Calico Charm

[beta] ipset and conntrack packages missing from install

Bug #2045651 reported by Peter Jose De Sousa
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Calico Charm
New
Undecided
Unassigned
Kubernetes Control Plane Charm
New
High
Unassigned
Kubernetes Worker Charm
New
High
Unassigned

Bug Description

Hello

Similar to: https://bugs.launchpad.net/charm-kubernetes-master/+bug/2020059

With the recent ops changes the packages ipset and conntrack are not installed which can break cluster formation at later stages.

In this case the kube-proxy process fails to start with errors that the ipset binary cannot be found in the PATH.

[Workaround]

Install the ipset and conntrack packages.

Thanks,
Peter

See original description
Peter Jose De Sousa (pjds)
description: updated
George Kraft (cynerva)
Changed in charm-kubernetes-master:
importance: Undecided → High
Changed in charm-kubernetes-worker:
importance: Undecided → High
Revision history for this message
Michael Fischer (michaelandrewfischer) wrote (last edit ):

I ran into this installing charmed-kubernetes versions 1.29+ on maas. It appears to be root cause of https://bugs.launchpad.net/charm-calico/+bug/2064145

Jul 20 06:50:06 game-ewe systemd[1]: Started Service for snap application kube-proxy.daemon.
Jul 20 06:50:06 game-ewe kube-apiserver.daemon[105450]: I0720 06:50:06.995084 105450 httplog.go:132] "HTTP" verb="GET" URI="/api/v1/nodes/game-ewe" latency="4.58224ms" userAgent="kube-proxy/v1.30.3 (linux/amd64) kubernetes/6fc0a69" audit-ID="601b0ed6-a8ac-4f4a-ba47-9da13b1a86ee" srcIP="127.0.0.1:54318" apf_pl="global-default" apf_fs="global-default" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" apf_execution_time="3.85055ms" resp=200
Jul 20 06:50:06 game-ewe kube-proxy.daemon[156558]: I0720 06:50:06.996654 156558 server.go:1062] "Successfully retrieved node IP(s)" IPs=["192.168.2.49"]
Jul 20 06:50:07 game-ewe kube-proxy.daemon[156558]: I0720 06:50:07.000981 156558 conntrack.go:59] "Setting nf_conntrack_max" nfConntrackMax=131072
Jul 20 06:50:07 game-ewe kube-proxy.daemon[156558]: I0720 06:50:07.007944 156558 server.go:659] "kube-proxy running in dual-stack mode" primary ipFamily="IPv4"
Jul 20 06:50:07 game-ewe kube-proxy.daemon[156558]: E0720 06:50:07.011189 156558 server.go:558] "Error running ProxyServer" err="can't use the IPVS proxier: error getting ipset version, error: executable file not found in $PATH"
Jul 20 06:50:07 game-ewe kube-proxy.daemon[156558]: E0720 06:50:07.011230 156558 run.go:74] "command failed" err="can't use the IPVS proxier: error getting ipset version, error: executable file not found in $PATH"
Jul 20 06:50:07 game-ewe systemd[1]: snap.kube-proxy.daemon.service: Main process exited, code=exited, status=1/FAILURE
Jul 20 06:50:07 game-ewe systemd[1]: snap.kube-proxy.daemon.service: Failed with result 'exit-code'.
Jul 20 06:50:07 game-ewe kube-apiserver.daemon[105450]: I0720 06:50:07.910227 105450 httplog.go:132] "HTTP" verb="GET" URI="/api/v1/nodes/brief-skink" latency="7.769693ms" userAgent="kube-proxy/v1.30.3 (linux/amd64) kubernetes/6fc0a69" audit-ID="5abb9492-b891-49bf-8043-beaa3bd46696" srcIP="192.168.2.26:37758" apf_pl="global-default" apf_fs="global-default" apf_iseats=1 apf_fseats=0 apf_additionalLatency="0s" apf_execution_time="7.058536ms" resp=200

Revision history for this message
Michael Fischer (michaelandrewfischer) wrote :

The kube-proxy snap does include conntrack as a "stage-package", however the ipset package is not included.

https://git.launchpad.net/snap-kube-proxy/tree/snapcraft.yaml?h=v1.30.3#n54

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.