{"id":40567,"date":"2023-09-29T02:22:31","date_gmt":"2023-09-29T02:22:31","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=40567"},"modified":"2025-01-23T12:45:12","modified_gmt":"2025-01-23T12:45:12","slug":"troubleshooting-kubernetes-networking-with-calico","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/troubleshooting-kubernetes-networking-with-calico\/","title":{"rendered":"Troubleshooting Kubernetes Networking with Tigera Calico"},"content":{"rendered":"\n

Tigera Calico Troubleshooting and diagnostics<\/a><\/p>\n\n\n\n

Tigera Calico Component logs<\/a><\/p>\n\n\n\n

\n\n\n
#!\/bin\/bash<\/span>\r\n\r\nif<\/span> [[ \"$1\"<\/span> != \"diags\"<\/span> ]]\r\nthen\r\n    echo<\/span> \"Unsupported command: $1\"<\/span>\r\n    exit<\/span> 1<\/span>\r\nfi\r\nshift 1<\/span>\r\n\r\nSINCE=0<\/span>s  # Only return logs newer than relative duration such as 5s, 2m, or 3h. Defaults to all logs.<\/span>\r\n\r\n# Parse optional flag(s):<\/span>\r\n#   --since=relative_duration (e.g. 10s, 5m)<\/span>\r\n\r\nwhile<\/span> (( \"$#\"<\/span> )); do<\/span>\r\n  case<\/span> \"$1\"<\/span> in\r\n    --since=*)\r\n      str=$1<\/span>\r\n      SINCE=\"${str#*=}\"<\/span>    # grab everything after '='<\/span>\r\n      shift 1<\/span>\r\n\r\n      if<\/span> [[ ! $SINCE =~ ^[0<\/span>-9<\/span>]+[smh]$ ]]; then\r\n          echo<\/span> \"invalid relative duration, try 10s, 5m, or 1h\"<\/span>\r\n          exit<\/span> 1<\/span>\r\n      fi\r\n      ;;\r\n    -*|--*=) # unsupported flags<\/span>\r\n      echo<\/span> \"Error: Unsupported flag $1\"<\/span> >&2<\/span>\r\n      exit<\/span> 1<\/span>\r\n      ;;\r\n    *) # unsupported argument<\/span>\r\n      echo<\/span> \"Error: Unsupported argument $1\"<\/span> >&2<\/span>\r\n      exit<\/span> 1<\/span>\r\n      ;;\r\n  esac\r\ndone\r\n\r\n# Check pre-requisites, like a functioning kubectl.<\/span>\r\nif<\/span> [ \"$(which kubectl)\"<\/span> == \"\"<\/span> ]; then echo<\/span> \"Unable to locate kubectl in PATH\"<\/span>; fi\r\nkubectl get ns 2<\/span>>&1<\/span>>\/dev\/null<\/span> || if<\/span> [[ $? != 0<\/span> ]]; then echo<\/span> \"kubectl does not appear to be functioning\"<\/span>; exit<\/span> 1<\/span>; fi\r\n\r\n# Make a tmp dir.<\/span>\r\nset -e\r\nmtmp=$(mktemp -d)\r\nmkdir ${mtmp}\/calico-diagnostics\r\ntmp=${mtmp}\/calico-diagnostics\r\nset +e\r\n\r\n\r\necho<\/span> \"==== Begin collecting diagnostics. ====\"<\/span>\r\n\r\n# Get some basic cluster state.<\/span>\r\necho<\/span> \"Collecting basic cluster state...\"<\/span>\r\nkubectl get ns > ${tmp}\/namespaces.txt\r\nkubectl get all -n calico-system -o wide > ${tmp}\/calico-system.txt\r\nkubectl get all -n tigera-operator -o wide > ${tmp}\/tigera-operator.txt\r\n\r\nmkdir ${tmp}\/operator.tigera.io\r\nkubectl get installations -o yaml > ${tmp}\/operator.tigera.io\/installations.yaml\r\nkubectl get apiservers -o yaml > ${tmp}\/operator.tigera.io\/apiservers.yaml\r\nkubectl get compliances -o yaml > ${tmp}\/operator.tigera.io\/compliances.yaml\r\nkubectl get intrusiondetections -o yaml > ${tmp}\/operator.tigera.io\/intrusiondetections.yaml\r\nkubectl get managers -o yaml > ${tmp}\/operator.tigera.io\/managers.yaml\r\nkubectl get logcollectors -o yaml > ${tmp}\/operator.tigera.io\/logcollectors.yaml\r\nkubectl get logstorages -o yaml > ${tmp}\/operator.tigera.io\/logstorages.yaml\r\nkubectl get managementclusterconnections -o yaml > ${tmp}\/operator.tigera.io\/managementclusterconnections.yaml\r\n\r\n# Get tigera status.<\/span>\r\necho<\/span> \"Collecting TigeraStatus details...\"<\/span>\r\nkubectl get tigerastatus > ${tmp}\/tigerastatus.txt\r\nkubectl get tigerastatus -o yaml > ${tmp}\/tigerastatus-yaml.txt\r\n\r\n# Get nodes.<\/span>\r\necho<\/span> \"Collecting Node details...\"<\/span>\r\nkubectl get nodes -o wide > ${tmp}\/nodes.txt\r\nkubectl get nodes -o yaml > ${tmp}\/nodes-yaml.txt\r\n\r\n# Get IPAM information.<\/span>\r\necho<\/span> \"Collecting IPAM diagnostics...\"<\/span>\r\nmkdir -p ${tmp}\/ipam\r\nkubectl get ipamblocks -o yaml > ${tmp}\/ipam\/ipamblocks.txt\r\nkubectl get blockaffinities -o yaml > ${tmp}\/ipam\/blockaffinities.txt\r\nkubectl get ipamhandles -o yaml > ${tmp}\/ipam\/ipamhandles.txt\r\n\r\n# Get operator logs. <\/span>\r\necho<\/span> \"Collecting tigera-operator logs...\"<\/span>\r\nkubectl logs --since=$SINCE -n tigera-operator -l k8s-app=tigera-operator > ${tmp}\/tigera-operator.logs\r\n\r\n# Get typha logs.<\/span>\r\necho<\/span> \"Collecting calico\/typha logs...\"<\/span>\r\nmkdir -p ${tmp}\/typhas\r\nfor<\/span> typha in $(kubectl get pods -n calico-system -l k8s-app=calico-typha -o go-template --template=\"{{range .items}}{{.metadata.name}} {{end}}\"<\/span>); do<\/span>\r\n\tkubectl logs --since=$SINCE -n calico-system $typha > ${tmp}\/typhas\/${typha}.log\r\ndone\r\n\r\n# Get per-node logs and network information.<\/span>\r\nmkdir -p ${tmp}\/nodes\r\nfor<\/span> node in $(kubectl get pods -n calico-system -l k8s-app=calico-node -o go-template --template=\"{{range .items}}{{.metadata.name}} {{end}}\"<\/span>); do<\/span>\r\n\techo<\/span> \"Collecting logs for node: $node\"<\/span>\r\n\tmkdir -p ${tmp}\/nodes\/${node}\r\n\tkubectl logs --since=$SINCE -n calico-system $node > ${tmp}\/nodes\/${node}\/${node}.log\r\n\tkubectl exec -n calico-system -t $node -- iptables-save -c > ${tmp}\/nodes\/${node}\/iptables-save.txt\r\n\tkubectl exec -n calico-system -t $node -- ip route > ${tmp}\/nodes\/${node}\/iproute.txt\r\ndone\r\n\r\n# Tar it all up for easy sharing.<\/span>\r\necho<\/span> \"\"<\/span>\r\necho<\/span> \"==== Producing a diagnostics bundle. ====\"<\/span>\r\nrm -f calico-diagnostics.tar.gz\r\ntar cfz ${mtmp}\/calico-diagnostics.tar.gz -C ${mtmp} calico-diagnostics\r\necho<\/span> \"\"<\/span>\r\necho<\/span> \"Diagnostic bundle produced at ${mtmp}\/calico-diagnostics.tar.gz\"<\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
\n\n\n\n