Created
December 13, 2021 14:52
-
-
Save inductor/3c5ae4fb6de0be6212c7808c1f2e11cd to your computer and use it in GitHub Desktop.
cilium-installation.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Found 6 pods, using pod/cilium-4c44d | |
| level=info msg="Started gops server" address="127.0.0.1:9890" subsys=daemon | |
| level=info msg="Memory available for map entries (0.003% of 16791707648B): 41979269B" subsys=config | |
| level=info msg="option bpf-ct-global-tcp-max set by dynamic sizing to 147295" subsys=config | |
| level=info msg="option bpf-ct-global-any-max set by dynamic sizing to 73647" subsys=config | |
| level=info msg="option bpf-nat-global-max set by dynamic sizing to 147295" subsys=config | |
| level=info msg="option bpf-neigh-global-max set by dynamic sizing to 147295" subsys=config | |
| level=info msg="option bpf-sock-rev-map-max set by dynamic sizing to 73647" subsys=config | |
| level=info msg=" --agent-health-port='9876'" subsys=daemon | |
| level=info msg=" --agent-labels=''" subsys=daemon | |
| level=info msg=" --allocator-list-timeout='3m0s'" subsys=daemon | |
| level=info msg=" --allow-icmp-frag-needed='true'" subsys=daemon | |
| level=info msg=" --allow-localhost='auto'" subsys=daemon | |
| level=info msg=" --annotate-k8s-node='true'" subsys=daemon | |
| level=info msg=" --api-rate-limit='map[]'" subsys=daemon | |
| level=info msg=" --arping-refresh-period='30s'" subsys=daemon | |
| level=info msg=" --auto-create-cilium-node-resource='true'" subsys=daemon | |
| level=info msg=" --auto-direct-node-routes='false'" subsys=daemon | |
| level=info msg=" --bgp-announce-lb-ip='false'" subsys=daemon | |
| level=info msg=" --bgp-announce-pod-cidr='false'" subsys=daemon | |
| level=info msg=" --bgp-config-path='/var/lib/cilium/bgp/config.yaml'" subsys=daemon | |
| level=info msg=" --bpf-ct-global-any-max='262144'" subsys=daemon | |
| level=info msg=" --bpf-ct-global-tcp-max='524288'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-regular-tcp='6h0m0s'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-service-any='1m0s'" subsys=daemon | |
| level=info msg=" --bpf-ct-timeout-service-tcp='6h0m0s'" subsys=daemon | |
| level=info msg=" --bpf-fragments-map-max='8192'" subsys=daemon | |
| level=info msg=" --bpf-lb-acceleration='disabled'" subsys=daemon | |
| level=info msg=" --bpf-lb-algorithm='random'" subsys=daemon | |
| level=info msg=" --bpf-lb-bypass-fib-lookup='false'" subsys=daemon | |
| level=info msg=" --bpf-lb-dev-ip-addr-inherit=''" subsys=daemon | |
| level=info msg=" --bpf-lb-dsr-dispatch='opt'" subsys=daemon | |
| level=info msg=" --bpf-lb-dsr-l4-xlate='frontend'" subsys=daemon | |
| level=info msg=" --bpf-lb-external-clusterip='false'" subsys=daemon | |
| level=info msg=" --bpf-lb-maglev-hash-seed='JLfvgnHc2kaSUFaI'" subsys=daemon | |
| level=info msg=" --bpf-lb-maglev-table-size='16381'" subsys=daemon | |
| level=info msg=" --bpf-lb-map-max='65536'" subsys=daemon | |
| level=info msg=" --bpf-lb-mode='snat'" subsys=daemon | |
| level=info msg=" --bpf-lb-rss-ipv4-src-cidr=''" subsys=daemon | |
| level=info msg=" --bpf-lb-rss-ipv6-src-cidr=''" subsys=daemon | |
| level=info msg=" --bpf-lb-sock-hostns-only='false'" subsys=daemon | |
| level=info msg=" --bpf-map-dynamic-size-ratio='0.0025'" subsys=daemon | |
| level=info msg=" --bpf-nat-global-max='524288'" subsys=daemon | |
| level=info msg=" --bpf-neigh-global-max='524288'" subsys=daemon | |
| level=info msg=" --bpf-policy-map-max='16384'" subsys=daemon | |
| level=info msg=" --bpf-root=''" subsys=daemon | |
| level=info msg=" --bpf-sock-rev-map-max='262144'" subsys=daemon | |
| level=info msg=" --bypass-ip-availability-upon-restore='false'" subsys=daemon | |
| level=info msg=" --certificates-directory='/var/run/cilium/certs'" subsys=daemon | |
| level=info msg=" --cflags=''" subsys=daemon | |
| level=info msg=" --cgroup-root=''" subsys=daemon | |
| level=info msg=" --cluster-health-port='4240'" subsys=daemon | |
| level=info msg=" --cluster-id=''" subsys=daemon | |
| level=info msg=" --cluster-name='kubernetes'" subsys=daemon | |
| level=info msg=" --clustermesh-config='/var/lib/cilium/clustermesh/'" subsys=daemon | |
| level=info msg=" --cmdref=''" subsys=daemon | |
| level=info msg=" --config=''" subsys=daemon | |
| level=info msg=" --config-dir='/tmp/cilium/config-map'" subsys=daemon | |
| level=info msg=" --conntrack-gc-interval='0s'" subsys=daemon | |
| level=info msg=" --crd-wait-timeout='5m0s'" subsys=daemon | |
| level=info msg=" --datapath-mode='veth'" subsys=daemon | |
| level=info msg=" --debug='false'" subsys=daemon | |
| level=info msg=" --debug-verbose=''" subsys=daemon | |
| level=info msg=" --derive-masquerade-ip-addr-from-device=''" subsys=daemon | |
| level=info msg=" --devices=''" subsys=daemon | |
| level=info msg=" --direct-routing-device=''" subsys=daemon | |
| level=info msg=" --disable-cnp-status-updates='true'" subsys=daemon | |
| level=info msg=" --disable-conntrack='false'" subsys=daemon | |
| level=info msg=" --disable-endpoint-crd='false'" subsys=daemon | |
| level=info msg=" --disable-envoy-version-check='false'" subsys=daemon | |
| level=info msg=" --disable-iptables-feeder-rules=''" subsys=daemon | |
| level=info msg=" --dns-max-ips-per-restored-rule='1000'" subsys=daemon | |
| level=info msg=" --egress-masquerade-interfaces=''" subsys=daemon | |
| level=info msg=" --egress-multi-home-ip-rule-compat='false'" subsys=daemon | |
| level=info msg=" --enable-auto-protect-node-port-range='true'" subsys=daemon | |
| level=info msg=" --enable-bandwidth-manager='false'" subsys=daemon | |
| level=info msg=" --enable-bpf-clock-probe='true'" subsys=daemon | |
| level=info msg=" --enable-bpf-masquerade='true'" subsys=daemon | |
| level=info msg=" --enable-bpf-tproxy='false'" subsys=daemon | |
| level=info msg=" --enable-cilium-endpoint-slice='false'" subsys=daemon | |
| level=info msg=" --enable-custom-calls='false'" subsys=daemon | |
| level=info msg=" --enable-endpoint-health-checking='true'" subsys=daemon | |
| level=info msg=" --enable-endpoint-routes='false'" subsys=daemon | |
| level=info msg=" --enable-envoy-config='true'" subsys=daemon | |
| level=info msg=" --enable-external-ips='true'" subsys=daemon | |
| level=info msg=" --enable-health-check-nodeport='true'" subsys=daemon | |
| level=info msg=" --enable-health-checking='true'" subsys=daemon | |
| level=info msg=" --enable-host-firewall='false'" subsys=daemon | |
| level=info msg=" --enable-host-legacy-routing='false'" subsys=daemon | |
| level=info msg=" --enable-host-port='true'" subsys=daemon | |
| level=info msg=" --enable-host-reachable-services='false'" subsys=daemon | |
| level=info msg=" --enable-hubble='false'" subsys=daemon | |
| level=info msg=" --enable-hubble-recorder-api='true'" subsys=daemon | |
| level=info msg=" --enable-icmp-rules='false'" subsys=daemon | |
| level=info msg=" --enable-identity-mark='true'" subsys=daemon | |
| level=info msg=" --enable-ip-masq-agent='false'" subsys=daemon | |
| level=info msg=" --enable-ipsec='false'" subsys=daemon | |
| level=info msg=" --enable-ipv4='true'" subsys=daemon | |
| level=info msg=" --enable-ipv4-egress-gateway='false'" subsys=daemon | |
| level=info msg=" --enable-ipv4-fragment-tracking='true'" subsys=daemon | |
| level=info msg=" --enable-ipv4-masquerade='true'" subsys=daemon | |
| level=info msg=" --enable-ipv6='false'" subsys=daemon | |
| level=info msg=" --enable-ipv6-masquerade='true'" subsys=daemon | |
| level=info msg=" --enable-ipv6-ndp='false'" subsys=daemon | |
| level=info msg=" --enable-k8s-api-discovery='false'" subsys=daemon | |
| level=info msg=" --enable-k8s-endpoint-slice='true'" subsys=daemon | |
| level=info msg=" --enable-k8s-event-handover='false'" subsys=daemon | |
| level=info msg=" --enable-k8s-terminating-endpoint='true'" subsys=daemon | |
| level=info msg=" --enable-l2-neigh-discovery='true'" subsys=daemon | |
| level=info msg=" --enable-l7-proxy='true'" subsys=daemon | |
| level=info msg=" --enable-local-node-route='true'" subsys=daemon | |
| level=info msg=" --enable-local-redirect-policy='false'" subsys=daemon | |
| level=info msg=" --enable-mke='false'" subsys=daemon | |
| level=info msg=" --enable-monitor='true'" subsys=daemon | |
| level=info msg=" --enable-node-port='false'" subsys=daemon | |
| level=info msg=" --enable-policy='default'" subsys=daemon | |
| level=info msg=" --enable-recorder='false'" subsys=daemon | |
| level=info msg=" --enable-remote-node-identity='true'" subsys=daemon | |
| level=info msg=" --enable-selective-regeneration='true'" subsys=daemon | |
| level=info msg=" --enable-service-topology='false'" subsys=daemon | |
| level=info msg=" --enable-session-affinity='true'" subsys=daemon | |
| level=info msg=" --enable-svc-source-range-check='true'" subsys=daemon | |
| level=info msg=" --enable-tracing='false'" subsys=daemon | |
| level=info msg=" --enable-well-known-identities='false'" subsys=daemon | |
| level=info msg=" --enable-wireguard='false'" subsys=daemon | |
| level=info msg=" --enable-wireguard-userspace-fallback='false'" subsys=daemon | |
| level=info msg=" --enable-xdp-prefilter='false'" subsys=daemon | |
| level=info msg=" --enable-xt-socket-fallback='true'" subsys=daemon | |
| level=info msg=" --encrypt-interface=''" subsys=daemon | |
| level=info msg=" --encrypt-node='false'" subsys=daemon | |
| level=info msg=" --endpoint-gc-interval='5m0s'" subsys=daemon | |
| level=info msg=" --endpoint-interface-name-prefix='lxc+'" subsys=daemon | |
| level=info msg=" --endpoint-queue-size='25'" subsys=daemon | |
| level=info msg=" --endpoint-status=''" subsys=daemon | |
| level=info msg=" --envoy-config-timeout='2m0s'" subsys=daemon | |
| level=info msg=" --envoy-log=''" subsys=daemon | |
| level=info msg=" --exclude-local-address=''" subsys=daemon | |
| level=info msg=" --fixed-identity-mapping='map[]'" subsys=daemon | |
| level=info msg=" --force-local-policy-eval-at-source='true'" subsys=daemon | |
| level=info msg=" --gops-port='9890'" subsys=daemon | |
| level=info msg=" --host-reachable-services-protos='tcp,udp'" subsys=daemon | |
| level=info msg=" --http-403-msg=''" subsys=daemon | |
| level=info msg=" --http-idle-timeout='0'" subsys=daemon | |
| level=info msg=" --http-max-grpc-timeout='0'" subsys=daemon | |
| level=info msg=" --http-normalize-path='true'" subsys=daemon | |
| level=info msg=" --http-request-timeout='3600'" subsys=daemon | |
| level=info msg=" --http-retry-count='3'" subsys=daemon | |
| level=info msg=" --http-retry-timeout='0'" subsys=daemon | |
| level=info msg=" --hubble-disable-tls='false'" subsys=daemon | |
| level=info msg=" --hubble-event-buffer-capacity='4095'" subsys=daemon | |
| level=info msg=" --hubble-event-queue-size='0'" subsys=daemon | |
| level=info msg=" --hubble-export-file-compress='false'" subsys=daemon | |
| level=info msg=" --hubble-export-file-max-backups='5'" subsys=daemon | |
| level=info msg=" --hubble-export-file-max-size-mb='10'" subsys=daemon | |
| level=info msg=" --hubble-export-file-path=''" subsys=daemon | |
| level=info msg=" --hubble-listen-address=''" subsys=daemon | |
| level=info msg=" --hubble-metrics=''" subsys=daemon | |
| level=info msg=" --hubble-metrics-server=''" subsys=daemon | |
| level=info msg=" --hubble-recorder-sink-queue-size='1024'" subsys=daemon | |
| level=info msg=" --hubble-recorder-storage-path='/var/run/cilium/pcaps'" subsys=daemon | |
| level=info msg=" --hubble-socket-path='/var/run/cilium/hubble.sock'" subsys=daemon | |
| level=info msg=" --hubble-tls-cert-file=''" subsys=daemon | |
| level=info msg=" --hubble-tls-client-ca-files=''" subsys=daemon | |
| level=info msg=" --hubble-tls-key-file=''" subsys=daemon | |
| level=info msg=" --identity-allocation-mode='crd'" subsys=daemon | |
| level=info msg=" --identity-change-grace-period='5s'" subsys=daemon | |
| level=info msg=" --install-iptables-rules='true'" subsys=daemon | |
| level=info msg=" --install-no-conntrack-iptables-rules='false'" subsys=daemon | |
| level=info msg=" --ip-allocation-timeout='2m0s'" subsys=daemon | |
| level=info msg=" --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon | |
| level=info msg=" --ipam='cluster-pool'" subsys=daemon | |
| level=info msg=" --ipsec-key-file=''" subsys=daemon | |
| level=info msg=" --iptables-lock-timeout='5s'" subsys=daemon | |
| level=info msg=" --iptables-random-fully='false'" subsys=daemon | |
| level=info msg=" --ipv4-native-routing-cidr=''" subsys=daemon | |
| level=info msg=" --ipv4-node='auto'" subsys=daemon | |
| level=info msg=" --ipv4-pod-subnets=''" subsys=daemon | |
| level=info msg=" --ipv4-range='auto'" subsys=daemon | |
| level=info msg=" --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon | |
| level=info msg=" --ipv4-service-range='auto'" subsys=daemon | |
| level=info msg=" --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon | |
| level=info msg=" --ipv6-mcast-device=''" subsys=daemon | |
| level=info msg=" --ipv6-node='auto'" subsys=daemon | |
| level=info msg=" --ipv6-pod-subnets=''" subsys=daemon | |
| level=info msg=" --ipv6-range='auto'" subsys=daemon | |
| level=info msg=" --ipv6-service-range='auto'" subsys=daemon | |
| level=info msg=" --ipvlan-master-device='undefined'" subsys=daemon | |
| level=info msg=" --join-cluster='false'" subsys=daemon | |
| level=info msg=" --k8s-api-server=''" subsys=daemon | |
| level=info msg=" --k8s-heartbeat-timeout='30s'" subsys=daemon | |
| level=info msg=" --k8s-kubeconfig-path=''" subsys=daemon | |
| level=info msg=" --k8s-namespace='kube-system'" subsys=daemon | |
| level=info msg=" --k8s-require-ipv4-pod-cidr='false'" subsys=daemon | |
| level=info msg=" --k8s-require-ipv6-pod-cidr='false'" subsys=daemon | |
| level=info msg=" --k8s-service-cache-size='128'" subsys=daemon | |
| level=info msg=" --k8s-service-proxy-name=''" subsys=daemon | |
| level=info msg=" --k8s-sync-timeout='3m0s'" subsys=daemon | |
| level=info msg=" --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon | |
| level=info msg=" --keep-config='false'" subsys=daemon | |
| level=info msg=" --kube-proxy-replacement='probe'" subsys=daemon | |
| level=info msg=" --kube-proxy-replacement-healthz-bind-address=''" subsys=daemon | |
| level=info msg=" --kvstore=''" subsys=daemon | |
| level=info msg=" --kvstore-connectivity-timeout='2m0s'" subsys=daemon | |
| level=info msg=" --kvstore-lease-ttl='15m0s'" subsys=daemon | |
| level=info msg=" --kvstore-max-consecutive-quorum-errors='2'" subsys=daemon | |
| level=info msg=" --kvstore-opt='map[]'" subsys=daemon | |
| level=info msg=" --kvstore-periodic-sync='5m0s'" subsys=daemon | |
| level=info msg=" --label-prefix-file=''" subsys=daemon | |
| level=info msg=" --labels=''" subsys=daemon | |
| level=info msg=" --lib-dir='/var/lib/cilium'" subsys=daemon | |
| level=info msg=" --local-router-ipv4=''" subsys=daemon | |
| level=info msg=" --local-router-ipv6=''" subsys=daemon | |
| level=info msg=" --log-driver=''" subsys=daemon | |
| level=info msg=" --log-opt='map[]'" subsys=daemon | |
| level=info msg=" --log-system-load='false'" subsys=daemon | |
| level=info msg=" --max-controller-interval='0'" subsys=daemon | |
| level=info msg=" --metrics=''" subsys=daemon | |
| level=info msg=" --mke-cgroup-mount=''" subsys=daemon | |
| level=info msg=" --monitor-aggregation='medium'" subsys=daemon | |
| level=info msg=" --monitor-aggregation-flags='all'" subsys=daemon | |
| level=info msg=" --monitor-aggregation-interval='5s'" subsys=daemon | |
| level=info msg=" --monitor-queue-size='0'" subsys=daemon | |
| level=info msg=" --mtu='0'" subsys=daemon | |
| level=info msg=" --nat46-range='0:0:0:0:0:FFFF::/96'" subsys=daemon | |
| level=info msg=" --native-routing-cidr=''" subsys=daemon | |
| level=info msg=" --node-port-acceleration='disabled'" subsys=daemon | |
| level=info msg=" --node-port-algorithm='random'" subsys=daemon | |
| level=info msg=" --node-port-bind-protection='true'" subsys=daemon | |
| level=info msg=" --node-port-mode='snat'" subsys=daemon | |
| level=info msg=" --node-port-range='30000,32767'" subsys=daemon | |
| level=info msg=" --policy-audit-mode='false'" subsys=daemon | |
| level=info msg=" --policy-queue-size='100'" subsys=daemon | |
| level=info msg=" --policy-trigger-interval='1s'" subsys=daemon | |
| level=info msg=" --pprof='false'" subsys=daemon | |
| level=info msg=" --pprof-port='6060'" subsys=daemon | |
| level=info msg=" --preallocate-bpf-maps='false'" subsys=daemon | |
| level=info msg=" --prefilter-device='undefined'" subsys=daemon | |
| level=info msg=" --prefilter-mode='native'" subsys=daemon | |
| level=info msg=" --prepend-iptables-chains='true'" subsys=daemon | |
| level=info msg=" --prometheus-serve-addr=''" subsys=daemon | |
| level=info msg=" --proxy-connect-timeout='1'" subsys=daemon | |
| level=info msg=" --proxy-prometheus-port='0'" subsys=daemon | |
| level=info msg=" --read-cni-conf=''" subsys=daemon | |
| level=info msg=" --restore='true'" subsys=daemon | |
| level=info msg=" --route-metric='0'" subsys=daemon | |
| level=info msg=" --sidecar-istio-proxy-image='cilium/istio_proxy'" subsys=daemon | |
| level=info msg=" --single-cluster-route='false'" subsys=daemon | |
| level=info msg=" --socket-path='/var/run/cilium/cilium.sock'" subsys=daemon | |
| level=info msg=" --sockops-enable='false'" subsys=daemon | |
| level=info msg=" --state-dir='/var/run/cilium'" subsys=daemon | |
| level=info msg=" --tofqdns-dns-reject-response-code='refused'" subsys=daemon | |
| level=info msg=" --tofqdns-enable-dns-compression='true'" subsys=daemon | |
| level=info msg=" --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon | |
| level=info msg=" --tofqdns-idle-connection-grace-period='0s'" subsys=daemon | |
| level=info msg=" --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon | |
| level=info msg=" --tofqdns-min-ttl='0'" subsys=daemon | |
| level=info msg=" --tofqdns-pre-cache=''" subsys=daemon | |
| level=info msg=" --tofqdns-proxy-port='0'" subsys=daemon | |
| level=info msg=" --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon | |
| level=info msg=" --trace-payloadlen='128'" subsys=daemon | |
| level=info msg=" --tunnel=''" subsys=daemon | |
| level=info msg=" --tunnel-port='0'" subsys=daemon | |
| level=info msg=" --version='false'" subsys=daemon | |
| level=info msg=" --vlan-bpf-bypass=''" subsys=daemon | |
| level=info msg=" --write-cni-conf-when-ready=''" subsys=daemon | |
| level=info msg=" _ _ _" subsys=daemon | |
| level=info msg=" ___|_| |_|_ _ _____" subsys=daemon | |
| level=info msg="| _| | | | | | |" subsys=daemon | |
| level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon | |
| level=info msg="Cilium 1.11.0 d8460a4 2021-12-09T16:37:33+01:00 go version go1.17.3 linux/amd64" subsys=daemon | |
| level=info msg="cilium-envoy version: 3b108c64fa2a2879f24e4215815059d88b330368/1.18.4/Distribution/RELEASE/BoringSSL" subsys=daemon | |
| level=info msg="clang (10.0.0) and kernel (5.4.0) versions: OK!" subsys=linux-datapath | |
| level=info msg="linking environment: OK!" subsys=linux-datapath | |
| level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf | |
| level=info msg="Mounted cgroupv2 filesystem at /run/cilium/cgroupv2" subsys=cgroups | |
| level=info msg="Parsing base label prefixes from default label list" subsys=labels-filter | |
| level=info msg="Parsing additional label prefixes from user inputs: []" subsys=labels-filter | |
| level=info msg="Final label prefixes to be used for identity evaluation:" subsys=labels-filter | |
| level=info msg=" - reserved:.*" subsys=labels-filter | |
| level=info msg=" - :io.kubernetes.pod.namespace" subsys=labels-filter | |
| level=info msg=" - :io.cilium.k8s.namespace.labels" subsys=labels-filter | |
| level=info msg=" - :app.kubernetes.io" subsys=labels-filter | |
| level=info msg=" - !:io.kubernetes" subsys=labels-filter | |
| level=info msg=" - !:kubernetes.io" subsys=labels-filter | |
| level=info msg=" - !:.*beta.kubernetes.io" subsys=labels-filter | |
| level=info msg=" - !:k8s.io" subsys=labels-filter | |
| level=info msg=" - !:pod-template-generation" subsys=labels-filter | |
| level=info msg=" - !:pod-template-hash" subsys=labels-filter | |
| level=info msg=" - !:controller-revision-hash" subsys=labels-filter | |
| level=info msg=" - !:annotation.*" subsys=labels-filter | |
| level=info msg=" - !:etcd_node" subsys=labels-filter | |
| level=info msg="Using autogenerated IPv4 allocation range" subsys=node v4Prefix=10.11.0.0/16 | |
| level=info msg="Initializing daemon" subsys=daemon | |
| level=info msg="Establishing connection to apiserver" host="https://10.96.0.1:443" subsys=k8s | |
| level=info msg="Connected to apiserver" subsys=k8s | |
| level=info msg="Trying to auto-enable \"enable-node-port\", \"enable-external-ips\", \"enable-host-reachable-services\", \"enable-host-port\", \"enable-session-affinity\" features" subsys=daemon | |
| level=warning msg="Session affinity for host reachable services needs kernel 5.7.0 or newer to work properly when accessed from inside cluster: the same service endpoint will be selected from all network namespaces on the host." subsys=daemon | |
| level=info msg="Inheriting MTU from external network interface" device=eth0 ipAddr=192.168.0.11 mtu=1500 subsys=mtu | |
| level=info msg="Envoy: Starting xDS gRPC server listening on /var/run/cilium/xds.sock" subsys=envoy-manager | |
| level=info msg="Restored services from maps" failed=0 restored=0 subsys=service | |
| level=info msg="Reading old endpoints..." subsys=daemon | |
| level=info msg="No old endpoints found." subsys=daemon | |
| level=info msg="Waiting until all Cilium CRDs are available" subsys=k8s | |
| level=info msg="All Cilium CRDs have been found and are available" subsys=k8s | |
| level=info msg="Creating or updating CiliumNode resource" node=k8s-cp-1 subsys=nodediscovery | |
| level=info msg="Successfully created CiliumNode resource" subsys=nodediscovery | |
| level=info msg="Retrieved node information from cilium node" nodeName=k8s-cp-1 subsys=k8s | |
| level=warning msg="Waiting for k8s node information" error="required IPv4 PodCIDR not available" subsys=k8s | |
| level=info msg="Retrieved node information from cilium node" nodeName=k8s-cp-1 subsys=k8s | |
| level=info msg="Received own node information from API server" ipAddr.ipv4=192.168.0.11 ipAddr.ipv6="<nil>" k8sNodeIP=192.168.0.11 labels="map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:k8s-cp-1 kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node-role.kubernetes.io/master: node.kubernetes.io/exclude-from-external-load-balancers:]" nodeName=k8s-cp-1 subsys=k8s v4Prefix=10.0.3.0/24 v6Prefix="<nil>" | |
| level=info msg="k8s mode: Allowing localhost to reach local endpoints" subsys=daemon | |
| level=info msg="Direct routing device detected" direct-routing-device=eth0 subsys=daemon | |
| level=info msg="Detected devices" devices="[eth0]" subsys=daemon | |
| level=info msg="BPF host routing requires kernel 5.10 or newer. Falling back to legacy host routing (enable-host-legacy-routing=true)." subsys=daemon | |
| level=info msg="Enabling k8s event listener" subsys=k8s-watcher | |
| level=info msg="Removing stale endpoint interfaces" subsys=daemon | |
| level=info msg="Waiting until all pre-existing resources have been received" subsys=k8s-watcher | |
| level=info msg="Skipping kvstore configuration" subsys=daemon | |
| level=info msg="Initializing node addressing" subsys=daemon | |
| level=info msg="Initializing cluster-pool IPAM" subsys=ipam v4Prefix=10.0.3.0/24 v6Prefix="<nil>" | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s | |
| level=warning msg="Failed to remove old router IPs (restored IP: <nil>) from cilium_host. Manual intervention is required to remove all other old IPs." error="Link not found" subsys=daemon | |
| level=info msg="Restoring endpoints..." subsys=daemon | |
| level=info msg="Endpoints restored" failed=0 restored=0 subsys=daemon | |
| level=info msg="Addressing information:" subsys=daemon | |
| level=info msg=" Cluster-Name: kubernetes" subsys=daemon | |
| level=info msg=" Cluster-ID: 0" subsys=daemon | |
| level=info msg=" Local node-name: k8s-cp-1" subsys=daemon | |
| level=info msg=" Node-IPv6: <nil>" subsys=daemon | |
| level=info msg=" External-Node IPv4: 192.168.0.11" subsys=daemon | |
| level=info msg=" Internal-Node IPv4: 10.0.3.176" subsys=daemon | |
| level=info msg=" IPv4 allocation prefix: 10.0.3.0/24" subsys=daemon | |
| level=info msg=" Loopback IPv4: 169.254.42.1" subsys=daemon | |
| level=info msg=" Local IPv4 addresses:" subsys=daemon | |
| level=info msg=" - 192.168.0.11" subsys=daemon | |
| level=info msg="Adding local node to cluster" node="{k8s-cp-1 kubernetes [{InternalIP 192.168.0.11} {CiliumInternalIP 10.0.3.176}] 10.0.3.0/24 <nil> 10.0.3.100 <nil> 0 local 0 map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:k8s-cp-1 kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node-role.kubernetes.io/master: node.kubernetes.io/exclude-from-external-load-balancers:] 1 }" subsys=nodediscovery | |
| level=info msg="Creating or updating CiliumNode resource" node=k8s-cp-1 subsys=nodediscovery | |
| level=info msg="Annotating k8s node" subsys=daemon v4CiliumHostIP.IPv4=10.0.3.176 v4Prefix=10.0.3.0/24 v4healthIP.IPv4=10.0.3.100 v6CiliumHostIP.IPv6="<nil>" v6Prefix="<nil>" v6healthIP.IPv6="<nil>" | |
| level=info msg="Initializing identity allocator" subsys=identity-cache | |
| level=info msg="Cluster-ID is not specified, skipping ClusterMesh initialization" subsys=daemon | |
| level=info msg="Setting up BPF datapath" bpfClockSource=ktime bpfInsnSet=v2 subsys=datapath-loader | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.core.bpf_jit_enable sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.all.rp_filter sysParamValue=0 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.fib_multipath_use_neigh sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.unprivileged_bpf_disabled sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.timer_migration sysParamValue=0 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.forwarding sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.rp_filter sysParamValue=0 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.accept_local sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.send_redirects sysParamValue=0 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.forwarding sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.rp_filter sysParamValue=0 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.accept_local sysParamValue=1 | |
| level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.send_redirects sysParamValue=0 | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s | |
| level=info msg="Adding new proxy port rules for cilium-dns-egress:36109" proxy port name=cilium-dns-egress subsys=proxy | |
| level=info msg="Serving cilium node monitor v1.2 API at unix:///var/run/cilium/monitor1_2.sock" subsys=monitor-agent | |
| level=info msg="Validating configured node address ranges" subsys=daemon | |
| level=info msg="Starting connection tracking garbage collector" subsys=daemon | |
| level=info msg="Starting IP identity watcher" subsys=ipcache | |
| level=info msg="Initial scan of connection tracking completed" subsys=ct-gc | |
| level=info msg="Datapath signal listener running" subsys=signal | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s | |
| level=warning msg="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=klog | |
| level=error msg=k8sError error="github.com/cilium/cilium/pkg/k8s/watchers/cilium_envoy_config.go:92: Failed to watch *v2alpha1.CiliumEnvoyConfig: failed to list *v2alpha1.CiliumEnvoyConfig: ciliumenvoyconfigs.cilium.io is forbidden: User \"system:serviceaccount:kube-system:cilium\" cannot list resource \"ciliumenvoyconfigs\" in API group \"cilium.io\" at the cluster scope" subsys=k8s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment