Fix DISABLE_MODULES_MANAGEMENT

[kvaps]

Same as #4363
It's more correct way for fixing DISABLE_MODULES_MANAGEMENT

However on Talos Linux it is still broken, as OVN itself now requires SYS_MODULE which is restricted in Talos Linux:
https://www.talos.dev/v1.7/learn-more/process-capabilities/

/usr/share/openvswitch/scripts/ovs-ctl: 1: ovs-vswitchd: Operation not permitted

details: #4363 (comment)

[kvaps]

@zhangzujian is there any way for running ovn without SYS_MODULE capabilities?
The previus OVN version from ed16ce5 was working fine.

[kvaps]

@zhangzujian, I can also confirm that this fix working fine on Talos Linux with the latest Helm chart and building kube-ovn from v1.12.20 base image.

[zhangzujian]

is there any way for running ovn without SYS_MODULE capabilities?

You can try to change the runAsUser from 65534 to 0.

[kvaps]

You can try to change the runAsUser from 65534 to 0.

Unfortunately it's not working, even if I enable all capabilities, priveleged: true and runAsUser to 0

• v0.13 image is not working
• v0.12 image is ok

Talos Linux blocks all the calls that require SYS_MODULE

[cybercoder]

I have deployed my simple ovs daemonset inside talos and works fine. The problem is : modinfo is lying because it fetches the list of known modules by reading the /lib/modules/$(uname -r)/modules.* files, which are usually updated with depmod.

depmod -a can't run in talos and modinfo does not knows about it. This does not prevent us from loading the module.

[kvaps]

@cybercoder did you run v1.12 or v1.13?

[cybercoder]

@cybercoder did you run v1.12 or v1.13?

A simple OVS daemon set, I said, not the kube-ovn.

I've tried to install kube-ovn on Talos yesterdy using the Helm chart (with those custom values in doc). But v1.13 get errors for command usages, and v1.12 errors on modinfo. Today i'd go to change the start script and remove all modinfos, then try mount it as a configmap to see what happens.
V1.12 has not enough values on helm chart.

Just avoid get info and loading modules. Talos already supports ovs as builtin kernel module.

[cybercoder]

@kvaps
I have no success to deploy kube-ovn on my talos cluster. After commenting all modinfo and modprobe(s)
It can't run ovs-vswitchd and says not permitted. But my daemonset (based on Alpine) works fine!
I can't find out what is the problem.
You can look at my Docker Image and DaemonSet here:
https://medium.com/@vahid.gid/containerized-openvswitch-docker-compose-and-kubernetes-daemonset-f42ba16099bb