New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
socket-lb is broken on minikube in Docker mode #15769
Comments
@brb I wasn't able to reproduce the issue. I followed the steps given in the gsg to create a minikube cluster on the dev VM (net-next), and installed Cilium How did you discover that socket-lb was broken? Just to confirm, when you say docker-in-docker, you are referring to the setup where k8s node is deployed as a docker container, and then cilium pod runs as a container inside the node, right? I also checked that cgroup v2 is NOT enabled. docker seems to be the default driver (even when I didn't pass
|
@aditighag I believe the problem arises with kernel 5.10+. Which version do you run? |
Yes, it is > 5.10 (mentioned in the previous comment).
|
If we do any work on this before the release, it should be the doc change as mentioned in the top comment:
|
Looks like the minikube GSG was removed in v1.10.0-rc1. |
Did some digging. When running Cilium with host-reachable svc on on minikube with Docker driver, bpf_sock is attached to the following hierarchy:
Any other pod is running in the following cgroupv2 hierarchy:
So the bpf_sock based svc xlation is not active. To fix the issue, we need to find the common root in the hierarchies. |
More digging. After changing the Docker cgroup driver to
|
@ti-mo Maybe you have chance to validate the fix? |
Thanks, will do and report back. 👍 |
When running minikube in the Docker mode (aka k8s docker-in-docker), ClusterIP services cannot be reached with socket-lb enabled (aka host-reachable svc; enabled by default on newer kernels due to the
--kube-proxy-replacement
defaulting to probe). This is due to the same reason as documented in #14951.The text was updated successfully, but these errors were encountered: