Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running KinD inside a Docker 20.10.6-dind container fails with v0.4.1 #415

ctalledo opened this issue Oct 22, 2021 · 3 comments
bug Something isn't working


Copy link

Repro steps:

  1. Launch dind container:
docker run --runtime=sysbox-runc \                                                                                                                                                                                                                                                                                            
     --name dind-syscont -d \                                                                                                                                                                                                                                                                                                 
     --network some-network --network-alias docker \                                                                                                                                                                                                                                                                          
     -e DOCKER_TLS_CERTDIR=/certs \                                                                                                                                                                                                                                                                                           
     -v dind-syscont-certs-ca:/certs/ca \                                                                                                                                                                                                                                                                                     
     -v dind-syscont-certs-client:/certs/client \                                                                                                                                                                                                                                                                             
  1. Launch docker cli container:
root@sysbox-test:~/nestybox/sysbox# docker run -it --rm \                                                                                                                                                                                                                                                                     
     --network some-network \                                                                                                                                                                                                                                                                                                 
     -e DOCKER_TLS_CERTDIR=/certs \                                                                                                                                                                                                                                                                                           
     -v dind-syscont-certs-client:/certs/client:ro \                                                                                                                                                                                                                                                                          
     docker:latest sh                                                                                                                                                                                                                                                                                                         

Inside the docker cli container:

  1. Install KinD:
apk add curl                                                                                                                                                                                                                                                                                                                  
curl -Lo ./kind                                                                                                                                                                                                                                                           
chmod +x kind                                                                                                                                                                                                                                                                                                                 
cp kind /usr/bin/kind                                                                                                                                                                                                                                                                                                         
  1. Create a kind cluster with kindest node:
~ #  kind create cluster --image=nestybox/kindestnode:v1.18.2                                                                                                                                                                                                                                                                 
Creating cluster "kind" ...                                                                                                                                                                                                                                                                                                   
 ✓ Ensuring node image (nestybox/kindestnode:v1.18.2) 🖼                                                                                                                                                                                                                                                                       
 ✗ Preparing nodes 📦                                                                                                                                                                                                                                                                                                         
ERROR: failed to create cluster: docker run error: command "docker run --hostname kind-control-plane --name kind-control-plane --label io.x-k8s.kind.role=control-plane --privileged --security-opt seccomp=unconfined --security-opt apparmor=unconfined --tmpfs /tmp --tmpfs /run --volume /var --volume /lib/modules:/lib/$
Command Output: docker: Error response from daemon: failed to copy xattrs: failed to list xattrs on /var/lib/docker/overlay2/9e0c206a7cf7a33d50da94fe146f7ed1a13604a7f3f1d448b7124d2540a461d2/merged/var/lock: no such file or directory.                                                                                     
See 'docker run --help'.                                                                                                                                                                                                                                                                                                      
@ctalledo ctalledo self-assigned this Oct 22, 2021
@ctalledo ctalledo added the bug Something isn't working label Oct 22, 2021
@ctalledo ctalledo added this to To do in Sysbox Dev via automation Oct 22, 2021
@ctalledo ctalledo moved this from To do to In progress in Sysbox Dev Oct 22, 2021
Copy link

I'm not sure if this is related, but I've noticed that Sysbox is struggling to run Ubuntu 21.10 sys containers, which is also the Ubuntu release utilized by the latest KinD version (v0.11.1), so KinD might be just a red-herring here.

Try this and you should see the problem that I'm referring to right away ...

$ docker run --runtime=sysbox-runc -it --rm --name test-1 --hostname test-1
[  OK  ] Started OpenBSD Secure Shell server.
[FAILED] Failed to start containerd container runtime.
See 'systemctl status containerd.service' for details.
[DEPEND] Dependency failed for Docker Application Container Engine.
[  OK  ] Started User Login Management.

If you try to run docker within this sys-container you'll see that it will crash ...

Copy link
Member Author

ctalledo commented Oct 23, 2021

I'm not sure if this is related, but I've noticed that Sysbox is struggling to run Ubuntu 21.10 sys containers

This is not related to this issue, created issue #416 to track it.

Copy link
Member Author

ctalledo commented Oct 23, 2021

The problem was identified as a bug in the way Sysbox intercepts and emulates the llistsetxattr() syscall.

This issue is now fixed in Sysbox top-of-tree via this commit.

The fix will be present in the Sysbox release after v0.4.1.


Sysbox Dev automation moved this from In progress to Done Oct 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
bug Something isn't working
Sysbox Dev

No branches or pull requests

2 participants