Open sujit-kulkarni opened 4 months ago
This is likely a missing kernel module (or a kernel compiled without support for nat
).
I think I may be running into this as well. I used to be able to load up the docker image via a Jenkins / kubernetes build on the fly, but its failing with a TLS error when attempting docker login
, not able to resolve the TLS failed verification after probably 30 attempts to provide a ca-bundle, ... eventually I tried to disable by setting DOCKER_TLS_CERTDIR='', which I attempted after taking a look at the dockerd-entrypoint.sh .
The error I'm seeing is this:
# DOCKER_TLS_CERTDIR='' && /usr/local/bin/dockerd-entrypoint.sh
cat: can't open '/proc/net/ip6_tables_names': No such file or directory
cat: can't open '/proc/net/arp_tables_names': No such file or directory
ip: can't find device 'nf_tables'
nf_tables 327680 3137 nft_chain_nat,nft_compat,nft_counter
nfnetlink 20480 4 ip_set,nf_conntrack_netlink,nft_compat,nf_tables
libcrc32c 16384 5 libceph,nf_nat,nf_conntrack,nf_tables,xfs
modprobe: can't change directory to '/lib/modules': No such file or directory
ip: can't find device 'ip_tables'
ip_tables 32768 2 iptable_nat,iptable_filter
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.10 (nf_tables)
mount: permission denied (are you root?)
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: permission denied (are you root?)
Tried with docker:dind & docker:latest , not really sure which I need to be using.
- name: docker
image: docker:latest
env:
- name: DOCKER_TLS_CERTDIR
value: ""
tty: true
securityContext:
privileged: true
That sounds like it's not actually running with privileged mode enabled :thinking:
we are trying to use docker in docker for our usecase using the official docker:dind image. But when the dockerd-entrypoint.sh is executed to run the docker deamon inside the container created from dind it fails with the below error: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DOCKER: iptables v1.8.10 (nf_tables): TABLE_ADD failed (Not supported): table nat (exit status 4)
could you please help me with the resolution.
Thanks,