Comments (8)
This issue is currently awaiting triage.
If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
from kubernetes.
/sig node security
from kubernetes.
related pr #117050
issue #117045
from kubernetes.
/assign
from kubernetes.
hi @MetalPinguinInc , if you use containerd
in k8s >= 1.28, you will still see error message:
cannot load seccomp profile
use contaienrd
as coantienr runtime
minikube start --kubernetes-version=1.28.1 --container-runtime=containerd
I guess this is caused by different container runtimes, and your cri should be docker
from kubernetes.
hi @chengjoey on my own baremetal clusters I am indeed running Docker with containerd as the container runtime and cri-dockerd as a shim between Kubernetes and Docker.
I can indeed confirm that using containerd as the runtime directly, seems to correctly throw the error in minikube. This has left me confused. Without using the --container-runtime=containerd
flag, both minikube start --kubernetes-version=1.28.1
and minikube start --kubernetes-version=1.27
report exactly the same docker versions:
> docker version
Client:
Version: 24.0.7
API version: 1.43
Go version: go1.20.10
Git commit: afdd53b
Built: Thu Oct 26 09:04:00 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.7
API version: 1.43 (minimum version 1.12)
Go version: go1.20.10
Git commit: 311b9ff
Built: Thu Oct 26 09:05:28 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.7.8
GitCommit: 8e4b0bde866788eec76735cc77c4720144248fb7
runc:
Version: 1.1.9
GitCommit: ccaecfcbc907d70a7aa870a6650887b901b25b82
docker-init:
Version: 0.19.0
GitCommit: de40ad0
I am slightly confused by the terminology here: Kubernetes can run on both Docker (in which case you also need cri-dockerd) and Containerd, but Docker uses containerd as its container runtime anyway. When I started using Kubernetes only Docker was used, is there any reason to still have docker in the mix or is this mostly still supported for backwards compatibility and is using containerd with kubernetes directly a more streamlined approach?
In anycase, could it be that the issue lies in how Kubernetes communicates security options to Docker in versions >= 1.28? Since the Docker version is the same between 1.28 and 1.27 it seems unlikely that this is a issue in Docker.
from kubernetes.
It sounds like this is an issue with cri-dockerd, not kubernetes. I'd be curious how cri-o handles it, but if you wish to keep using cri-dockerd and want this situation fixed, I recommend opening an issue with them.
/close
please reopen if you think there's something wrong with kubernetes :)
from kubernetes.
@haircommander: Closing this issue.
In response to this:
It sounds like this is an issue with cri-dockerd, not kubernetes. I'd be curious how cri-o handles it, but if you wish to keep using cri-dockerd and want this situation fixed, I recommend opening an issue with them.
/close
please reopen if you think there's something wrong with kubernetes :)
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
from kubernetes.
Related Issues (20)
- Node Labeling node.kubernetes.io/out-of-service Taint Label Delay HOT 2
- [FG:InPlacePodVerticalScaling] e2e test does not verify resource update in pod status HOT 3
- cronjob schedule with multiple conditions not working - conflict between day (week) and day (month) HOT 5
- NetPol block self pod trafic using an svc and not direct call HOT 12
- kube-apiserver logs watch requests before they end in 1.30 HOT 9
- Node Lifecycle Controller does not mark pods not ready when node becomes Ready=False HOT 8
- endpoints cannot be changed from notReadyAddresses to addresses HOT 8
- Enhancement: Add vTPM Configuration Fields for Enhanced Container Security HOT 3
- 'kubectl delete istag/$ISTAG --dry-run=server' is unexpectedly deleting the object from the server HOT 5
- [FG:InPlacePodVerticalScaling] resources in pod status are never updated if EventedPLEG is enabled HOT 2
- [Flaking test] ci-kubernetes-e2e-gci-gce.Overall HOT 4
- `kubernetes.io/legacy-token-last-used` label being added to long lived service token secrets HOT 2
- The endpoint status does not update when the pod state changes rapidly. HOT 8
- Pod with exitCode 137, The reason has nothing to do with resources。 HOT 2
- Failure cluster [9afae275...] HOT 2
- finish DRA for 1.31 HOT 4
- [Failing Test] ci-kubernetes-cloud-provider-kind-conformance-parallel-ipv6 (client rate limiter error) HOT 2
- TypeMeta is empty in Type client Apply and Patch responses HOT 3
- Job API: Relax validation enforcing Pod Failure Policy is only compatible with pod restart policy of "Never" HOT 7
- invalid memory address or nil pointer dereference" in wait.JitterUntil HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes.