:<key:"kubernetes.io/metadata.name" value:"kube-public" > labels:<key:"projectcalico.org/name" value:"kube-public" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"kube-system" > labels:<key:"kubernetes.io/metadata.name" value:"kube-system" > labels:<key:"projectcalico.org/name" value:"kube-system" >
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"tigera-operator" > labels:<key:"kubernetes.io/metadata.name" value:"tigera-operator" > labels:<key:"name" value:"tigera-operator" > labels:<key:"pod-security.kubernetes.io/enforce" value:"privileged" > labels:<key:"projectcalico.org/name" value:"tigera-operator" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"calico-apiserver" > labels:<key:"kubernetes.io/metadata.name" value:"calico-apiserver" > labels:<key:"name" value:"calico-apiserver" > labels:<key:"pod-security.kubernetes.io/enforce" value:"privileged" > labels:<key:"pod-security.kubernetes.io/enforce-version" value:"latest" > labels:<key:"projectcalico.org/name" value:"calico-apiserver" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 622: Parsing value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"calico-system" > labels:<key:"kubernetes.io/metadata.name" value:"calico-system" > labels:<key:"name" value:"calico-system" > labels:<key:"pod-security.kubernetes.io/enforce" value:"privileged" > labels:<key:"pod-security.kubernetes.io/enforce-version" value:"latest" > labels:<key:"projectcalico.org/name" value:"calico-system" >
2024-05-10 21:47:38.812 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.key"
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"default" > labels:<key:"kubernetes.io/metadata.name" value:"default" > labels:<key:"projectcalico.org/name" value:"default" >
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 658: Parsed value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.NamespaceUpdate update from calculation graph msg=id:<name:"kube-node-lease" > labels:<key:"kubernetes.io/metadata.name" value:"kube-node-lease" > labels:<key:"projectcalico.org/name" value:"kube-node-lease" >
2024-05-10 21:47:38.812 [INFO][62] felix/int_dataplane.go 1954: Received *proto.VXLANTunnelEndpointUpdate update from calculation graph msg=node:"main-k8s-master-1" mac:"66:6b:6b:6f:34:c2" ipv4_addr:"192.168.40.0" parent_device_ip:"10.140.20.110"
2024-05-10 21:47:38.812 [INFO][62] felix/config_params.go 622: Parsing value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.VXLANTunnelEndpointUpdate update from calculation graph msg=node:"main-k8s-master-2" mac:"66:2d:6a:01:7c:51" ipv4_addr:"192.168.168.0" parent_device_ip:"10.140.20.162"
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.VXLANTunnelEndpointUpdate update from calculation graph msg=node:"main-k8s-master-3" mac:"66:f6:9e:7f:c9:39" ipv4_addr:"192.168.149.128" parent_device_ip:"10.140.20.86"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 658: Parsed value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL dst:"192.168.145.0/32" dst_node_name:"main-k8s-regular-1" dst_node_ip:"10.140.20.91" tunnel_type:<vxlan:true >
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 622: Parsing value for MetadataAddr: None (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_HOST dst:"10.140.20.91/32" dst_node_name:"main-k8s-regular-1" dst_node_ip:"10.140.20.91"
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD dst:"192.168.149.128/26" dst_node_name:"main-k8s-master-3" dst_node_ip:"10.140.20.86"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_WORKLOAD dst:"192.168.168.0/26" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162"
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL dst:"192.168.40.0/32" dst_node_name:"main-k8s-master-1" dst_node_ip:"10.140.20.110" tunnel_type:<vxlan:true >
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 658: Parsed value for MetadataAddr:  (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_TUNNEL dst:"192.168.168.0/32" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162" tunnel_type:<vxlan:true >
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 622: Parsing value for LogFilePath: None (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_HOST dst:"10.140.20.162/32" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD dst:"192.168.145.0/26" dst_node_name:"main-k8s-regular-1" dst_node_ip:"10.140.20.91"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 658: Parsed value for LogFilePath:  (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD dst:"192.168.40.0/26" dst_node_name:"main-k8s-master-1" dst_node_ip:"10.140.20.110"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityFile: None (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_HOST dst:"10.140.20.110/32" dst_node_name:"main-k8s-master-1" dst_node_ip:"10.140.20.110"
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL dst:"192.168.149.128/32" dst_node_name:"main-k8s-master-3" dst_node_ip:"10.140.20.86" tunnel_type:<vxlan:true >
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_HOST dst:"10.140.20.86/32" dst_node_name:"main-k8s-master-3" dst_node_ip:"10.140.20.86"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityFile:  (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataUpdate update from calculation graph msg=hostname:"main-k8s-master-1" ipv4_addr:"10.140.20.110"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 622: Parsing value for LogSeveritySys: None (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataUpdate update from calculation graph msg=hostname:"main-k8s-master-2" ipv4_addr:"10.140.20.162"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataUpdate update from calculation graph msg=hostname:"main-k8s-master-3" ipv4_addr:"10.140.20.86"
2024-05-10 21:47:38.813 [INFO][62] felix/config_params.go 658: Parsed value for LogSeveritySys:  (from config file)
2024-05-10 21:47:38.813 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataV4V6Update update from calculation graph msg=hostname:"main-k8s-master-1" ipv4_addr:"10.140.20.110/24" labels:<key:"beta.kubernetes.io/arch" value:"amd64" > labels:<key:"beta.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"beta.kubernetes.io/os" value:"linux" > labels:<key:"failure-domain.beta.kubernetes.io/region" value:"iad3" > labels:<key:"failure-domain.beta.kubernetes.io/zone" value:"compute" > labels:<key:"kubernetes.io/arch" value:"amd64" > labels:<key:"kubernetes.io/hostname" value:"main-k8s-master-1" > labels:<key:"kubernetes.io/os" value:"linux" > labels:<key:"node-role.kubernetes.io/control-plane" value:"" > labels:<key:"node.kubernetes.io/exclude-from-external-load-balancers" value:"" > labels:<key:"node.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"topology.cinder.csi.openstack.org/zone" value:"compute" > labels:<key:"topology.kubernetes.io/region" value:"iad3" > labels:<key:"topology.kubernetes.io/zone" value:"compute" >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataV4V6Update update from calculation graph msg=hostname:"main-k8s-master-2" ipv4_addr:"10.140.20.162/24" labels:<key:"beta.kubernetes.io/arch" value:"amd64" > labels:<key:"beta.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"beta.kubernetes.io/os" value:"linux" > labels:<key:"failure-domain.beta.kubernetes.io/region" value:"iad3" > labels:<key:"failure-domain.beta.kubernetes.io/zone" value:"compute" > labels:<key:"kubernetes.io/arch" value:"amd64" > labels:<key:"kubernetes.io/hostname" value:"main-k8s-master-2" > labels:<key:"kubernetes.io/os" value:"linux" > labels:<key:"node-role.kubernetes.io/control-plane" value:"" > labels:<key:"node.kubernetes.io/exclude-from-external-load-balancers" value:"" > labels:<key:"node.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"topology.cinder.csi.openstack.org/zone" value:"compute" > labels:<key:"topology.kubernetes.io/region" value:"iad3" > labels:<key:"topology.kubernetes.io/zone" value:"compute" >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 658: Parsed value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataV4V6Update update from calculation graph msg=hostname:"main-k8s-master-3" ipv4_addr:"10.140.20.86/24" labels:<key:"beta.kubernetes.io/arch" value:"amd64" > labels:<key:"beta.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"beta.kubernetes.io/os" value:"linux" > labels:<key:"failure-domain.beta.kubernetes.io/region" value:"iad3" > labels:<key:"failure-domain.beta.kubernetes.io/zone" value:"compute" > labels:<key:"kubernetes.io/arch" value:"amd64" > labels:<key:"kubernetes.io/hostname" value:"main-k8s-master-3" > labels:<key:"kubernetes.io/os" value:"linux" > labels:<key:"node-role.kubernetes.io/control-plane" value:"" > labels:<key:"node.kubernetes.io/exclude-from-external-load-balancers" value:"" > labels:<key:"node.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"topology.cinder.csi.openstack.org/zone" value:"compute" > labels:<key:"topology.kubernetes.io/region" value:"iad3" > labels:<key:"topology.kubernetes.io/zone" value:"compute" >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 658: Parsed value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataV4V6Update update from calculation graph msg=hostname:"main-k8s-regular-1" ipv4_addr:"10.140.20.91/24" labels:<key:"beta.kubernetes.io/arch" value:"amd64" > labels:<key:"beta.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"beta.kubernetes.io/os" value:"linux" > labels:<key:"failure-domain.beta.kubernetes.io/region" value:"iad3" > labels:<key:"failure-domain.beta.kubernetes.io/zone" value:"compute" > labels:<key:"kubernetes.io/arch" value:"amd64" > labels:<key:"kubernetes.io/hostname" value:"main-k8s-regular-1" > labels:<key:"kubernetes.io/os" value:"linux" > labels:<key:"node.kubernetes.io/instance-type" value:"m1.medium" > labels:<key:"topology.cinder.csi.openstack.org/zone" value:"compute" > labels:<key:"topology.kubernetes.io/region" value:"iad3" > labels:<key:"topology.kubernetes.io/zone" value:"compute" >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"csi-cinder-controller-service" namespace:"kube-system" type:"ClusterIP" cluster_ip:"172.31.38.169" ports:<Protocol:"TCP" Port:12345 >
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"kube-dns" namespace:"kube-system" type:"ClusterIP" cluster_ip:"172.31.0.10" ports:<Protocol:"UDP" Port:53 > ports:<Protocol:"TCP" Port:53 > ports:<Protocol:"TCP" Port:9153 >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 661: Skipping config value for HealthPort from datastore (global); already have a value from environment variable
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"calico-api" namespace:"calico-apiserver" type:"ClusterIP" cluster_ip:"172.31.237.101" ports:<Protocol:"TCP" Port:443 >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityScreen: Info (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"calico-kube-controllers-metrics" namespace:"calico-system" type:"ClusterIP" cluster_ip:"None" ports:<Protocol:"TCP" Port:9094 >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityScreen: INFO (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"calico-typha" namespace:"calico-system" type:"ClusterIP" cluster_ip:"172.31.219.128" ports:<Protocol:"TCP" Port:5473 >
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ServiceUpdate update from calculation graph msg=name:"kubernetes" namespace:"default" type:"ClusterIP" cluster_ip:"172.31.0.1" ports:<Protocol:"TCP" Port:443 >
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.VXLANTunnelEndpointUpdate update from calculation graph msg=node:"main-k8s-regular-1" mac:"66:28:90:52:62:96" ipv4_addr:"192.168.145.0" parent_device_ip:"10.140.20.91"
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 658: Parsed value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_TUNNEL ip_pool_type:VXLAN dst:"192.168.168.0/32" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162" nat_outgoing:true tunnel_type:<vxlan:true >
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD ip_pool_type:VXLAN dst:"192.168.40.0/26" dst_node_name:"main-k8s-master-1" dst_node_ip:"10.140.20.110" nat_outgoing:true
2024-05-10 21:47:38.814 [INFO][62] felix/config_params.go 622: Parsing value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL ip_pool_type:VXLAN dst:"192.168.40.0/32" dst_node_name:"main-k8s-master-1" dst_node_ip:"10.140.20.110" nat_outgoing:true tunnel_type:<vxlan:true >
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_WORKLOAD ip_pool_type:VXLAN dst:"192.168.168.0/26" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162" nat_outgoing:true
2024-05-10 21:47:38.814 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL ip_pool_type:VXLAN dst:"192.168.145.0/32" dst_node_name:"main-k8s-regular-1" dst_node_ip:"10.140.20.91" nat_outgoing:true tunnel_type:<vxlan:true >
2024-05-10 21:47:38.815 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD ip_pool_type:VXLAN dst:"192.168.149.128/26" dst_node_name:"main-k8s-master-3" dst_node_ip:"10.140.20.86" nat_outgoing:true
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 658: Parsed value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 622: Parsing value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 658: Parsed value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 622: Parsing value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 658: Parsed value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 622: Parsing value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 658: Parsed value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 622: Parsing value for ReportingIntervalSecs: 0 (from datastore (global))
2024-05-10 21:47:38.815 [INFO][62] felix/config_params.go 658: Parsed value for ReportingIntervalSecs: 0s (from datastore (global))
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 622: Parsing value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 658: Parsed value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 491: Merging in config from datastore (per-host): map[IPv4VXLANTunnelAddr:192.168.168.0]
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.815 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=ip_pool_type:VXLAN dst:"192.168.0.0/16" nat_outgoing:true
2024-05-10 21:47:38.816 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.crt"
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCertFile: /node-certs/tls.crt (from environment variable)
2024-05-10 21:47:38.816 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_WORKLOAD ip_pool_type:VXLAN dst:"192.168.145.0/26" dst_node_name:"main-k8s-regular-1" dst_node_ip:"10.140.20.91" nat_outgoing:true
2024-05-10 21:47:38.816 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:REMOTE_TUNNEL ip_pool_type:VXLAN dst:"192.168.149.128/32" dst_node_name:"main-k8s-master-3" dst_node_ip:"10.140.20.86" nat_outgoing:true tunnel_type:<vxlan:true >
2024-05-10 21:47:38.817 [INFO][62] felix/int_dataplane.go 1954: Received *proto.HostMetadataUpdate update from calculation graph msg=hostname:"main-k8s-regular-1" ipv4_addr:"10.140.20.91"
2024-05-10 21:47:38.816 [INFO][62] felix/config_params.go 622: Parsing value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.817 [INFO][62] felix/int_dataplane.go 1954: Received *proto.IPAMPoolUpdate update from calculation graph msg=id:"192.168.0.0-16" pool:<cidr:"192.168.0.0/16" masquerade:true vxlan_mode:"always" >
2024-05-10 21:47:38.817 [INFO][62] felix/config_params.go 658: Parsed value for FelixHostname: main-k8s-master-2 (from environment variable)
2024-05-10 21:47:38.817 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.817 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCN: typha-server (from environment variable)
2024-05-10 21:47:38.817 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sNamespace: calico-system (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 622: Parsing value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for Ipv6Support: false (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 622: Parsing value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for DefaultEndpointToHostAction: ACCEPT (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 622: Parsing value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for TyphaK8sServiceName: calico-typha (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 622: Parsing value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/param_types.go 312: Looking for required file path="/etc/pki/tls/certs/tigera-ca-bundle.crt"
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for TyphaCAFile: /etc/pki/tls/certs/tigera-ca-bundle.crt (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 622: Parsing value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.818 [INFO][62] felix/config_params.go 658: Parsed value for DatastoreType: kubernetes (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 658: Parsed value for HealthEnabled: true (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/param_types.go 312: Looking for required file path="/node-certs/tls.key"
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 658: Parsed value for TyphaKeyFile: /node-certs/tls.key (from environment variable)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for MetadataAddr: None (from config file)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 658: Parsed value for MetadataAddr:  (from config file)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for LogFilePath: None (from config file)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 658: Parsed value for LogFilePath:  (from config file)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityFile: None (from config file)
2024-05-10 21:47:38.819 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityFile:  (from config file)
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 622: Parsing value for LogSeveritySys: None (from config file)
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 639: Value set to 'none', replacing with zero-value: "".
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 658: Parsed value for LogSeveritySys:  (from config file)
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 622: Parsing value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 658: Parsed value for IPv4VXLANTunnelAddr: 192.168.168.0 (from datastore (per-host))
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 622: Parsing value for ReportingIntervalSecs: 0 (from datastore (global))
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 658: Parsed value for ReportingIntervalSecs: 0s (from datastore (global))
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 622: Parsing value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.820 [INFO][62] felix/config_params.go 658: Parsed value for ClusterGUID: a67d29bc359f4aa2a450000b755000d7 (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for FloatingIPs: Disabled (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for VXLANVNI: 4096 (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for ClusterType: typha,kdd,k8s,operator,kubeadm (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for BPFConnectTimeLoadBalancing: TCP (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for CalicoVersion: v3.27.3 (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 622: Parsing value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.821 [INFO][62] felix/config_params.go 658: Parsed value for BPFHostNetworkedNATWithoutCTLB: Enabled (from datastore (global))
2024-05-10 21:47:38.822 [INFO][62] felix/config_params.go 622: Parsing value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.822 [INFO][62] felix/config_params.go 658: Parsed value for HealthPort: 9099 (from datastore (global))
2024-05-10 21:47:38.822 [INFO][62] felix/config_params.go 661: Skipping config value for HealthPort from datastore (global); already have a value from environment variable
2024-05-10 21:47:38.822 [INFO][62] felix/config_params.go 622: Parsing value for LogSeverityScreen: Info (from datastore (global))
2024-05-10 21:47:38.822 [INFO][62] felix/config_params.go 658: Parsed value for LogSeverityScreen: INFO (from datastore (global))
2024-05-10 21:47:38.822 [INFO][62] felix/async_calc_graph.go 221: First flush after becoming in sync, sending InSync message.
2024-05-10 21:47:38.822 [INFO][62] felix/daemon.go 1198: Datastore now in sync.
2024-05-10 21:47:38.822 [INFO][62] felix/int_dataplane.go 1954: Received *proto.Encapsulation update from calculation graph msg=vxlan_enabled:true
2024-05-10 21:47:38.823 [INFO][62] felix/daemon.go 1200: Datastore in sync for first time, sending message to status reporter.
2024-05-10 21:47:38.823 [INFO][62] felix/int_dataplane.go 1954: Received *proto.InSync update from calculation graph msg=
2024-05-10 21:47:38.823 [INFO][62] felix/int_dataplane.go 1963: Datastore in sync, flushing the dataplane for the first time... timeSinceStart=358.356667ms
2024-05-10 21:47:38.823 [INFO][62] felix/ipsets.go 159: Queueing IP set for creation family="inet" setID="all-vxlan-net" setType="hash:net"
2024-05-10 21:47:38.823 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.823 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-host-endpoint" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-host-endpoint" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-host-endpoint" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-host-endpoint" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-hep-forward" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-hep-forward" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-host-endpoint" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.824 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-host-endpoint" ipVersion=0x4 table="mangle"
2024-05-10 21:47:38.825 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-rpf-skip" ipVersion=0x4 table="raw"
2024-05-10 21:47:38.825 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-fip-dnat" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.825 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-fip-snat" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.825 [INFO][62] felix/masq_mgr.go 145: IPAM pools updated, refreshing iptables rule ipVersion=0x4
2024-05-10 21:47:38.825 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-nat-outgoing" ipVersion=0x4 table="nat"
2024-05-10 21:47:38.825 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-cidr-block" ipVersion=0x4 table="filter"
2024-05-10 21:47:38.901 [INFO][62] felix/health.go 294: Reporter is not ready: reporting non-ready. name="InternalDataplaneMainLoop"
2024-05-10 21:47:38.901 [INFO][62] felix/health.go 336: Overall health status changed: live=true ready=false
+---------------------------+---------+----------------+---------------------+--------+
|         COMPONENT         | TIMEOUT |    LIVENESS    |      READINESS      | DETAIL |
+---------------------------+---------+----------------+---------------------+--------+
| CalculationGraph          | 30s     | reporting live | reporting ready     |        |
| FelixStartup              | -       | reporting live | reporting ready     |        |
| InternalDataplaneMainLoop | 1m30s   | reporting live | reporting non-ready |        |
+---------------------------+---------+----------------+---------------------+--------+
2024-05-10 21:47:38.922 [INFO][62] felix/wireguard.go 1705: Trying to connect to linkClient ipVersion=0x4
2024-05-10 21:47:38.925 [INFO][62] felix/route_rule.go 189: Trying to connect to netlink
2024-05-10 21:47:38.926 [INFO][62] felix/wireguard.go 636: Public key out of sync or updated ipVersion=0x4 ourPublicKey=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
2024-05-10 21:47:38.946 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=9 ifaceName="calico_tmp_B" state="down"
2024-05-10 21:47:38.947 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{} ifaceName="calico_tmp_B"
2024-05-10 21:47:38.951 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=10 ifaceName="calico_tmp_A" state="down"
2024-05-10 21:47:38.951 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{} ifaceName="calico_tmp_A"
2024-05-10 21:47:38.969 [INFO][62] felix/int_dataplane.go 1911: Completed first update to dataplane. secsSinceStart=0.504308139
2024-05-10 21:47:38.975 [INFO][62] felix/health.go 206: Health of component changed name="InternalDataplaneMainLoop" newReport="live,ready" oldReport="live,non-ready"
2024-05-10 21:47:38.976 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"calico_tmp_B", State:"down", Index:9}
2024-05-10 21:47:38.976 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_B", Addrs:set.Typed[string]{}}
2024-05-10 21:47:38.977 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_B", Addrs:set.Typed[string]{}}
2024-05-10 21:47:38.977 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"calico_tmp_A", State:"down", Index:10}
2024-05-10 21:47:38.977 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_A", Addrs:set.Typed[string]{}}
2024-05-10 21:47:38.977 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_A", Addrs:set.Typed[string]{}}
2024-05-10 21:47:38.977 [INFO][62] felix/int_dataplane.go 1921: Dataplane updates throttled
2024-05-10 21:47:38.981 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=10 ifaceName="calico_tmp_A" state=""
2024-05-10 21:47:38.981 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=<nil> ifaceName="calico_tmp_A"
2024-05-10 21:47:38.981 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=9 ifaceName="calico_tmp_B" state=""
2024-05-10 21:47:38.981 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=<nil> ifaceName="calico_tmp_B"
2024-05-10 21:47:38.982 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"calico_tmp_A", State:"", Index:10}
2024-05-10 21:47:38.982 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_A", Addrs:set.Set[string](nil)}
2024-05-10 21:47:38.982 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_A", Addrs:set.Set[string](nil)}
2024-05-10 21:47:38.982 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"calico_tmp_B", State:"", Index:9}
2024-05-10 21:47:38.982 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_B", Addrs:set.Set[string](nil)}
2024-05-10 21:47:38.982 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"calico_tmp_B", Addrs:set.Set[string](nil)}
2024-05-10 21:47:39.615 [INFO][62] felix/route_table.go 324: Calculated interface name regexp ifaceRegex="^ens3$" ipVersion=0x4 tableIndex=254
2024-05-10 21:47:39.616 [INFO][62] felix/vxlan_mgr.go 571: VXLAN tunnel device configured ipVersion=0x4
2024-05-10 21:47:39.692 [INFO][62] felix/vxlan_mgr.go 520: VXLAN Manager completed deferred work ipVersion=0x4
2024-05-10 21:47:43.966 [INFO][62] felix/int_dataplane.go 1888: Dataplane updates no longer throttled
2024-05-10 21:47:49.536 [INFO][62] felix/calc_graph.go 507: Local endpoint updated id=WorkloadEndpoint(node=main-k8s-master-2, orchestrator=k8s, workload=calico-system/csi-node-driver-rjbrg, name=eth0)
2024-05-10 21:47:49.538 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ActiveProfileUpdate update from calculation graph msg=id:<name:"kns.calico-system" > profile:<inbound_rules:<action:"allow" rule_id:"fw2fB0QZr1DPiXMg" > outbound_rules:<action:"allow" rule_id:"D66fMttEtc8Iyw4Z" > >
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pri-kns.calico-system" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pro-kns.calico-system" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pro-kns.calico-system" ipVersion=0x4 table="mangle"
2024-05-10 21:47:49.539 [INFO][62] felix/int_dataplane.go 1954: Received *proto.ActiveProfileUpdate update from calculation graph msg=id:<name:"ksa.calico-system.default" > profile:<>
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pri-_og73BH3DuNOZrbBKFW" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pro-_og73BH3DuNOZrbBKFW" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.539 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-pro-_og73BH3DuNOZrbBKFW" ipVersion=0x4 table="mangle"
2024-05-10 21:47:49.541 [INFO][62] felix/int_dataplane.go 1954: Received *proto.WorkloadEndpointUpdate update from calculation graph msg=id:<orchestrator_id:"k8s" workload_id:"calico-system/csi-node-driver-rjbrg" endpoint_id:"eth0" > endpoint:<state:"active" name:"cali96bfba0cfb9" profile_ids:"kns.calico-system" profile_ids:"ksa.calico-system.default" ipv4_nets:"192.168.168.2/32" >
2024-05-10 21:47:49.541 [INFO][62] felix/int_dataplane.go 1954: Received *proto.RouteUpdate update from calculation graph msg=type:LOCAL_WORKLOAD ip_pool_type:VXLAN dst:"192.168.168.2/32" dst_node_name:"main-k8s-master-2" dst_node_ip:"10.140.20.162" nat_outgoing:true local_workload:true
2024-05-10 21:47:49.541 [INFO][62] felix/endpoint_mgr.go 602: Updating per-endpoint chains. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-tw-cali96bfba0cfb9" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-pri-kns.calico-system" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-pri-_og73BH3DuNOZrbBKFW" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-fw-cali96bfba0cfb9" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-pro-kns.calico-system" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-pro-_og73BH3DuNOZrbBKFW" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/endpoint_mgr.go 648: Updating endpoint routes. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-from-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-fw-cali96bfba0cfb9" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 521: Queueing update of chain. chainName="cali-to-wl-dispatch" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/table.go 595: Chain became referenced, marking it for programming chainName="cali-tw-cali96bfba0cfb9" ipVersion=0x4 table="filter"
2024-05-10 21:47:49.542 [INFO][62] felix/endpoint_mgr.go 1283: Skipping configuration of interface because it is oper down. ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.542 [INFO][62] felix/endpoint_mgr.go 490: Re-evaluated workload endpoint status adminUp=true failed=false known=true operUp=false status="down" workloadEndpointID=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.542 [INFO][62] felix/status_combiner.go 58: Storing endpoint status update ipVersion=0x4 status="down" workload=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.578 [INFO][62] felix/status_combiner.go 78: Endpoint down for at least one IP version id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} ipVersion=0x4 status="down"
2024-05-10 21:47:49.578 [INFO][62] felix/status_combiner.go 98: Reporting combined status. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} status="down"
2024-05-10 21:47:49.611 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=11 ifaceName="cali96bfba0cfb9" state="down"
2024-05-10 21:47:49.611 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{} ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.611 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"cali96bfba0cfb9", State:"down", Index:11}
2024-05-10 21:47:49.611 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"cali96bfba0cfb9", Addrs:set.Typed[string]{}}
2024-05-10 21:47:49.611 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"cali96bfba0cfb9", Addrs:set.Typed[string]{}}
2024-05-10 21:47:49.611 [INFO][62] felix/endpoint_mgr.go 431: Workload interface state changed; marking for status update. ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.611 [INFO][62] felix/endpoint_mgr.go 490: Re-evaluated workload endpoint status adminUp=true failed=false known=true operUp=false status="down" workloadEndpointID=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.611 [INFO][62] felix/status_combiner.go 58: Storing endpoint status update ipVersion=0x4 status="down" workload=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.612 [INFO][62] felix/status_combiner.go 78: Endpoint down for at least one IP version id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} ipVersion=0x4 status="down"
2024-05-10 21:47:49.612 [INFO][62] felix/status_combiner.go 98: Reporting combined status. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} status="down"
2024-05-10 21:47:49.612 [INFO][62] felix/int_dataplane.go 1387: Linux interface state changed. ifIndex=11 ifaceName="cali96bfba0cfb9" state="up"
2024-05-10 21:47:49.612 [INFO][62] felix/int_dataplane.go 2011: Received interface update msg=&intdataplane.ifaceStateUpdate{Name:"cali96bfba0cfb9", State:"up", Index:11}
2024-05-10 21:47:49.612 [INFO][62] felix/endpoint_mgr.go 374: Workload interface came up, marking for reconfiguration. ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.612 [INFO][62] felix/endpoint_mgr.go 431: Workload interface state changed; marking for status update. ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.612 [INFO][62] felix/endpoint_mgr.go 1215: Applying /proc/sys configuration to interface. ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:49.612 [INFO][62] felix/endpoint_mgr.go 490: Re-evaluated workload endpoint status adminUp=true failed=false known=true operUp=true status="up" workloadEndpointID=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.612 [INFO][62] felix/status_combiner.go 58: Storing endpoint status update ipVersion=0x4 status="up" workload=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"}
2024-05-10 21:47:49.613 [INFO][62] felix/status_combiner.go 81: Endpoint up for at least one IP version id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} ipVersion=0x4 status="up"
2024-05-10 21:47:49.613 [INFO][62] felix/status_combiner.go 98: Reporting combined status. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"calico-system/csi-node-driver-rjbrg", EndpointId:"eth0"} status="up"
2024-05-10 21:47:51.075 [INFO][62] felix/iface_monitor.go 238: Netlink address update for known interface.  addr="fe80::ecee:eeff:feee:eeee" exists=true ifIndex=11
2024-05-10 21:47:51.076 [INFO][62] felix/int_dataplane.go 1431: Linux interface addrs changed. addrs=set.Set{fe80::ecee:eeff:feee:eeee} ifaceName="cali96bfba0cfb9"
2024-05-10 21:47:51.076 [INFO][62] felix/int_dataplane.go 2031: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"cali96bfba0cfb9", Addrs:set.Typed[string]{"fe80::ecee:eeff:feee:eeee":set.v{}}}
2024-05-10 21:47:51.076 [INFO][62] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"cali96bfba0cfb9", Addrs:set.Typed[string]{"fe80::ecee:eeff:feee:eeee":set.v{}}}
2024-05-10 21:48:05.085 [INFO][62] felix/health.go 336: Overall health status changed: live=true ready=true
+---------------------------+---------+----------------+-----------------+--------+
|         COMPONENT         | TIMEOUT |    LIVENESS    |    READINESS    | DETAIL |
+---------------------------+---------+----------------+-----------------+--------+
| CalculationGraph          | 30s     | reporting live | reporting ready |        |
| FelixStartup              | -       | reporting live | reporting ready |        |
| InternalDataplaneMainLoop | 1m30s   | reporting live | reporting ready |        |
+---------------------------+---------+----------------+-----------------+--------+
2024-05-10 21:48:41.743 [INFO][62] felix/summary.go 100: Summarising 29 dataplane reconciliation loops over 1m3.2s: avg=13ms longest=146ms (resync-filter-v4,resync-ipsets-v4,resync-mangle-v4,resync-nat-v4,resync-raw-v4,resync-routes-v4,resync-routes-v4,resync-routes-v4,resync-routes-v4,resync-rules-v4,update-filter-v4,update-mangle-v4,update-nat-v4,update-raw-v4)
2024-05-10 21:49:44.562 [INFO][62] felix/summary.go 100: Summarising 11 dataplane reconciliation loops over 1m2.8s: avg=8ms longest=11ms (resync-mangle-v4,resync-nat-v4)
2024-05-10 21:50:44.833 [INFO][62] felix/summary.go 100: Summarising 9 dataplane reconciliation loops over 1m0.3s: avg=9ms longest=17ms (resync-mangle-v4,resync-nat-v4)
2024-05-10 21:51:51.543 [INFO][62] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m6.7s: avg=7ms longest=10ms (resync-ipsets-v4)
2024-05-10 21:52:41.074 [INFO][62] felix/usagerep.go 115: Initial delay complete, doing first report
2024-05-10 21:52:41.074 [INFO][62] felix/usagerep.go 205: Reporting cluster usage/checking for deprecation warnings. alpEnabled=false calicoVersion="v3.27.3" clusterGUID="a67d29bc359f4aa2a450000b755000d7" clusterType="typha,kdd,k8s,operator,kubeadm" gitRevision="638464f946657417dd4900724112eb844ce5be03" kubernetesVersion="v1.29.4" stats=calc.StatsUpdate{NumHosts:4, NumWorkloadEndpoints:11, NumHostEndpoints:0, NumPolicies:1, NumProfiles:58, NumALPPolicies:0} version="v3.27.3"
2024-05-10 21:52:41.832 [INFO][62] felix/usagerep.go 117: First report done, starting ticker
2024-05-10 21:52:54.729 [INFO][62] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m3.2s: avg=8ms longest=14ms (resync-ipsets-v4)
2024-05-10 21:53:54.883 [INFO][62] felix/summary.go 100: Summarising 10 dataplane reconciliation loops over 1m0.2s: avg=8ms longest=14ms (resync-nat-v4,resync-raw-v4)
2024-05-10 21:54:58.854 [INFO][62] felix/summary.go 100: Summarising 7 dataplane reconciliation loops over 1m4s: avg=8ms longest=15ms (resync-ipsets-v4)
2024-05-10 21:55:58.978 [INFO][62] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m0.1s: avg=7ms longest=10ms (resync-ipsets-v4)
2024-05-10 21:57:01.269 [INFO][62] felix/summary.go 100: Summarising 10 dataplane reconciliation loops over 1m2.3s: avg=7ms longest=11ms (resync-filter-v4)
2024-05-10 21:58:06.080 [INFO][62] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m4.8s: avg=8ms longest=10ms ()
2024-05-10 21:59:09.382 [INFO][62] felix/summary.go 100: Summarising 11 dataplane reconciliation loops over 1m3.3s: avg=8ms longest=11ms ()
2024-05-10 22:00:12.047 [INFO][62] felix/summary.go 100: Summarising 7 dataplane reconciliation loops over 1m2.7s: avg=7ms longest=9ms (resync-ipsets-v4)

sqaisar avatar May 10 '24 22:05 sqaisar

I also have the same version v3.27.3 and encountered the same problem nc -uvz 10.10.0.2 53 is Connected, but dig timeout. It is normal if you use dig +tcp

AlanduzzZ avatar May 11 '24 06:05 AlanduzzZ

@AlanduzzZ
Exactly udp works but tcp doesn't.

ubuntu:~# nc -uvz 172.31.0.10 53
Connection to 172.31.0.10 53 port [udp/domain] succeeded!

Are you installing calico using the operator? What's your config and are you using dual stack? I am setting it up on openstack but I don't think it's related to openstack.

sqaisar avatar May 11 '24 07:05 sqaisar

I found something. If coredns pods runs on master nodes then no pod can communicate to it over tcp but if coredns runs on worker nodes then pods can connect with the coredns pods and able to resolve dns. I don't have any specific networkpolicy configured. Does anyone know what could be the issue? From the looks of it I'd say it's firewall issue on master node vm's but I've added allow all ingress tcp 0.0.0.0/0 and that doesn't work so it might be something else

sqaisar avatar May 12 '24 04:05 sqaisar

I seem to be having a similar issue. Going to try to add a node and see what happens, I believe I had all of this working earlier but I have gone from 4 nodes to 1 now.

mfreeman451 avatar May 12 '24 04:05 mfreeman451

Adding a node solved my problem..

mfreeman451 avatar May 12 '24 04:05 mfreeman451

Actually the pods running on same nodes where coredns is running is able to resolve dns. I've multiple worker nodes and If I run all coredns pods on any of the node e.g main-k8s-regular-1 and rum some other pod on same node then I'm able to resolve dns. but if the pod is running on some other node then it doesn't work. @mfreeman451 Can you see if you have similar problem? if not can you please share the firewall rules you have for the nodes?

sqaisar avatar May 12 '24 04:05 sqaisar

i dont have any firewall rules, pretty vanilla setup.. for me if I only have one node, I get pods that can't do dns/TLS verification.

mfreeman451 avatar May 12 '24 05:05 mfreeman451

@sqaisar My kubernetes version is 1.30.0, calico is not installed using the operator, and the calico-etcd.yaml file is used. I eventually downgraded the version of calico to 3.26.4 and coredns parsed everything fine

AlanduzzZ avatar May 15 '24 03:05 AlanduzzZ

Could one of you please help me out with some diags?

What I'd like to know is:

  1. Please let me know if a pod on one node can reach a pod on a different node using the destination pod's IP directly (no service).
  2. Please capture ip addr and ip route from the nodes containing your client pod and kube-dns, and record the IP addresses of both of those pods.
  3. Are you using NodeLocalDNSCache?
  4. Please run iptables -Z on the node with the client, then try a dig, and then capture iptables-save -c from the node with the client
  5. Could you try and find out whether the problem you're seeing is specific to first packets in a connection being dropped? I wonder whether this is why you get different results for TCP.

matthewdupre avatar Jun 04 '24 17:06 matthewdupre

@AlanduzzZ @sqaisar @mfreeman451 any new information on this issue that would help us to diagnose it?

tomastigera avatar Jul 30 '24 16:07 tomastigera

@sqaisar My kubernetes version is 1.30.0, calico is not installed using the operator, and the calico-etcd.yaml file is used. I eventually downgraded the version of calico to 3.26.4 and coredns parsed everything fine

same. kubernetes 1.21, ubuntu 18-22. migrated from flannel to calico 3.28.0, nslookup google.com 10.96.0.10 not working from host or pods in hostnetwork=true. downgrade to 3.26.4 solve the problem

dyvol777 avatar Jul 31 '24 16:07 dyvol777

I have the same problem, pods not able to resolve pods in same namespace. VMs (9) are RHEL9, k8s 1.30.4, calico 3.28.1. Using calico host firewall, no firewalld. CRI-O for runtime. Calico installed with manifest. hot fix does not work - restart coredns deployment. If i exec into an init container that is stuck with bad address output, nc gives bad address, nslookup of coredns - no route to host. To me it looks like the Pod network can not talk to the clusterip network.

j-rda avatar Aug 23 '24 04:08 j-rda

Glad more people are finally running into this..

mfreeman451 avatar Aug 23 '24 17:08 mfreeman451

For anyone saying that the problem on occurs when the pod is on a different node from coredns, please make sure you have allowed the necessary traffic in your security groups / cloud firewall rules for your method of installation: https://docs.tigera.io/calico/latest/getting-started/kubernetes/requirements#network-requirements

Another thing to check would be what encapsulation mode you are using.

caseydavenport avatar Aug 29 '24 21:08 caseydavenport

For anyone saying that the problem on occurs when the pod is on a different node from coredns, please make sure you have allowed the necessary traffic in your security groups / cloud firewall rules for your method of installation: https://docs.tigera.io/calico/latest/getting-started/kubernetes/requirements#network-requirements

Another thing to check would be what encapsulation mode you are using.

For me, these problems were occuring in a private k8s/on-prem setting, so no cloud controller involved (k3s).

mfreeman451 avatar Aug 30 '24 01:08 mfreeman451

@mfreeman451 it's still possible that an on-premise network could have a firewall or similar device in place that is preventing the necessary traffic, though if you're confident that isn't the case in your situation the next step is trace the packets to determine where they are getting dropped. tcpdump and iptables-save are the go-to tools here, checking both on the source and destination node to look for packets leaving / entering and on which interfaces, and also checking iptables-save -c for DROP rules with incrementing packet counters.

caseydavenport avatar Sep 06 '24 15:09 caseydavenport

Facing the same problem here, on-prem setup, no firewalls involved, all nodes can reach out any svc just fine, but not coredns on .10 ip calico 3.28.0, kube 1.30.3

Cilium works fine. Both set as ebpf without kube-proxy

kotyara85 avatar Oct 04 '24 07:10 kotyara85

Facing the same problem here, on-prem setup, no firewalls involved, all nodes can reach out any svc just fine, but not coredns on .10 ip calico 3.28.0, kube 1.30.3

Cilium works fine. Both set as ebpf without kube-proxy

What version of Linux? Are you using NetworkManager?

mfreeman451 avatar Oct 04 '24 12:10 mfreeman451

Facing the same problem here, on-prem setup, no firewalls involved, all nodes can reach out any svc just fine, but not coredns on .10 ip calico 3.28.0, kube 1.30.3 Cilium works fine. Both set as ebpf without kube-proxy

What version of Linux? Are you using NetworkManager?

Centos9, yes network manager.

I did add this config to it already to exclude calico interfaces management /etc/NetworkManager/conf.d/calico.conf

kotyara85 avatar Oct 04 '24 15:10 kotyara85

We ran into a similar issue when we tested Calico. Only difference in our setup is that we run IPv6 Single-Stack. DNS was not working, but the underlying issue was deeper and general pod-to-pod traffic was not working between pods on different nodes.

Config looked as follows:

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  annotations:
    meta.helm.sh/release-name: calico
    meta.helm.sh/release-namespace: tigera-operator
  creationTimestamp: "2024-10-18T07:58:09Z"
  finalizers:
  - operator.tigera.io/installation-controller
  - tigera.io/operator-cleanup
  - operator.tigera.io/apiserver-controller
  generation: 3
  labels:
    app.kubernetes.io/managed-by: Helm
    helm.toolkit.fluxcd.io/name: test-cluster-addons-calico
    helm.toolkit.fluxcd.io/namespace: provider
  name: default
  resourceVersion: "2351712"
  uid: 93644abd-7176-43ea-9c86-ee3b103b86b3
spec:
  calicoNetwork:
    bgp: Disabled
    hostPorts: Enabled
    ipPools:
    - allowedUses:
      - Workload
      - Tunnel
      blockSize: 122
      cidr: fd80:cafe::/104
      disableBGPExport: true
      encapsulation: VXLANCrossSubnet
      name: default-ipv6-ippool
      natOutgoing: Enabled
      nodeSelector: all()
    linuxDataplane: BPF
    multiInterfaceMode: None
    nodeAddressAutodetectionV4: {}
    nodeAddressAutodetectionV6:
      kubernetes: NodeInternalIP
    windowsDataplane: Disabled
  cni:
    ipam:
      type: Calico
    type: Calico
  controlPlaneReplicas: 2
  flexVolumePath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/
  imagePullSecrets: []
  kubeletVolumePluginPath: /var/lib/kubelet
  kubernetesProvider: ""
  logging:
    cni:
      logFileMaxAgeDays: 30
      logFileMaxCount: 10
      logFileMaxSize: 100Mi
      logSeverity: Debug
  nodeUpdateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  nonPrivileged: Disabled
  variant: Calico
---
apiVersion: projectcalico.org/v3
kind: FelixConfiguration
metadata:
  annotations:
    operator.tigera.io/bpfEnabled: "true"
  creationTimestamp: "2024-10-18T07:58:14Z"
  generation: 1
  name: default
  resourceVersion: "2351439"
  uid: 7d7bcc1d-ec32-4f17-9099-8b55d64a4dd2
spec:
  bpfConnectTimeLoadBalancing: TCP
  bpfEnabled: true
  bpfHostNetworkedNATWithoutCTLB: Enabled
  bpfLogLevel: ""
  floatingIPs: Disabled
  healthPort: 9099
  logSeverityScreen: Info
  reportingInterval: 0s
  vxlanVNI: 4096

The root cause in our setup seems to be that the VXLAN device is not used as routes are incorrectly set by Calico:

# ip -6 r
2001:db8::1 dev bpfin.cali metric 1024 pref medium
fd01:cafe::/64 dev eth0 proto ra metric 1024 mtu 65520 hoplimit 255 pref medium
fd80:cafe::5f:4281 dev cali3b862d89810 metric 1024 pref medium
fd80:cafe::5f:4282 dev cali9d386f561d2 metric 1024 pref medium
fd80:cafe::5f:4283 dev cali856dc622126 metric 1024 pref medium
blackhole fd80:cafe::5f:4280/122 dev lo proto 80 metric 1024 pref medium
fd80:cafe::a8:4d00/122 via fd01:cafe::f14c:9fa1:8496:5550 dev eth0 proto 80 metric 1024 onlink pref medium
fd85:cafe::a via 2001:db8::1 dev bpfin.cali src fd01:cafe::4aab:d761:d808:996 metric 1024 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev cali3b862d89810 proto kernel metric 256 pref medium
fe80::/64 dev cali9d386f561d2 proto kernel metric 256 pref medium
fe80::/64 dev bpfout.cali proto kernel metric 256 pref medium
fe80::/64 dev bpfin.cali proto kernel metric 256 pref medium
fe80::/64 dev cali856dc622126 proto kernel metric 256 pref medium
default dev eth0 proto static metric 1000 pref medium
default via fe80::ecee:eeff:feee:eeee dev eth0 proto ra metric 1024 expires 65136sec mtu 65520 hoplimit 255 pref medium

We were expecting fd80:cafe::a8:4d00/122 via fd01:cafe::f14c:9fa1:8496:5550 dev eth0 proto 80 metric 1024 onlink pref medium to go through the vxlan interface and not be directly routed to the second node (fd01...).

@matthewdupre Hopefully that helps. We are currently working around this issue by using flannel, but would prefer calico.

trevex avatar Oct 18 '24 08:10 trevex

Here, just as an example, how the routes to the other nodes look like with flannel, where it is working flawlessly:

fd80:cafe::a00/120 via fd80:cafe::a00 dev flannel-v6.1 metric 1024 onlink pref medium

Not only does the route created by flannel use the vxlan device flannel-v6.1, but it also uses the IP address of the vxlan interface of the other node as the gateway. Calico uses eth0 as the device and also the IP address of eth0 on the other side as the gateway, which might lead to these connectivity problems.

@AlanduzzZ @sqaisar @mfreeman451: Maybe you have spotted something similar in your setups?

nitrocb avatar Oct 18 '24 13:10 nitrocb

On Version : v3.28.2 Same issue worker node pods cannot do a DNS Resolution but can reach the service through their IP , if i run the pods on control plane and its works ...

manibalajic avatar Oct 28 '24 12:10 manibalajic

Here, just as an example, how the routes to the other nodes look like with flannel, where it is working flawlessly:

fd80:cafe::a00/120 via fd80:cafe::a00 dev flannel-v6.1 metric 1024 onlink pref medium

Not only does the route created by flannel use the vxlan device flannel-v6.1, but it also uses the IP address of the vxlan interface of the other node as the gateway. Calico uses eth0 as the device and also the IP address of eth0 on the other side as the gateway, which might lead to these connectivity problems.

@AlanduzzZ @sqaisar @mfreeman451: Maybe you have spotted something similar in your setups?

@nitrocb @trevex This seems to be incorrect and I would like to track this vxlan v6 issue independently as it may not be related to the original issue. Follow https://github.com/projectcalico/calico/issues/9403 for updates

tomastigera avatar Oct 28 '24 17:10 tomastigera