CDK 1.28 control plane on lxd running Calico needs access to /sys/fs/bpf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
High
|
Mateo Florido | ||
Kubernetes Worker Charm |
Fix Released
|
Medium
|
Kevin W Monroe |
Bug Description
In CK 1.27 there was no calico-node pod. The charm ran calico-node as a systemd service. In CK 1.28 it switched to hosting Calico via DaemonSet with pods, which requires access to /sys/fs
So, in case k8s-control-plane is running on LXD it will show error logs since it has no write access to that mount point
========== Error logs
Every 2.0s: kubectl get po -n kube-system -owide --sort-by .metadata.
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
k8s-keystone-
kube-state-
coredns-
metrics-
k8s-keystone-
calico-node-dshdc 0/1 Init:0/2 0 33m 192.168.20.125 dgx07 <none> <none>
calico-node-n7l6f 1/1 Running 0 33m 192.168.20.73 dgx06 <none> <none>
calico-node-rg72d 0/1 Init:1/2 0 33m 192.168.20.202 k8s-worker-04 <none> <none>
calico-node-rnspn 0/1 Init:0/2 0 33m 192.168.20.138 dgx08 <none> <none>
calico-node-v9mf9 0/1 Init:1/2 0 33m 192.168.20.32 k8s-worker-01 <none> <none>
calico-node-krnhj 0/1 Init:1/2 0 33m 192.168.20.168 juju-712203-2-lxd-2 <none> <none>
calico-
calico-node-bnnhb 1/1 Running 0 33m 192.168.20.103 dgx05 <none> <none>
calico-node-7zkss 1/1 Running 0 33m 192.168.20.203 k8s-worker-03 <none> <none>
calico-node-6r7c8 0/1 Init:0/2 0 33m 192.168.20.136 k8s-worker-02 <none> <none>
calico-node-wzr8r 0/1 Init:0/2 0 33m 192.168.20.93 juju-712203-1-lxd-2 <none> <none>
calico-node-nnwsm 0/1 Init:CreateCont
$ kubectl describe pod calico-node-nnwsm -n kube-system
# [..]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 26s default-scheduler Successfully assigned kube-system/
Normal Pulled 25s kubelet Container image "rocks.
Normal Created 25s kubelet Created container install-cni
Normal Started 25s kubelet Started container install-cni
Warning Failed 23s kubelet Error: failed to generate container "82ccbbba0e5f5a
Warning DNSConfigForming 12s (x5 over 25s) kubelet Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 192.168.20.11 192.168.20.14 192.168.20.15
Normal Pulled 12s (x2 over 23s) kubelet Container image "rocks.
Warning Failed 12s kubelet Error: failed to generate container "ba3a8598b2f954
summary: |
- CDK 1.28 control plane on lxd running Calico needs access to /sys/fs + CDK 1.28 control plane on lxd running Calico needs access to /sys/fs/bpf |
Changed in charm-kubernetes-master: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 1.28+ck1 |
Changed in charm-kubernetes-master: | |
assignee: | nobody → Mateo Florido (mateoflorido) |
Changed in charm-kubernetes-master: | |
status: | Triaged → In Progress |
Changed in charm-kubernetes-worker: | |
status: | Triaged → In Progress |
tags: | added: backport-needed |
tags: | removed: backport-needed |
Changed in charm-kubernetes-master: | |
status: | In Progress → Fix Committed |
Changed in charm-kubernetes-worker: | |
status: | In Progress → Fix Committed |
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
Changed in charm-kubernetes-worker: | |
status: | Fix Committed → Fix Released |
This is the workaround that worked for me /github. com/charmed- kubernetes/ charm-kubernete s-control- plane/pull/ 301
https:/
Not sure if this is the best approach to expose /sys/fs/bpf to the container of if it would be better to change the mount point of the Calico pod /github. com/charmed- kubernetes/ charm-calico/ blob/main/ upstream/ calico/ manifests/ 3.25.1/ calico- etcd.yaml# L319
https:/