Closed bittrance closed 2 months ago
I have follow your steps and have not reproduce it. maybe spegel have change something, i'm not sure about that, i have not try the spegel. @bittrance
$ kubectl get node
NAME STATUS ROLES AGE VERSION
kind-control-plane Ready control-plane 2m33s v1.29.2
kind-worker Ready <none> 2m10s v1.29.2
kind-worker2 Ready <none> 2m10s v1.29.2
kind-worker3 Ready <none> 2m11s v1.29.2
kind-worker4 Ready <none> 2m11s v1.29.2
$ kubectl get pod
No resources found in default namespace.
$ kubectl get pod -n test-1
NAME READY STATUS RESTARTS AGE
test-9jpd5 1/1 Running 0 29s
test-nrbzg 1/1 Running 0 29s
test-pmxcw 1/1 Running 0 29s
test-z2zsb 1/1 Running 0 29s
Ah, mystery solved.
$ kubectl get pods -A | grep -v Running
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system kube-proxy-nq9h6 0/1 CrashLoopBackOff 17 (5m6s ago) 66m
$ kubectl logs --namespace kube-system kube-proxy-nq9h6
E0506 17:32:51.755163 1 run.go:74] "command failed" err="failed complete: too many open files"
I had expected Kind to tell me things like that when it creates the cluster, but I suppose it is hard to see "inside" the node.
Yeah, it's a pretty complicated space and Kubernetes is supposed to be eventually-consistent. We need the control plane / API to come up and ensure this much
... but it's possible parts of the dataplane are still unhealthy, possibly even this is expected e.g. when the user opts to disable the built in CNI and needs to continue dataplane bootstrapping themselves by installing a CNI.
Glad you found it. This may be https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
What happened:
TL;DR: DaemonSet pods scheduled on one node in my 4-workernode IPVS Kind cluster does not get proper networking. Anecdotal evidence suggests that the same problem occurs with iptables-based networking. I have not tried pods created from deployments or manually. Smaller clusters does not seem to have this problem.
The original error that led me down into this rabbit hole was working with spegel which uses the coordination API. Three nodes always joined up properly, while the fourth failed with:
I created a test case for this which can reproduce this issue with a relatively simple setup. This case too passes when the cluster has 3 worker nodes, but fails when it get 4 worker nodes. In the test case, pods fail on name resolution, see below. The same node will fail its pods in all daemonsets launched into the cluster. Creating a 5-workernode cluster will result in two bad nodes.
What you expected to happen:
I expected to get working networking on all my nodes, but at the same time this issue seems to obvious to have remain undiscovered?
How to reproduce it (as minimally and precisely as possible):
This repeat uses
apt-get update
as it is present in a well-used image. Pods on healthy nodes will happily update their package metadata, but one will fail on name resolution.Creating and populating additional namespaces will demonstrate that all failing pods will be on the same node, in this case kind-worker2.
Environment:
A node with bad netwoking has this description: