search

k3s-io / k3s

Lightweight Kubernetes
https://k3s.io
Apache License 2.0
26.71k stars 2.24k forks source link

missing kernel config check #10099

Open zouxianyu opened 2 weeks ago

zouxianyu commented 2 weeks ago

Environmental Info: K3s Version:

k3s version v1.29.4+k3s1 (94e29e2e) go version go1.21.9

Node(s) CPU architecture, OS, and Version:

Linux master 5.10.110 #1 SMP Mon May 13 02:09:12 PDT 2024 aarch64 aarch64 aarch64 GNU/Linux

Cluster Configuration:

1 server, 1 agent

Describe the bug:

k3s won't start. Here are some error messages taken from journalctl -u k3s.

master k3s[2242]: E0515 06:41:43.060036    2242 proxier.go:1525] "Failed to execute iptables-restore" err=<
master k3s[2242]:         exit status 2: iptables-restore v1.8.7 (legacy): Couldn't load target `REJECT':No such file or directory
master k3s[2242]:
master k3s[2242]:         Error occurred at line: 9
master k3s[2242]:         Try `iptables-restore -h' or 'iptables-restore --help' for more information.
master k3s[2242]:  >

Linux kernel needs to enable CONFIG_IP_NF_TARGET_REJECT, but check-config.sh doesn't check for it.

Steps To Reproduce:

Expected behavior:

All Pods in the kube-system namespace run normally.

Actual behavior:

Some Pods don't work properly.

root@master:~$ kubectl get pod -A
NAMESPACE     NAME                                      READY   STATUS             RESTARTS         AGE
kube-system   coredns-7b6586dfcd-n6cn5                  0/1     Running            0                46m
kube-system   metrics-server-754c646885-vrbql           0/1     CrashLoopBackOff   12 (3m11s ago)   46m
kube-system   local-path-provisioner-77db45d49b-59fmt   0/1     CrashLoopBackOff   12 (3m19s ago)   46m
kube-system   helm-install-traefik-5skn2                0/1     CrashLoopBackOff   8 (3m5s ago)     46m
kube-system   helm-install-traefik-crd-r47zd            0/1     CrashLoopBackOff   8 (2m56s ago)    46m

Additional context / logs: