-
Notifications
You must be signed in to change notification settings - Fork 31
permission denied to /var/run/docker.sock #84
Comments
Hi moix, Can you please send more details about your environment? Especially OS, and kubernetes/docker versions. Also, please try to run this command manually on a minion node, and see if it works: sudo docker run -priviledged -d --net=host -p 4243:4243 --name cluster-insight -e CLUSTER_INSIGHT_MODE=minion -v /var/run/docker.sock:/var/run/docker.sock:ro kubernetes/cluster-insight |
Moix: Once you run the minion collector, try to access it from the same VM using the command: curl http://localhost:4243/containers/json It should show a few lines of JSON output and it should not fail. If it fails, please report the error message. |
Hi supreyagarg/EranGabber, yes thanks! it was indeed a problem with selinux and privilegies for docker containers. I could make it work with the following to options but both running out of a pod so now facing the issue you pointed, #70:
With these 2 commands cluster-insight runs fine, curl now responds fine:
Now trying to know how to include one of these 2 options in the pod spec, any clue? have tried some combinations but cannot make it work. |
Alright, setting --allow_privileged=true in kubelet in minions and adding I would prefer obviously to set Thanks! |
moix, I will try to update the specification and push a new version to Github soon. |
Moix, Can you please tell us about the rest of your environment, so we can replicate the issue. Thanks. |
Moix, Please add the following line to the pod spec, exactly where you had added the
Let us know if this works. |
Sorry, was not in my laptop when reported the issue and couldnt detail the environment. It is a setup on 3 centos-7 servers, one master and 2 minions. Version of the packages are:
this docker runs with More information about the environment you can check at kubernetes/kubernetes#9580 Sure, I'll try |
Moix - I finally got around to setting up a CentOS kubernetes cluster. The option you specified ( I added this line right between Thanks. |
Moix, Supriya just updated the collector/cluster-insight-controller.json file in the repository. Please fetch it from https://github.com/google/cluster-insight and try again. Thanks. |
Hi, nop, master is not able to deploy pods, error in log is (https://github.com/GoogleCloudPlatform/kubernetes/blob/release-0.17/pkg/controller/controller_utils.go):
I've tried to investigate where it comes and how to enable but sorry, just a beginner in kubernetes :) I guess kubelet service in minions should run with some option to allow security context modifications, https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/security_context.md Will continue looking for a solution and let you know if I find the proper configuration. Thanks! |
Moix, We changed the configuration of the Cluster-Insight collector. It is now a service with its own replication controller. Could you try to install it again with the latest installation script and the latest container image? Thanks, Eran |
Sure, I'm not at the office now but will try as soon as I'm back. Thanks, Moix. |
Sorry for the delay, yeah now worked fine! thanks @EranGabber |
Hi,
today I tried to install cluster-insight on my minions but it is failing with a permission denied to docker.sock.
I'm running latest docker version which I've realized that come now with --selinux-enabled option set by default. Just a guess, Can it be related? any clue how to fix it?
Thanks!
The text was updated successfully, but these errors were encountered: