Skip to content

Questions to Determine

  • Is the Calico node pod running on the affected node?
  • Are the CNI configuration files present in /etc/cni/net.d/?
  • Are the CNI binary plugins present in /opt/cni/bin/?
  • What do the kubelet logs show about CNI initialization?
  • Is the VXLAN tunnel interface (vxlan.calico) present on the node?
  • Did the kernel upgrade change the available kernel modules (vxlan, ip_tables)?
  • Can the node reach other nodes on the VXLAN port (UDP 4789)?
  • Is the calico-node DaemonSet pod healthy on this node?
  • Are IP routes for pod CIDRs of other nodes present in the routing table?