On Mon, Nov 9, 2020 at 2:48 AM Joakim Roubert <[email protected]> wrote: > > On 2020-11-06 22:20, Bruce Ashfield wrote: > > > > I now have another 6 or 7 WIP patches on top of this to try and get a > > single node "cluster" working with k3s. I'll clean them up and get > > them into the k3s WIP branch shortly. > > Awesome! > > > In your working references, which iptables do you have installed ? > > (legacy ? nftables?) > > # iptables --version > iptables v1.8.4 (legacy) > > > I'm failing to get flannel to start, with a series of errors like this: > > > > ----------- > > I1106 21:19:00.985656 10641 eviction_manager.go:351] eviction > > manager: able to reduce ephemeral-storage pressure without evicting > > pods. > > E1106 21:19:10.636899 10641 proxier.go:841] Failed to ensure that > > filter chain INPUT jumps to KUBE-EXTERNAL-SERVICES: error checking > > rule: exit status 2: iptables v1.8.6 (legacy): Couldn't load match > > `comment':No such y > > Try `iptables -h' or 'iptables --help' for more information. > > I1106 21:19:10.641647 10641 proxier.go:825] Sync failed; retrying in 30s > > ------------ > > This is a bit strange, as it seems you are running in legacy mode too, > although a somewhat newer version than I have, and the only thing I know > is that Rancher recommends 1.6.1 or newer (which it is). > > https://rancher.com/docs/k3s/latest/en/known-issues/ > > Might there be something missing in the kernel? > > I have these RPMs installed in my image: > > iptables > iptables-module-ip6t-ah > iptables-module-ip6t-dnat > iptables-module-ip6t-dnpt > iptables-module-ip6t-dst > iptables-module-ip6t-eui64 > iptables-module-ip6t-frag > iptables-module-ip6t-hbh > iptables-module-ip6t-hl > iptables-module-ip6t-icmp6 > iptables-module-ip6t-ipv6header > iptables-module-ip6t-log > iptables-module-ip6t-masquerade > iptables-module-ip6t-mh > iptables-module-ip6t-netmap > iptables-module-ip6t-redirect > iptables-module-ip6t-reject > iptables-module-ip6t-rt > iptables-module-ip6t-snat > iptables-module-ip6t-snpt > iptables-module-ip6t-srh > iptables-module-ipt-ah > iptables-module-ipt-clusterip > iptables-module-ipt-dnat > iptables-module-ipt-ecn > iptables-module-ipt-icmp > iptables-module-ipt-log > iptables-module-ipt-masquerade > iptables-module-ipt-netmap > iptables-module-ipt-realm > iptables-module-ipt-redirect > iptables-module-ipt-reject > iptables-module-ipt-snat > iptables-module-ipt-ttl > iptables-module-ipt-ulog > iptables-modules > iptables-module-xt-addrtype > iptables-module-xt-audit > iptables-module-xt-bpf > iptables-module-xt-cgroup > iptables-module-xt-checksum > iptables-module-xt-classify > iptables-module-xt-cluster > iptables-module-xt-comment > iptables-module-xt-connbytes > iptables-module-xt-connlimit > iptables-module-xt-connmark > iptables-module-xt-connsecmark > iptables-module-xt-conntrack > iptables-module-xt-cpu > iptables-module-xt-ct > iptables-module-xt-dccp > iptables-module-xt-devgroup > iptables-module-xt-dscp > iptables-module-xt-ecn > iptables-module-xt-esp > iptables-module-xt-hashlimit > iptables-module-xt-helper > iptables-module-xt-hmark > iptables-module-xt-idletimer > iptables-module-xt-ipcomp > iptables-module-xt-iprange > iptables-module-xt-ipvs > iptables-module-xt-led > iptables-module-xt-length > iptables-module-xt-limit > iptables-module-xt-mac > iptables-module-xt-mark > iptables-module-xt-multiport > iptables-module-xt-nfacct > iptables-module-xt-nflog > iptables-module-xt-nfqueue > iptables-module-xt-osf > iptables-module-xt-owner > iptables-module-xt-physdev > iptables-module-xt-pkttype > iptables-module-xt-policy > iptables-module-xt-quota > iptables-module-xt-rateest > iptables-module-xt-recent > iptables-module-xt-rpfilter > iptables-module-xt-sctp > iptables-module-xt-secmark > iptables-module-xt-set > iptables-module-xt-socket > iptables-module-xt-standard > iptables-module-xt-statistic > iptables-module-xt-string > iptables-module-xt-synproxy > iptables-module-xt-tcp > iptables-module-xt-tcpmss > iptables-module-xt-tcpoptstrip > iptables-module-xt-tee > iptables-module-xt-time > iptables-module-xt-tos > iptables-module-xt-tproxy > iptables-module-xt-trace > iptables-module-xt-u32 > iptables-module-xt-udp > > and in my kernel config, I have (apart from what is needed for running > containers with containerd): > > CONFIG_NETFILTER_NETLINK=m > CONFIG_NETFILTER_XT_MATCH_OWNER=m > CONFIG_NET_UDP_TUNNEL=m > CONFIG_NF_DUP_NETDEV=m > CONFIG_NF_LOG_BRIDGE=m > CONFIG_NF_TABLES_ARP=y > CONFIG_NF_TABLES_BRIDGE=y > CONFIG_NF_TABLES_INET=y > CONFIG_NF_TABLES_IPV4=y > CONFIG_NF_TABLES_IPV6=y > CONFIG_NF_TABLES=m > CONFIG_NF_TABLES_NETDEV=y > CONFIG_NFT_BRIDGE_REJECT=m > CONFIG_NFT_CHAIN_NAT_IPV4=m > CONFIG_NFT_CHAIN_ROUTE_IPV4=m > CONFIG_NFT_CHAIN_ROUTE_IPV6=m > CONFIG_NFT_COMPAT=m > CONFIG_NFT_COUNTER=m > CONFIG_NFT_CT=m > CONFIG_NFT_DUP_IPV4=m > CONFIG_NFT_DUP_IPV6=m > CONFIG_NFT_DUP_NETDEV=m > # CONFIG_NFT_EXTHDR is not set > CONFIG_NFT_FIB_INET=m > CONFIG_NFT_FIB_IPV4=m > CONFIG_NFT_FIB_IPV6=m > CONFIG_NFT_FIB_NETDEV=m > CONFIG_NFT_FWD_NETDEV=m > CONFIG_NFT_HASH=m > CONFIG_NFT_LIMIT=m > CONFIG_NFT_LOG=m > CONFIG_NFT_MASQ_IPV4=m > CONFIG_NFT_MASQ=m > # CONFIG_NFT_META is not set > CONFIG_NFT_NAT=m > CONFIG_NFT_NUMGEN=m > # CONFIG_NFT_OBJREF is not set > CONFIG_NFT_QUEUE=m > CONFIG_NFT_QUOTA=m > CONFIG_NFT_REDIR_IPV4=m > CONFIG_NFT_REDIR=m > CONFIG_NFT_REJECT=m > # CONFIG_NFT_RT is not set > # CONFIG_NFT_SET_BITMAP is not set > # CONFIG_NFT_SET_HASH is not set > # CONFIG_NFT_SET_RBTREE is not set > CONFIG_OVERLAY_FS=m > CONFIG_STP=m
Cool, the above helps. I have some new fragments, etc, developed for both k8s and k3s, so I'll double check that I didn't fat finger something. Bruce > > BR, > > /Joakim -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6027): https://lists.yoctoproject.org/g/meta-virtualization/message/6027 Mute This Topic: https://lists.yoctoproject.org/mt/77679236/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
