Comments (7)
brandond
commented on August 20, 2024
1
yes, that sounds like a separate issue. I don't see any difference in the volume permissions or contexts between the two versions though? It is expected that the numeric portion at the end will differ.
from k3s.
VestigeJ
commented on August 20, 2024
1
##Environment Details
Attempted to reproduce but didn't hit it this time using VERSION=v1.29.5+k3s1 nor VERSION=v1.30.1+k3s1
Validated using COMMIT=cff6f7aa1d7987a658b030b2bc69df7c25f515c8
Infrastructure
- Cloud
Node(s) CPU architecture, OS, and version:
Linux 5.14.21-150500.53-default x86_64 GNU/Linux
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
Cluster Configuration:
NAME STATUS ROLES AGE VERSION
ip-3-3-8-8 Ready control-plane,etcd,master 23m v1.30.1+k3s-cff6f7aa
Config.yaml:
node-external-ip: 3.3.8.8
token: YOUR_TOKEN_HERE
write-kubeconfig-mode: 644
debug: true
cluster-init: true
embedded-registry: true
Reproduction
$ curl https://get.k3s.io --output install-"k3s".sh
$ sudo chmod +x install-"k3s".sh
$ sudo groupadd --system etcd && sudo useradd -s /sbin/nologin --system -g etcd etcd
$ sudo modprobe ip_vs_rr
$ sudo modprobe ip_vs_wrr
$ sudo modprobe ip_vs_sh
$ sudo printf "on_oovm.panic_on_oom=0 \nvm.overcommit_memory=1 \nkernel.panic=10 \nkernel.panic_ps=1 \nkernel.panic_on_oops=1 \n" > ~/90-kubelet.conf
$ sudo cp 90-kubelet.conf /etc/sysctl.d/
$ sudo systemctl restart systemd-sysctl
$ COMMIT=cff6f7aa1d7987a658b030b2bc69df7c25f515c8
$ sudo INSTALL_K3S_COMMIT=$COMMIT INSTALL_K3S_EXEC=server ./install-k3s.sh
$ kg no,po -A
$ vim pvc.yaml
$ vim pv-pod.yaml
$ k apply -f pvc.yaml
$ kg pvc -A
$ k apply -f pv-pod.yaml
$ kg po,pv,pvc -A
$ k delete -f pv-pod.yaml
$ k delete -f pvc.yaml
$ kg pv -A
$ kubectl get deployment -n kube-system local-path-provisioner -o=jsonpath='{$.spec.template.spec.containers[:1].image}'
$ k apply -f pvc.yaml
$ k apply -f pv-pod.yaml
$ kg pv,pod,pvc -A
$ k delete -f pvc.yaml; sleep 40; k delete -f pv-pod.yaml
$ kg pv,pvc -A
$ k apply -f pvc.yaml
$ k apply -f pv-pod.yaml
$ k delete -f pvc.yaml
$ k delete -f pv-pod.yaml
$ kg pvc,pv -A
Results:
No dangling leftover volume claims, they're reclaimed appropriately.
$ cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: test-pvc
namespace: kube-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi
$ cat pv-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pod
namespace: kube-system
spec:
containers:
- name: debian
image: digitalocean/doks-debug
command: ["sleep", "infinity"]
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: test-pvc
from k3s.
zc-devs
commented on August 20, 2024
First change may be introducing new opt:
setup: |-
#!/bin/sh
while getopts "m:s:p:a:" opt
do
case $opt in
p)
absolutePath=$OPTARG
;;
s)
sizeInBytes=$OPTARG
;;
m)
volMode=$OPTARG
;;
a)
action=$OPTARG
;;
esac
done
if [ "$action" = "create" ]
then
mkdir -m 0777 -p ${absolutePath}
chmod 700 ${absolutePath}/..
fi
teardown: |-
#!/bin/sh
set -x
while getopts "m:s:p:a:" opt
do
case $opt in
p)
absolutePath=$OPTARG
;;
s)
sizeInBytes=$OPTARG
;;
m)
volMode=$OPTARG
;;
a)
action=$OPTARG
;;
esac
done
if [ "$action" = "delete" ]
then
rm -rf ${absolutePath}
fi
In that case I don't get Illegal option -a error, but helper pod fails anyways.
Then I tried to debug:
teardown: |-
#!/bin/sh
sleep infinity
/ # ls -lah /var/lib/rancher/k3s/storage/local/ssd/pvc-a9809075-743a-4a86-ba28-38ca3d8256cd_kube-system_test-pvc
ls: can't open '/var/lib/rancher/k3s/storage/local/ssd/pvc-a9809075-743a-4a86-ba28-38ca3d8256cd_kube-system_test-pvc': Permission denied
total 0
/ # ls -lah /var/lib/rancher/k3s/storage/local/ssd
total 3G
drwx------ 14 root root 4.0K Mar 29 22:12 .
drwxr-xr-x 3 root root 4.0K Mar 29 22:33 ..
drwxrwxrwx 2 root root 4.0K Mar 29 22:13 pvc-a9809075-743a-4a86-ba28-38ca3d8256cd_kube-system_test-pvc
/ # id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
Then I compared Pod definitions between v0.24 and v0.26:
from k3s.
VestigeJ
commented on August 20, 2024
TLDR from above link where I encountered this issue while testing the latest COMMIT_ID for v1.28 branch
$ kg pv -A
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
checking-path 5Gi RWO Recycle Failed default/test-pvc local-path 50m
from k3s.
0xMALVEE
commented on August 20, 2024
is this resolved already?
from k3s.
brandond
commented on August 20, 2024
nope. issue is still open and PR is not merged. Waiting for end of code freeze.
from k3s.
zc-devs
commented on August 20, 2024
Hi, I've just tested #9964 with Local path config: local-storage.yaml.
While PV creates, it cannot be deleted, the helper pod fails.
helper-pod-create-pvc-v0.24.yaml
helper-pod-create-pvc-v0.26.yaml
helper-pod-delete-pvc-v0.24.yaml
helper-pod-delete-pvc-v0.26.yaml
I think, the main difference is v0.26 doesn't use privileged security context flag, as I've noticed in #9833 (comment). Have to mention also, that I use Oracle Linux 9 with enabled SELinux. Directory permissions are:
# ls -lanZ /var/lib/rancher/k3s/storage/
total 48
drwx------. 12 0 0 system_u:object_r:container_file_t:s0 4096 May 21 19:24 .
drwxr-xr-x. 6 0 0 system_u:object_r:container_var_lib_t:s0 4096 Jan 18 18:32 ..
Volume permissions (v0.24):
# ls -lanZ pvc-9391085e-05dc-42f4-9c0d-25a1b4e6fe4a_kube-system_test-pvc/
total 12
drwxrwxrwx. 2 0 0 system_u:object_r:container_file_t:s0:c131,c199 4096 May 21 19:26 .
drwx------. 12 0 0 system_u:object_r:container_file_t:s0 4096 May 21 19:24 ..
-rw-r--r--. 1 0 0 system_u:object_r:container_file_t:s0:c131,c199 5 May 21 19:29 test.txt
Volume permissions (v0.26):
# ls -lanZ pvc-1fdbed66-a718-463d-908e-21bd731934c4_kube-system_test-pvc/
total 12
drwxrwxrwx. 2 0 0 system_u:object_r:container_file_t:s0:c143,c741 4096 May 21 19:34 .
drwx------. 11 0 0 system_u:object_r:container_file_t:s0 4096 May 21 19:33 ..
-rw-r--r--. 1 0 0 system_u:object_r:container_file_t:s0:c143,c741 5 May 21 19:34 test.txt
Should I file a separate issue?
from k3s.
Related Issues (20)
- [Release-1.28] - Don't dump the full SQL payload when SlowSQLThreshold is exceeded HOT 1
- [Release-1.27] - Don't dump the full SQL payload when SlowSQLThreshold is exceeded HOT 1
- Add tests to `pkg/agent/loadbalancer`
- Agent loadbalancer may deadlock when servers are removed
- k3s fails to start on netbooted devices HOT 1
- `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 3
- [Release-1.29] - Agent loadbalancer may deadlock when servers are removed HOT 1
- [Release-1.28] - Agent loadbalancer may deadlock when servers are removed
- [Release-1.27] - Agent loadbalancer may deadlock when servers are removed HOT 1
- [Release-1.29] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- [Release-1.28] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- [Release-1.27] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- kube-proxy with ipvs and lc does not work as expected (perhaps a conflict with flannel rules) HOT 3
- [Release-1.30] - Agent loadbalancer may deadlock when servers are removed HOT 1
- [Release-1.30] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- Update the Traefik chart HOT 3
- Respect XDG base directory HOT 3
- Install script fails without sudo due to missing $SUDO prefix in transactional-update commands
- Logging of kube-scheduler HOT 5
- NVIDIA GPU detection doesn't work with all the drivers & toolkits installed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k3s.