Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.25] - k3s check-config outdated #7163

Closed
dereknola opened this issue Mar 29, 2023 · 2 comments
Closed

[Release-1.25] - k3s check-config outdated #7163

dereknola opened this issue Mar 29, 2023 · 2 comments
Assignees
@dereknola @est-suse
Milestone
v1.25.9+k3s1

Comments

@dereknola
Copy link
Member

Backport fix for k3s check-config outdated
@dereknola dereknola self-assigned this Mar 29, 2023
@dereknola dereknola mentioned this issue Mar 29, 2023
Merged
@dereknola dereknola added this to the v1.25.9+k3s1 milestone Mar 29, 2023
@est-suse
Copy link
Contributor

est-suse commented Apr 2, 2023
edited
Loading

##Environment Details
Reproduced using VERSION=v1.21.11+k3s1
Validated using COMMIT=9e22489dafb15989cafa7b6bd52ed949471dd057

Node(s) CPU architecture, OS, and version:

NAME="SLES"
VERSION="15-SP4"
VERSION_ID="15.4"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP4"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp4"
DOCUMENTATION_URL="https://documentation.suse.com/"

Cluster Configuration:

1 server

Config.yaml:

write-kubeconfig-mode: 644
debug: true
token: test
selinux: true
protect-kernel-defaults: true
cluster-init: true

Validation Steps

Copy config.yaml: sudo mkdir -p /etc/rancher/k3s/ && sudo cp config.yaml /etc/rancher/k3s/config.yaml
Install K3s:  curl -sfL https://get.k3s.io | INSTALL_K3S_COMMIT=9e22489dafb15989cafa7b6bd52ed949471dd057 sh -

$ k3s check-config

ec2-user@ip-172-31-16-15:~>  k3s check-config | grep -E "Generally
> Necessary:|CONFIG_CGROUP_PIDS|NETFILTER_XT_MATCH_COMMENT|NETFILTER_XT_MATCH_MULTIPORT"
Generally Necessary:
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_MULTIPORT: enabled (as module)

k3s check-config | grep -E "Optional Features:|CONFIG_CGROUP_PIDS"
- CONFIG_CGROUP_PIDS: enabled

@est-suse
Copy link
Contributor

est-suse commented Apr 2, 2023

THEN double check in Ubuntu 20.04:

ubuntu@ip-172-31-29-112:~$ k3s check-config

Verifying binaries in /var/lib/rancher/k3s/data/03a432ed90658e5bca51b8c9bc43c640b937bf50df2aaf4b54bd2f51606395f8/bin:
- sha256sum: good
- links: good

System:
- /usr/sbin iptables v1.8.4 (legacy): ok
- swap: disabled
- routes: ok

Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000

modprobe: FATAL: Module configs not found in directory /lib/modules/5.15.0-1031-aws
info: reading kernel config from /boot/config-5.15.0-1031-aws ...

Generally Necessary:
- cgroup hierarchy: cgroups Hybrid mounted, cpuset|memory controllers status: good
- /usr/sbin/apparmor_parser
apparmor: enabled and tools installed
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_MULTIPORT: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_POSIX_MQUEUE: enabled

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_SET: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: enabled (as module)
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled (as module)
      - CONFIG_XFRM_ALGO: enabled (as module)
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_INET_XFRM_MODE_TRANSPORT: missing
- Storage Drivers:
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled (as module)

STATUS: pass

@est-suse est-suse closed this as completed Apr 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dereknola dereknola

@est-suse est-suse

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.25.9+k3s1
Development

No branches or pull requests
2 participants
@dereknola @est-suse