Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warnings that k8s service may not work #657

Merged
merged 11 commits into from
Sep 17, 2024
Merged

Warnings that k8s service may not work #657

merged 11 commits into from
Sep 17, 2024

Conversation

maci3jka
Copy link
Contributor

@maci3jka maci3jka commented Sep 9, 2024

In some cases when running k8s in a secured environment it may have problems with running this pr introduces warnings in k8s bootstrap and k8sd with information that k8s may not work as intended.

examples
k8sd:

Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: + exec /snap/k8s/x1/bin/k8sd --state-dir=/var/snap/k8s/common/var/lib/k8sd/state
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: Warning: k8s may not run correctly due to reasons:
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: owner of /sys is user with UID 65534 expected 0
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: owner of /sys is group with GID 65534 expected 0
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: owner of /proc is user with UID 65534 expected 0
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: owner of /proc is group with GID 65534 expected 0
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: AppArmor may block hosting of nested containers
Sep 09 07:59:58 k8s-tests k8s.k8sd[26597]: If runnung inside LXD container refer to https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/.

k8s bootstrap :

root@k8s-tests:~# k8s bootstrap
Warning: k8s may not run correctly due to reasons:
owner of /sys is user with UID 65534 expected 0
owner of /sys is group with GID 65534 expected 0
owner of /proc is user with UID 65534 expected 0
owner of /proc is group with GID 65534 expected 0
/home/mgolaszewski/rock/k8s-snap/src/k8s do not exist
AppArmor may block hosting of nested containers
If runnung inside LXD container refer to https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/.
Bootstrapping the cluster. This may take a few seconds, please wait.
Bootstrapped a new Kubernetes cluster with node address "10.80.3.236:6400".
The node will be 'Ready' to host workloads after the CNI is deployed successfull

fixes KU-1475, #439

maci3jka
maci3jka commented Sep 9, 2024
View reviewed changes
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
maci3jka
maci3jka commented Sep 9, 2024
View reviewed changes
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
berkayoz
berkayoz reviewed Sep 10, 2024
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Left some comments

src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
@maci3jka
Copy link
Contributor Author

after changes logs looks like

Sep 11 15:40:34 k8s-tests k8s.k8sd[75885]: I0911 15:40:34.615091   75885 utils/file.go:369] "Warning: owner of /sys is user with UID 65534 expected 0" logger="k8sd"
Sep 11 15:40:34 k8s-tests k8s.k8sd[75885]: I0911 15:40:34.615115   75885 utils/file.go:369] "Warning: owner of /proc is user with UID 65534 expected 0" logger="k8sd"
Sep 11 15:40:34 k8s-tests k8s.k8sd[75885]: I0911 15:40:34.615123   75885 utils/file.go:369] "Warning: /dev/kmsg do not exist" logger="k8sd"
Sep 11 15:40:34 k8s-tests k8s.k8sd[75885]: I0911 15:40:34.615129   75885 utils/file.go:369] "Warning: AppArmor may block hosting of nested containers" logger="k8sd"
Sep 11 15:40:34 k8s-tests k8s.k8sd[75885]: I0911 15:40:34.615137   75885 utils/file.go:369] "Warning: For running k8s inside LXD container refer to https://documentation.ubuntu.com/canonica-l-kubernetes/latest/snap/howto/install/lxd/" logger="k8sd"

@maci3jka
Copy link
Contributor Author

in cli

k8s bootstrap
The lxc profile for MicroK8s might be missing.
For running k8s inside LXD container refer to https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/
Bootstrapping the cluster. This may take a few seconds, please wait.
Bootstrapped a new Kubernetes cluster with node address "10.80.3.236:6400".
The node will be 'Ready' to host workloads after the CNI is deployed successfully.

in journal

Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]: Warning: When validating required resources potential issues found:
Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]:          owner of /sys is user with UID 65534 expected 0
Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]:          owner of /proc is user with UID 65534 expected 0
Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]:          /dev/kmsg do not exist
Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]: The lxc profile for MicroK8s might be missing.
Sep 12 13:41:26 k8s-tests k8s.k8sd[21144]: For running k8s inside LXD container refer to https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/

berkayoz
berkayoz reviewed Sep 13, 2024
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, left some comments

src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
maci3jka
maci3jka commented Sep 13, 2024
View reviewed changes
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
@maci3jka maci3jka marked this pull request as ready for review September 13, 2024 08:56
@maci3jka maci3jka requested a review from a team as a code owner September 13, 2024 08:56
bschimke95
bschimke95 reviewed Sep 13, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

going in the right direction, added a couple of comments

src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated
"github.com/spf13/cobra"
)

const initialProcesEnvironmentVariables = "/proc/1/environ"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Process

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also add a short comment please

src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8sd/k8sd.go Outdated Show resolved Hide resolved
bschimke95
bschimke95 reviewed Sep 16, 2024
View reviewed changes
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
bschimke95
bschimke95 reviewed Sep 17, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

couple of more comments but going in the right direction.

src/k8s/cmd/k8s/hooks.go Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/hooks.go Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Outdated Show resolved Hide resolved
src/k8s/cmd/util/hooks.go Show resolved Hide resolved
bschimke95
bschimke95 approved these changes Sep 17, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bschimke95
Copy link
Contributor

Please fix the go vet and then we are good to merge

@maci3jka maci3jka merged commit 969662f into main Sep 17, 2024
20 checks passed
@maci3jka maci3jka deleted the KU-1475/checks-prerun-resource-ownership branch September 17, 2024 19:21
evilnick pushed a commit that referenced this pull request Sep 18, 2024
@maci3jka @evilnick
Warnings that k8s service may not work (#657)
f55f6f8 
Warnings that k8s service may not work (#657)
KU-1475
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschimke95 bschimke95 bschimke95 approved these changes

@berkayoz berkayoz Awaiting requested review from berkayoz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maci3jka @bschimke95 @berkayoz