-
Notifications
You must be signed in to change notification settings - Fork 39.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kube_proxy running under a static kernel reports false-positive module load failures #69006
Comments
/sig network |
Hi If there isn't a hurry, can I volunteer to look into this? I don't have much experience in this area so it'll probably take me a while to figure things out. New to the k8s codebase. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Anyway we can get this reopened or should I create a new issue? We are running into this issue in https://github.com/talos-systems/talos. |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
Building a fully static Linux kernel with kube_proxy's desired IP_VS (Virtual Server) modules linked statically:
CONFIG_IP_VS=y
CONFIG_IP_VS_RR=y
CONFIG_IP_VS_WRR=y
CONFIG_IP_VS_SH=y
CONFIG_NF_CONNTRACK_IPV4=y
Causes kube_proxy to believe that these features don't exist because it can't find modules for them:
What you expected to happen:
If Kube_proxy's desired kernel features are linked statically in the kernel, kube_proxy should carry on and not attempt and throw error messages about modules not being found.
Under the hood, kube_proxy should simply check for the existence of the desired kernel features in the /proc tree (ie:
/proc/sys/net/ipv4/vs
, and others) before attempting to look for and load modules. If, after module loads fails, then throw the error messages and switch to iptables.How to reproduce it (as minimally and precisely as possible):
/boot/config-old_kernel_version
into the source tree as.config
make oldconfig
and answer any questionsmake localyesconfig
to switch to a fully static kernel.config
and ensure the following exist, and are not=m
:make menuconfig
and deselect[ ] Enable loadable module support
(box is empty)make -j$(nproc)
cp arch/x86/boot/bzImage /boot/vmlinuz-4.18.9-kube_proxy_mods_static
cp .config /boot/config-4.18.9-kube_proxy_mods_static
grub2-mkconfig -o /boot/grub2/grub.cfg
) or (grub-mkconfig -o /boot/grub/grub.cfg
) depending on your distribution.Anything else we need to know?:
Fully static kernels will not generate
/lib/modules/$kerne_version/modules.builtin
so inspecting that file will fail - as well in the kube_proxy source. The gold-standard is to simply check for the features in the active/proc/...
tree first, and consider those as "built-in".The next best options is checking
/boot/config-$(uname -r)
forCONFIG_<FEATURE>=y
statements, which tells you if they're built-in. Note that/boot/config-<version>
files are almost universally installed by OS maintainers.And finally, you could try checking
/proc/config.gz
, which is a compressed version of the externally held .config text file, in a similar manner noted above, however it's up to the maintainer to build that feature into the kernel (so it might not exist).For reference, here's the list of modules kube_proxy wants: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L161
Here we see kube_proxy's errant module-centric code that needs to be made compatible w/ static kernels:
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L433
Environment:
kubectl version
): 1.11.3uname -a
): 4.18.9 statically linkedThe text was updated successfully, but these errors were encountered: