search

rootless-containers / usernetes

Kubernetes without the root privileges
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
Apache License 2.0
865 stars 58 forks source link

Warning from kubeadm preflight about sandbox image #314

Open afbjorklund opened 10 months ago

afbjorklund commented 10 months ago 
[init] Using Kubernetes version: v1.28.4
[preflight] Running pre-flight checks
    [WARNING SystemVerification]: missing optional cgroups: hugetlb
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W1123 08:54:42.549433     139 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.7" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image.

https://kubernetes.io/docs/setup/production-environment/container-runtimes/#override-pause-image-containerd

This issue is not seen in kind, since they do not run the preflight:

--skip-phases=preflight

Newer versions of kubernetes (1.29) will query CRI for the sandbox.

So then it will automatically get the old version containerd is using...

https://github.com/kubernetes-sigs/kind/blob/v0.20.0/images/base/files/etc/containerd/config.toml#L37

  # use fixed sandbox image
  sandbox_image = "registry.k8s.io/pause:3.7"

It probably should make sure that it is "pinned", for garbage collection.