You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After switching Kubernetes v1.23.17 cluster nodes from dockershim to cri-dockerd, kubelet blocks a single Pod (the MetalLB controller) while all other Pods seem to run fine:
Mar 20 15:55:51 n0217 kubelet[1225]: E0320 15:55:51.965802 1225 pod_workers.go:965] "Error syncing pod, skipping" err="pod cannot be run: Cannot enforce NoNewPrivs: illegal version string \"v1\"" pod="metallb-system/controller-85dd57bdc-wh29s" podUID=578c94ac-0f44-40e2-bf74-9729c7806f18
Reverting to dockershim or setting securityContext.allowPrivilegeEscalation to true let the Pod start without issues. The Deployment does not look special:
There seems to be some hardcoded cases for DockerContainerRuntime, that are not applied to RemoteContainerRuntime. So the kubelet behaves differently, for dockershim and for cri-dockerd... As far as I know <= v1.23 still uses dockershim.
Indeed, updating the kubelet to v1.24 resolves the issues. So it looks like migrating to cri-dockerdbefore proceeding with the Kubernetes upgrade is not an option.
Can we add a note to the README that cri-dockerd is not (entirely) compatible with v1.23 for others entering the upgrade path?
joez
added a commit
to joez/dots
that referenced
this issue
Dec 10, 2023
After switching Kubernetes v1.23.17 cluster nodes from
dockershim
tocri-dockerd
,kubelet
blocks a single Pod (the MetalLB controller) while all other Pods seem to run fine:Reverting to
dockershim
or settingsecurityContext.allowPrivilegeEscalation
totrue
let the Pod start without issues. TheDeployment
does not look special:Using
cri-dockerd
also raises object not registered warnings.However, they disappear after a while, and I wonder if they are related.
Is Kubernetes v1.23 compatible with
cri-dockerd
? Any hints on what’s missing or incompatible?Versions:
5.19.0-35-generic
The text was updated successfully, but these errors were encountered: