-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cilium v1.12.0-rc2 complains on startup: "Unable to patch node resource with annotation" #19816
Comments
We should investigate here to see whether this can be avoided either with improvements to the Helm charts or upgrade guide docs, since I wasn't directly and closely following any upgrade guides. This could be user error on my part, but I want to make sure that we're not ignoring a real signal. |
Annotating node is gated by flag .Values.annotateK8sNode which is: So just want to confirm if the above error log was showing after upgrade ? or after 1.9 installation? I have done a quick 1.9 installation and surprisingly the above error happens despite the fact the clusterrole is having dark magic patch permission on nodes/status.
Manually change clusterrole permission (from patch nodes/status to patch nodes) solves the issue, I don't know what changes as the last time I verified on this #19590 (review)
|
I only noticed after upgrade to v1.12.0-rc2. I believe this was in the cilium-agent logs, but I guess I'll have to try again and confirm.
May be worth double-checking with |
My bad, I thought I added repo suffix Then I have upgraded to v1.12.0-rc2, every thing seems fine to me. Note that some warning logs related to iptables are not related to this issue. Out of curiousity, do we support upgrade across major versions (e.g. 1.9 -> 1.11/1.12) ? Or the upgrade should be done incrementally (e.g. 1.9.x -> 1.10.x -> 1.11.x -> ...) ? v1.9.16 -> v1.12.0-rc2
|
We only officially support the latter, there are some steps that will get missed if you upgrade directly from 1.9->1.11/1.12. As a developer I just like to live life on the edge 😁 |
I've just retried reproducing this, and like @sayboras I can't reproduce it any more. I'll close this out, feel free to comment or reopen if you see this again. |
Reproduced in GKE 1.22.8-gke.201 Found a quick workaround:
ClusterRole |
@AndreiHardziyenkaIR can you share the steps on how you are installing cilium ? I just tried with the above version as well, but I am unable to replicate.
|
@sayboras |
Hi @AndreiHardziyenkaIR, in that case you should try and contact Google support and explain the situation. Thank you. |
Same happened with v1.11.6 and dataplane v2, then i've used cilium uninstall which crashed whole cluster. |
@AndreiHardziyenkaIR I just discovered the same issue in our GKE clusters, did you get any more information about this? is it required at all? |
Ay, For information, I've contacted GCP support and here is the response :
Anyway, the workaround work well. 👍 |
@KrustyHack and @AndreiHardziyenkaIR Thanks!! You save my day! Have you ever seen this error in GKE with Dataplane v2 enabled?
|
Ay @marandalucas , No sorry, I never had this error on our GKE clusters. If you have access to GCP support I would recommend you to contact them. |
Is there an existing issue for this?
What happened?
I installed Cilium v1.9.x using the Helm charts into a kind environment by following the Kind GSG.
Afterwards, I upgraded to Cilium 1.12.0-rc2 by executing the following command:
Here is my
kind-values.yaml
:The following warnings are then being regularly printed to the logs:
Cilium Version
1.12.0-rc2
Kernel Version
5.14.0-1034-oem (Ubuntu Focal 20.04.4 LTS)
Kubernetes Version
1.21.1
Sysdump
No response
Relevant log output
No response
Anything else?
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: