search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.77k stars 152 forks source link

Add support for Weave CNI when running K8s inside a Sysbox container #179

Closed vpalazhi closed 3 years ago

vpalazhi commented 3 years ago

We are trying to spin up k8s cluster in a docker swarm cluster with sysbox. While everything works as expected with flannel, we have not been able to make use of weave or calico as the network plugin.

We need weave (or calico) in order to be able to make use of network policies in our cluster.

The cluster is created using kubeadm (similar to kindbox)

root@controlplane:~# kubectl -n kube-system get pods
NAME                                   READY   STATUS             RESTARTS   AGE
coredns-f9fd979d6-2vrhb                1/1     Running            0          85s
coredns-f9fd979d6-8g4tj                1/1     Running            0          85s
etcd-controlplane                      1/1     Running            0          95s
kube-apiserver-controlplane            1/1     Running            0          95s
kube-controller-manager-controlplane   1/1     Running            0          95s
kube-proxy-55hd7                       1/1     Running            0          85s
kube-scheduler-controlplane            1/1     Running            0          95s
weave-net-mn4x6                        0/2     CrashLoopBackOff   2          7s

root@controlplane:~# kubectl -n kube-system logs  weave-net-mn4x6  weave
FATA: 2021/01/07 13:58:22.817560 open /sys/class/dmi/id/product_uuid: permission denied
root@controlplane:~# kubectl -n kube-system logs  weave-net-mn4x6  weave-npc 
INFO: 2021/01/07 13:58:23.289745 Starting Weaveworks NPC 2.7.0; node name "controlplane"
INFO: 2021/01/07 13:58:23.289907 Serving /metrics on :6781
FATA: 2021/01/07 13:58:23.292781 Failed to open pcap: open /var/log/ulogd.pcap: no such file or directory

root@controlplane:~# kubectl cluster-info 
Kubernetes master is running at https://controlplane:6443
KubeDNS is running at https://controlplane:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
root@controlplane:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:23:04Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
root@controlplane:~# 
root@controlplane:~# 
root@controlplane:~# kubectl get nodes -o wide
NAME           STATUS   ROLES    AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
controlplane   Ready    master   2m44s   v1.19.0   10.0.3.6      <none>        Ubuntu 18.04.5 LTS   5.4.0-58-generic   docker://19.3.0
root@controlplane:~#
rodnymolina commented 3 years ago

@vpalazhi, thanks for filing this one up.

Question. Given the amount of work involved in having these two CNIs fully supported in Sysbox, would you mind if I create a separate issue (EPIC in this case) to track Calico effort?

rodnymolina commented 3 years ago

Just created a new issue to track Calico's support effort separately.

rodnymolina commented 3 years ago

Done with this one now. Feature will be provided in the next Sysbox-EE release.