[Bug 1845264] [NEW] Calico plugin deployment fails with Atomic image.
Public bug reported:
Deployment details:
template:
cluster_distro: fedora-atomic
network_driver: calico
image:
Fedora-Atomic-27-2018041
labels:
{'kube_tag': 'v1.15.4', 'kube_allow_priv': 'true', 'ingress': 'nginx',
'tiller_enabled': 'true', 'tiller_tag': 'v2.13.1'} |
Issue:
The calico deployment fails and I see the following in the system logs:
Unable to update cni config: No networks found in /etc/cni/net.d
Container runtime network not ready: NetworkReady=false
reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni
config uninitialized
The directory /etc/cni/net.d is empty.
When I try to deploy calico manually with the following commands:
CALICO_DEPLOY=/srv/magnum/kubernetes/manifests/calico-deploy.yaml
/usr/local/bin/kubectl apply -f ${CALICO_DEPLOY} --namespace=kube-system
I get the following:
The DaemonSet "calico-node" is invalid:
spec.template.spec.containers[0].securityContext.privileged: Forbidden:
disallowed by cluster policy
I believe this is caused by missing --allow-privileged=true flag in kube
apiserver config.
This is a workaround that fixed it for me, along with label:
'kube_allow_priv': 'true':
---
/usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh.orig
2019-09-24 21:13:02.947882594 +
+++
/usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
2019-09-24 21:13:16.291766370 +
@@ -60,7 +60,7 @@
-KUBE_API_ARGS="--runtime-config=api/all=true"
+KUBE_API_ARGS="--runtime-config=api/all=true
--allow-privileged=$KUBE_ALLOW_PRIV"
Not sure if I missed any config options but I could not find if the flag
was added anywhere else.
Henro
** Affects: magnum (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1845264
Title:
Calico plugin deployment fails with Atomic image.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1845264/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1845265] [NEW] Calico plugin deployment fails with Atomic image.
Public bug reported:
Deployment details:
template:
cluster_distro: fedora-atomic
network_driver: calico
image:
Fedora-Atomic-27-2018041
labels:
{'kube_tag': 'v1.15.4', 'kube_allow_priv': 'true', 'ingress': 'nginx',
'tiller_enabled': 'true', 'tiller_tag': 'v2.13.1'} |
Issue:
The calico deployment fails and I see the following in the system logs:
Unable to update cni config: No networks found in /etc/cni/net.d
Container runtime network not ready: NetworkReady=false
reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni
config uninitialized
The directory /etc/cni/net.d is empty.
When I try to deploy calico manually with the following commands:
CALICO_DEPLOY=/srv/magnum/kubernetes/manifests/calico-deploy.yaml
/usr/local/bin/kubectl apply -f ${CALICO_DEPLOY} --namespace=kube-system
I get the following:
The DaemonSet "calico-node" is invalid:
spec.template.spec.containers[0].securityContext.privileged: Forbidden:
disallowed by cluster policy
I believe this is caused by missing --allow-privileged=true flag in kube
apiserver config.
This is a workaround that fixed it for me, along with label:
'kube_allow_priv': 'true':
---
/usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh.orig
2019-09-24 21:13:02.947882594 +
+++
/usr/lib/python3/dist-packages/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
2019-09-24 21:13:16.291766370 +
@@ -60,7 +60,7 @@
-KUBE_API_ARGS="--runtime-config=api/all=true"
+KUBE_API_ARGS="--runtime-config=api/all=true
--allow-privileged=$KUBE_ALLOW_PRIV"
Not sure if I missed any config options but I could not find if the flag
was added anywhere else.
Henro
** Affects: magnum (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1845265
Title:
Calico plugin deployment fails with Atomic image.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1845265/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
