-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calico incompatible ipset protocol version (again) #8372
Calico incompatible ipset protocol version (again) #8372
Comments
Same here, started to fail after upgrading kubernetes to 1.29. Tested Calido 3.27 and 3.26.4 and both fail (works fine on k8s 1.28). I'm using debian 12 (kernel 6.5) and cri-o 1.29 by the way. |
I think ipset is just annoyingly loose with its protocol version. The version gets revved per-ipset-type bu the tool only reports the higher version it supports. We'll just need to upgrade ipset to match. |
@mazdakn I was willing to test with the image you provided but I get permission errors: Please let me know if I should try any further. Thanks! |
@msilcher thanks for willingness to help. I realised this PR won't fix the issue, so I am still working on a fix for it. I'll ping you once I have a proper fix. |
Great, thanks for letting me know. |
any news about this? |
@msilcher we have a fix without bumping |
sound good! I'm willing to test if you want to share the mentioned image |
@msilcher Thanks for the help. The fix is in this image: |
So far so good, no errors seen on calico-node pod. Other containers that depend on calico services that were failing before are working fine now! I'll do some more testing later but it looks promising. |
@msilcher thanks, please let us know when you have performed more tests. |
I plan to do a full upgrade from k8s 1.28.x to 1.29 using the test image to se if everything runs smooth afterwards. Probably I'll be able to do this tomorrow or the day after. I'll report back once I did. |
Closing this since the fix is merged to master and also back ported to v3.27. |
I switched calico node images in k8s 1.28.5 and tested, everything worked fine. Then upgraded the cluster to k8s 1.29.0 and checked again. Everything is still working fine in my test environment (Ingress, cert-manager, MetalLB, Elasticsearch, Grafana, Cloudflare argo tunnel, Pihole). |
Great, thanks @msilcher for testing:-) |
You're welcome! I expect to see this fix in 3.27.1 :) |
@msilcher I don't have an exact date, but most likely mid Feb it should be released. |
* Calico update fixes projectcalico/calico#8372
* Update fixes Calico incompatibility with Fedora CoreOS Rel: projectcalico/calico#8372
* Update fixes Calico incompatibility with Fedora CoreOS Rel: projectcalico/calico#8372
Has this been fixed? My System:
I have same similar issue with the following error on all nodes:
The OS runs
When I run Alpine OS
Ubuntu server is fine but the same error:
Any help or direction would be appreciated |
@arana198 Yes, it was fixed, if you're seeing it again, please upgrade to the latest Calico version, try again. Then, if you still see it, open a new issue. |
I am using the latest version v3.27.3 - I'll raise another issue Thanks |
Expected Behavior
Calico's use of ipset should be as broadly compatible as possible.
Current Behavior
Calico v3.26.3 crashloops on Fedora CoreOS hosts now:
This is similar to an issue that happened a few years ago. #5011
Possible Solution
Before, Calico wasn't shipping a new enough
ipset
, but here the versions do seem to match.kube-proxy:
So I'm not sure why Calico calls to ipset see incompatible versions.
Steps to Reproduce (for bugs)
Your Environment
Notably, on a Flatcar Linux node (5.15 kernel, much older) I don't see this issue.
The text was updated successfully, but these errors were encountered: