Develop Reference

Minikube Running exception when try to enable RBAC in Local PC

I Try to Run this command to start minikube:
minikube start \
--extra-config=apiserver.Authorization.Mode=RBAC \
--extra-config=kubelet.cgroup-driver=systemd \
--driver=docker
And Also Try,
minikube start \
--extra-config=apiserver.Authorization.Mode=RBAC \
--driver=docker
But It's giving me errors.
How can I solve this problem...........?
errr like:
stderr:
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING Swap]: running with swap on is not supported. Please disable swap
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.7. Latest validated version: 19.03
[WARNING SystemVerification]: failed to parse kernel config: unable to load kernel module: "configs", output: "modprobe: FATAL: Module configs not found in directory /lib/modules/5.4.0-84-generic\n", err: exit status 1
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

Try to start minikube with --bootstrapper=kubeadm and this will enable RBAC for you
# Start minikube with kubeadm (Its the default so it's not mandatory)
minikube start --bootstrapper=kubeadm
# Create the default role binding [kube-system:default]
kubectl create clusterrolebinding \
add-on-cluster-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:default

Minikube Error "loading cached images: Docker load'

I'm trying to start minikube in Windows 10 using below command. minikube version v1.10.1
minikube start --vm-driver=virtualbox --no-vtx-check
But i'm getting below error
Creating virtualbox VM (CPUs=2, Memory=4096MB, Disk=20000MB) ...
* Preparing Kubernetes v1.18.2 on Docker 19.03.8 ...
* Unable to load cached images: loading cached images: Docker load /var/lib/minikube/images/pause_3.2: loadimage docker.: docker load -i /var/lib/minikube/images/pause_3.2: Process exited with status 1
stdout:
stderr:
Error processing tar file(exit status 1): archive/tar: invalid tar header
*
* [OOM_KILL_SCP] Failed to update cluster updating node: downloading binaries: NewSession: new client: new client: ssh: handshake failed: read tcp 127.0.0.1:2506->127.0.0.1:2427: wsarecv: An existing connection was forcibly closed by the remote host.
* Suggestion: Disable dynamic memory in your VM manager, or pass in a larger --memory value
* Related issue: https://github.com/kubernetes/minikube/issues/1766
So i thought of degrading the minikube version. so i used v1.7.2 version and then v1.3.0 version but in both cases i got the same above mentioned error. Kindly suggest
Regards

It worked. Below are the steps which i have done as part of change for minikube in Windows 10 Home edition where hyper-v is not supported
Step 1: Enable virtualization and install virtualbox
step 2: add kutectl and minikube installer
step 3:
Run below command
minikube start --vm-driver=virtualbox --memory 4096
If it fails then
minikube delete and delete .minikube and .kubectl folders
Enable WSL 2
Open PowerShell as Administrator and run:
Enable WSL1
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
Enable WSL2
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
Restart the system
Install Linux Distribution Package
Click here!
Disable hypervisorlaunchtype
Open CMD
Run bcdedit to check hypervisor status
bcdedit
If hypervisorlaunchtype is set to auto then disable it:
bcdedit /set hypervisorlaunchtype off
Reboot
Again run minikube
minikube start --vm-driver=virtualbox --memory 4096

How is it possible to join existing Kubernetes cluster with Ubuntu running on WSL2?

I installed Ubuntu on WSL2 in the environment shown below.
When I tried to register this Ubuntu as a worker node for Kubernetes cluster with the procedures shown below,
there happened an error.
How is it possible to register Ubuntu?
[my environment]
Windows 10 Pro Insider Preview 1903 build 18922.1000
WSL2
WSL2 Ubuntu
Docker 18.09.5-ce
kubectl 1.14.3
kubeadm 1.14.3
kubelet 1.14.3
Master Node
Ubuntu Server 18.04.2
Docker 18.09.5-ce
kubectl 1.14.3
kubeadm 1.14.3
kubelet 1.14.3
[my procedures]
run Ubuntu on WSL2
start Docker Service
$ sudo service docker start
create a token to join the cluster on MasterNode
$ kubeadm token generate
$ kubeadm token create [key] --print-join-command
execute the following command on Ubuntu
$ sudo kubeadm join [masterIP]:6443 --token [token] --discovery-token-ca-cert-hash [hash]
[the result]
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the
Docker cgroup driver. The recommended driver is "systemd". Please
follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] The system verification failed. Printing the output from the verification:
KERNEL_VERSION: 4.19.43-microsoft-standard
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled
CONFIG_NETFILTER_XT_MATCH_COMMENT: not set
CONFIG_OVERLAY_FS: enabled
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled
DOCKER_VERSION: 18.09.5
DOCKER_GRAPH_DRIVER: overlay2
OS: Linux
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Service-Docker]: docker service is not active, please run 'systemctl start docker.service'
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR SystemVerification]: unexpected kernel config: CONFIG_NETFILTER_XT_MATCH_COMMENT
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

Can't install Kubernetes on Vagrant

Use this guide to install Kubernetes on Vagrant cluster:
https://kubernetes.io/docs/getting-started-guides/kubeadm/
At (2/4) Initializing your master, there came some errors:
[root#localhost ~]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.4
[init] Using Authorization mode: RBAC
[preflight] Running pre-flight checks
[preflight] Some fatal errors occurred:
/proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
I checked the /proc/sys/net/bridge/bridge-nf-call-iptables file content, there is only one 0 in it.
At (3/4) Installing a pod network, I downloaded kube-flannel file:
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
And run kubectl apply -f kube-flannel.yml, got error:
[root#localhost ~]# kubectl apply -f kube-flannel.yml
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Until here, I don't know how to goon.
My Vagrantfile:
# Master Server
config.vm.define "master", primary: true do |master|
master.vm.network :private_network, ip: "192.168.33.200"
master.vm.network :forwarded_port, guest: 22, host: 1234, id: 'ssh'
end

In order to set /proc/sys/net/bridge/bridge-nf-call-iptables by editing /etc/sysctl.conf. There you can add [1]
net.bridge.bridge-nf-call-iptables = 1
Then execute
sudo sysctl -p
And the changes will be applied. With this the pre-flight check should pass.
[1] http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

Update #2019/09/02
Sometimes modprobe br_netfilter is unreliable, you may need to redo it after relogin, so use the following instead when on a systemd sytem:
echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
YES, the accepted answer is right, but I faced with
cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
So I did
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
sudo sysctl -p
Then solved.

On Ubuntu 16.04 I just had to:
modprobe br_netfilter
Default value in /proc/sys/net/bridge/bridge-nf-call-iptables is already 1.
Then I added br_netfilter to /etc/modules to load the module automatically on next boot.

As mentioned in K8s docs - Installing kubeadm under the Letting iptables see bridged traffic section:
Make sure that the br_netfilter module is loaded. This can be done
by running lsmod | grep br_netfilter. To load it explicitly call
sudo modprobe br_netfilter.
As a requirement for your Linux Node's iptables to correctly see
bridged traffic, you should ensure
net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl
config, e.g.
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
Regardng the preflight erros - you can see in Kubeadm Implementation details under the preflight-checks:
Kubeadm executes a set of preflight checks before starting the init,
with the aim to verify preconditions and avoid common cluster startup
problems..
The following missing configurations will produce errors:
.
.
if /proc/sys/net/bridge/bridge-nf-call-iptables file does not exist/does not contain 1
if advertise address is ipv6 and /proc/sys/net/bridge/bridge-nf-call-ip6tables does not exist/does not contain 1.
if swap is on
.
.

The one-liner way:
sysctl net.bridge.bridge-nf-call-iptables=1

Building docker image, inside an alpine linux container

We are using docker containers running alpine linux as build agents in bamboo. As part of the build plan a docker image needs to be created.
Our build agent has docker installed, however we are getting errors as the docker daemon isn't running. Starting the daemon with
/usr/local/bin/dockerd
gives the following:
INFO[0000] libcontainerd: new containerd process, pid: 640
ERRO[0001] 'overlay' is not supported over overlayfs
INFO[0001] Graph migration to content-addressability took 0.00 seconds
INFO[0001] Loading containers: start.
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found
To try and get round this I've installed iptables. Now when I try to run the docker daemon I get:
INFO[0000] libcontainerd: new containerd process, pid: 705
ERRO[0001] 'overlay' is not supported over overlayfs
INFO[0001] Graph migration to content-addressability took 0.00 seconds
INFO[0001] Loading containers: start.
WARN[0001] Running modprobe bridge br_netfilter failed with message: modprobe: can't change directory to '/lib/modules': No such file or directory
, error: exit status 1
WARN[0001] Running modprobe nf_nat failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1
WARN[0001] Running modprobe xt_conntrack failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.0: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
I'm a little stuck on where to go now as sudo isn't a thing on alpine.

Running the Docker daemon inside the Docker container is generally a dodgy prospect. We have this exact same requirement, and we solve it by mounting /var/run/docker.sock from the Docker host into the Docker container:
docker run -v /var/run/docker.sock:/var/run/docker.sock --privileged
That way the docker command inside the build agent container is actually talking to the Docker daemon on the host, not inside the container. Works really well for us.