-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Openstack cloud provider causing apiserver container to fail #588
Comments
After digging a little into the source code , I found a work around. You just have to map /dev/sr0 device into your container and set the container as privileged. ...
volumeMounts:
- mountPath: /dev/disk/by-label/config-2
name: sr0
...
volumes:
- hostPath:
path: /dev/sr0
type: BlockDevice
name: sr0
securityContext:
privileged: true |
Can you check whether this is fixed in v1.9.0 |
/assign @dims |
@xiaosuiba no need to mount /dev/sr0 just adding privileges is enough (at least with 1.9.0+), i have proposed a PR to enabled that for OpenStack based kubeadm (see 57561) Thanks a lot for all your research, it helped quite a bit in fixing this issue. -- Dims |
…piserver-and-controller Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Enable privileged containers for apiserver and controller **What this PR does / why we need it**: In OpenStack environment, when there is no metadata service, we look at the config drive to figure out the metadata. Since we need to run commands like blkid, we need to ensure that api server and kube controller are running in the privileged mode. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #47392 Fixes kubernetes/kubeadm#588 **Special notes for your reviewer**: **Release note**: ```release-note Fix issue when using OpenStack config drive for node metadata ```
Is this a BUG REPORT or FEATURE REQUEST?
Choose one: BUG REPORT
Versions
kubeadm version (use
kubeadm version
): 1.8.4Environment:
kubectl version
): 1.8.4uname -a
): Linux 3.10What happened?
When adding
--cloud-provider=openstack
and--cloud-config=/etc/kubernetes/cloud.conf
to/etc/kubernetes/manifests/kube-apiserver.yaml
I get the following error on startup of the container:What you expected to happen?
For the container to find the config-2 drive and stay alive
How to reproduce it (as minimally and precisely as possible)?
/etc/kubernetes/manifests/kube-apiserver.yaml
and/etc/kubernetes/manifests/kube-controller-manager.yaml
share the following:/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
/etc/kubernetes/cloud.conf
Anything else we need to know?
The openstack metadata url is not available as HTTP, so unless HTTPS support is added, I need the config drive to work as expected.
Referred here from: kubernetes/kubernetes#47392
The text was updated successfully, but these errors were encountered: