-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error while creating daemon when NodePort device is TUN or WireGuard interface #12304
Comments
I've the same problem when upgrading from Cilium 1.7.5 to 1.8.0. While 1.7.5 works without issues I can't get 1.8.0 working. The error is exactly the same. Orchestration system version in use (e.g. kubectl version, Mesos, ...):
Kernel (OS: Ubuntu 20.04):
Error:
helm values.yml:
The whole Kubernetes cluster communicates via WireGuard to encrypt all communication between Kubernetes hosts. |
We need NodePort and direct routing devices to have a MAC address. If they don't, init.sh fails with the following error: level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader level=warning msg="+ IDX=1" subsys=datapath-loader level=warning msg="++ ip link show lo" subsys=datapath-loader level=warning msg="++ grep ether" subsys=datapath-loader level=warning msg="++ awk '{print $2}'" subsys=datapath-loader level=warning msg="+ MAC=" subsys=datapath-loader level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon Thus, we need to skip auto-detected devices that don't have a MAC address. This commit implements that and was tested by injecting a loopback interface with an IP address in the code, in the dev. VM: loAddr, err := netlink.ParseAddr("192.168.33.11/32") if err == nil { loAddr.LinkIndex = 1 addrs = append(addrs, *loAddr) } Fixes: #12228 Fixes: #12304 Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection") Signed-off-by: Paul Chaignon <paul@cilium.io>
We need NodePort and direct routing devices to have a MAC address. If they don't, init.sh fails with the following error: level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader level=warning msg="+ IDX=1" subsys=datapath-loader level=warning msg="++ ip link show lo" subsys=datapath-loader level=warning msg="++ grep ether" subsys=datapath-loader level=warning msg="++ awk '{print $2}'" subsys=datapath-loader level=warning msg="+ MAC=" subsys=datapath-loader level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon Thus, we need to skip auto-detected devices that don't have a MAC address. This commit implements that and was tested by injecting a loopback interface with an IP address in the code, in the dev. VM: loAddr, err := netlink.ParseAddr("192.168.33.11/32") if err == nil { loAddr.LinkIndex = 1 addrs = append(addrs, *loAddr) } Fixes: #12228 Fixes: #12304 Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection") Signed-off-by: Paul Chaignon <paul@cilium.io>
[ upstream commit 089060b ] We need NodePort and direct routing devices to have a MAC address. If they don't, init.sh fails with the following error: level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader level=warning msg="+ IDX=1" subsys=datapath-loader level=warning msg="++ ip link show lo" subsys=datapath-loader level=warning msg="++ grep ether" subsys=datapath-loader level=warning msg="++ awk '{print $2}'" subsys=datapath-loader level=warning msg="+ MAC=" subsys=datapath-loader level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon Thus, we need to skip auto-detected devices that don't have a MAC address. This commit implements that and was tested by injecting a loopback interface with an IP address in the code, in the dev. VM: loAddr, err := netlink.ParseAddr("192.168.33.11/32") if err == nil { loAddr.LinkIndex = 1 addrs = append(addrs, *loAddr) } Fixes: #12228 Fixes: #12304 Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Chris Tarazi <chris@isovalent.com>
It is goot than now cillium starts without error, but it will be nice to have NodePort working on such devices (TUN, WireGuard, etc). |
Thank you. |
[ upstream commit 089060b ] We need NodePort and direct routing devices to have a MAC address. If they don't, init.sh fails with the following error: level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader level=warning msg="+ IDX=1" subsys=datapath-loader level=warning msg="++ ip link show lo" subsys=datapath-loader level=warning msg="++ grep ether" subsys=datapath-loader level=warning msg="++ awk '{print $2}'" subsys=datapath-loader level=warning msg="+ MAC=" subsys=datapath-loader level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon Thus, we need to skip auto-detected devices that don't have a MAC address. This commit implements that and was tested by injecting a loopback interface with an IP address in the code, in the dev. VM: loAddr, err := netlink.ParseAddr("192.168.33.11/32") if err == nil { loAddr.LinkIndex = 1 addrs = append(addrs, *loAddr) } Fixes: #12228 Fixes: #12304 Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Chris Tarazi <chris@isovalent.com>
Bug report
General Information
cilium version
)uname -a
)kubectl version
, Mesos, ...)Looks like it because TUN dev not have valid MAC
How to reproduce the issue
The text was updated successfully, but these errors were encountered: