2

Is there any direct command to fetch the podcidr assigned to each node when using calico CNI.

I am looking for exact network and netmask assigned to each node. I am not able to fetch it from kubectl get nodes neither via podCIDR value nor via projectcalico.org/IPv4VXLANTunnelAddr annotation. Also looks like the annotation will also differ based on VXLAN or IPIP tunnel used by calico.

Tried to fetch via podCIDR key from nodes. Got the following output. Which wasn't the network assigned to the nodes.

kubectl get nodes -oyaml | grep -i podcidr -B 1
  spec:
    podCIDR: 192.168.0.0/24
    podCIDRs:
--
  spec:
    podCIDR: 192.168.2.0/24
    podCIDRs:

Tried to fetch it via calico annotation. Was able to find the network but the netmask was missing.

kubectl get nodes -oyaml | grep -i ipv4vxlan
      projectcalico.org/IPv4VXLANTunnelAddr: 192.168.33.64
      projectcalico.org/IPv4VXLANTunnelAddr: 192.168.253.192

Tried to fetch it via calico pod. Found the exact network and netmask i.e 192.168.33.64/26 from the calico log.

kubectl logs calico-node-h2s9w   -n calico-system | grep cidr
2020-12-14 06:54:50.783 [INFO][18] tunnel-ip-allocator/ipam.go 140:
Attempting to load block cidr=192.168.33.64/26 host="calico-master"

But i want to avoid looking at logs of calico pod on each node. Is there a better way to find the podcidr assigned to each node via a single command.

apoorva kamath
  • 816
  • 1
  • 7
  • 19

2 Answers2

3

You can use etcdctl to know details of subnet block assigned to each node.

ETCDCTL_API=3 etcdctl ls /calico/ipam/v2/host/node1/ipv4/block/

Above example for a node node1 will give something like below as output.

/calico/ipam/v2/host/node1/ipv4/block/192.168.228.192-26
Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107
  • Thanks . But i get the following from that calico command line. ```calicoctl get ippools NAME CIDR SELECTOR default-ipv4-ippool 192.168.0.0/16 all() ``` I dont get the cidr assigned to each node of the cluster. – apoorva kamath Dec 15 '20 at 07:59
  • thanks. can this also be fetched via any api call to kube-apiserver? – apoorva kamath Dec 15 '20 at 08:20
  • 1
    Don't think it's possible according to my knowledge – Arghya Sadhu Dec 15 '20 at 08:37
  • Thanks! The thing is that a worker entry under the /calico/ipam/v2/host is missing. This results in that worker getting the same block IP CIDR with the master, causing lots of conflicts due to blackhole created etc. Why this could happen? Where to check for any clues? – maiky Mar 26 '23 at 18:25
2

Looks like calico adds a custom resource called ipamblocks and it contains the podcidr assigned to each cluster node.

The name of the custom resource itself contains the node's podcidr.

kubectl get ipamblocks.crd.projectcalico.org 
NAME               AGE
10-42-123-0-26     89d
10-42-187-192-26   89d

Command to fetch the exact podcidr and nodeip:

kubectl get ipamblocks.crd.projectcalico.org -o jsonpath="{range .items[*]}{'podNetwork: '}{.spec.cidr}{'\t NodeIP: '}{.spec.affinity}{'\n'}"

podNetwork: 10.42.123.0/26   NodeIP: host:<node1-ip>
podNetwork: 10.42.187.192/26     NodeIP: host:<node2-ip>
apoorva kamath
  • 816
  • 1
  • 7
  • 19