Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: coredns crashloopbackoff in packet_centos7-calico-ha-once-localhost #10869

Closed
VannTen opened this issue Feb 2, 2024 · 3 comments · Fixed by #10873
Closed

CI: coredns crashloopbackoff in packet_centos7-calico-ha-once-localhost #10869

VannTen opened this issue Feb 2, 2024 · 3 comments · Fixed by #10873
Labels
kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test.

Comments

@VannTen
Copy link
Contributor

VannTen commented Feb 2, 2024

Which jobs are failing ?

packet_centos7-calico-ha-once-localhost

Which tests are failing ?

020_check-pods-running

Since when has it been failing ?

Yesterday (February 1st 2024) (first failure : https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/jobs/6073443810 )

Reason for failure

Unknown, but I suspect #10719

Anything else we need to know

No response
@VannTen VannTen added the kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. label Feb 2, 2024
@VannTen VannTen changed the title CI: coredns crashloopbackoff in CI: coredns crashloopbackoff in packet_centos7-calico-ha-once-localhost Feb 2, 2024
@VannTen
Copy link
Contributor Author

VannTen commented Feb 2, 2024
edited
Loading

Looks like the issue is that coredns gets a permission denied error when trying to bind to port 53 (if I reproduced the problem correctly). Might also come from docker or centos7

@VannTen
Copy link
Contributor Author

VannTen commented Feb 2, 2024

Possible cause (at least similar symptoms coredns/coredns#6249 )

@pacoxu
Copy link
Member

pacoxu commented Feb 4, 2024
edited
Loading

Kubespray is using a very old docker version 20.10.20.

moby/moby#43420 is reported on 20.10.14+ for a similar problem and they fixed it in pi-hole/docker-pi-hole#1030. (Not fixed in moby).

Later moby/moby#45491 another similar problem was fixed and backported to 23.0.7 moby/moby#46222.

Can we upgrade docker to 23.0.7+ to see if it can be fixed?

In moby/moby#46222, docker maintainer provided a simple steps to check if it is fixed.

Use the below as Dockerfile

FROM alpine
RUN apk add --update libcap

RUN ls -la /usr/sbin/capsh
RUN setcap 'cap_sys_admin=ep' /usr/sbin/capsh
docker run --security-opt=no-new-privileges --user=100 --cap-add sys_admin <tag of the build Dockerfile> capsh --print

You should see Current: = cap_sys_admin+ep rather than Current:

@pacoxu pacoxu mentioned this issue Feb 4, 2024
Open
@yankay yankay mentioned this issue Feb 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Docker version to v24.0 yankay/kubespray
2 participants
@pacoxu @VannTen