New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
containerd 1.6.4 breaks weave on Kubernetes #6921
Comments
It means either the weave plugin did not give a result for your eth0 interface or it's result did not have an IPv4/6 address
crictl inspectp on that pod to get the full result.. it should have more detail (unless of course it already deleted the pod) would have to walk back the code to see if we clean that pod right away and/or run containerd in debug mode @MikeZappa87 FYI... |
@mikebrow I was about to state the container -l debug as well. I want to see whats in the results. That will help us uncover why containerd/pkg/cri/server/sandbox_run.go Line 399 in 6067aeb
|
nod.. possible ipam defaults..? but yes debug will help here.. Perhaps should modify that error message to add result out if debug is off since we need it here... or just a bit more detail. |
I believe weave has its own ipam plugin? @jpetazzo can you do a ls /opt/cni/bin ? I think the weave-ipam isn't being called however I am not familiar with weave. It might be helpful to provide the actual contents of the network configuration in the /etc/cni/net/d dir as well |
noting possible prior report weaveworks/weave#3936 |
duplicate of #6575 ? |
nod.. from your analysis it sounds like cni is still broken on backwards compatibility on setup when the plugin fails to provide cni version.. cni fixed a similar problem on tear down. But we still need weave to make their fix and/or cni. Need weave to fix for the range of cni releases where they are broken.. and cni to fix for backwards compatibility with very old plugin(s) that fail to provide cni version... |
After github.com/containernetworking/cni#985 has been fixed, I test it with the commit in my local. It can fix this issue. REF: fuweid@cfb4e22 |
Not that it's not a good thing that this issue was fixed, but anyone still using Weave Net as their CNI plugin should seriously be planning their migration to a different CNI at this point. Weave Net is clearly unmaintained by its developers in favor of their other products and you should assume it to be fundamentally insecure at this point to keep using it. Just a quick glance shows that the current version (2.8.1) was built with Golang 1.15.6 which has some 30-odd vulnerabilities reported at the current moment. It's probably safe to say there are even more in the outdated dependencies it was built with. I highly recommend Cilium, which in my experience contains a superset of the features of Weave Net and is thus likely to support whatever usecase made you choose Weave Net in the first place. |
Description
Hi!
I noticed the following problem on my new Kubernetes clusters: all pods (except the ones using
hostNetwork
) remain inContainerCreating
status, and events (as shown by e.g.kubectl describe pod
) indicate:The kubelet logs (as shown by
journalctl -u kubelet -f
) indicate the same message (nothing more), and the containerd logs (as shown byjournalctl -u containerd -f
) indicate:I looked at what had changed between my "new" Kubernetes clusters and the "old" ones (the "old" ones that were deployed just last week, using the same deployment mechanism, and that worked fine 🤔), and it seems to be containerd. To give a bit more context: unless instructed otherwise, my deployment scripts spawn Ubuntu 18.04 VMs, install the latest Kubernetes packages from the Kubernetes official deb repositories (http://apt.kubernetes.io/), the latest
docker-ce
package from the Docker repository (https://download.docker.com/linux/ubuntu), which itself seems to bring the latestcontainerd.io
. According to https://download.docker.com/linux/ubuntu/dists/bionic/pool/stable/amd64/, it looks likecontainerd.io 1.6.4-1
was released May 5th, just 5 days ago.To cross-check the issue, I've:
containerd.io
to1.5.11-1
So it seems that there is definitely something off with containerd 1.6; but it could also be something odd with Weave. However, according to https://github.com/weaveworks/weave/releases, Weave hasn't changed since early 2021.
Is there a way to get containerd to tell me more about what it's doing; or what it's expecting?
Steps to reproduce the issue
I think the following should work (but my deployment scripts are a little bit hairy, to account for various cloud provider discrepancies😬) →
docker-ce
/etc/containerd/config.toml
to re-enable CRI API (which is disabled by default)kubeadm init
with the config file belowkubectl apply -f https://cloud.weave.works/k8s/net
kubectl get pods --all-namespaces
that pods (e.g. coredns pods) fail to startkubeadm config file:
Describe the results you received and expected
Expected results: pods start
Observed results: pods fail to start, stay stuck in
ContainerCreating
, with errors mentioning failure to create pod sandboxWhat version of containerd are you using?
containerd containerd.io 1.6.4 212e8b6
Any other relevant information
Also reproduced on:
Show configuration if it is related to CRI plugin.
Configuration is empty.
The text was updated successfully, but these errors were encountered: