| *** eernst has quit IRC | 01:21 | |
| *** zerocoolback has joined #kata-dev | 02:31 | |
| *** zerocoolback has quit IRC | 04:34 | |
| *** zerocoolback has joined #kata-dev | 04:38 | |
| *** zerocoolback has quit IRC | 04:51 | |
| *** zerocoolback has joined #kata-dev | 04:59 | |
| *** zerocoolback has quit IRC | 05:39 | |
| *** zerocoolback has joined #kata-dev | 05:39 | |
| *** zerocoolback has quit IRC | 05:40 | |
| *** zerocoolback has joined #kata-dev | 05:40 | |
| *** zerocoolback has quit IRC | 05:40 | |
| *** zerocoolback has joined #kata-dev | 05:41 | |
| *** zerocoolback has quit IRC | 05:41 | |
| *** zerocoolback has joined #kata-dev | 05:41 | |
| *** zerocoolback has quit IRC | 05:42 | |
| *** zerocoolback has joined #kata-dev | 05:42 | |
| *** zerocoolback has quit IRC | 05:43 | |
| *** dklyle has quit IRC | 06:18 | |
| *** dklyle has joined #kata-dev | 06:18 | |
| *** david-lyle has joined #kata-dev | 06:20 | |
| *** dklyle has quit IRC | 06:23 | |
| *** david-lyle has quit IRC | 06:32 | |
| *** jodh has joined #kata-dev | 07:11 | |
| *** jodh has quit IRC | 07:11 | |
| *** jodh has joined #kata-dev | 07:11 | |
| *** dklyle has joined #kata-dev | 07:28 | |
| *** sameo has joined #kata-dev | 07:32 | |
| *** sjas has joined #kata-dev | 07:47 | |
| *** gwhaley has joined #kata-dev | 07:59 | |
| *** davidgiluk has joined #kata-dev | 08:03 | |
| kata-irc-bot | <niteshkonkar007> (Just a thought) Should we put a note somewhere for first time Kata-users that they should try kata on a bare-metal or on a VM with nested-virtualization? I know "kata-runtime kata-check" will show the error but then that's more like a disappointment after following some set of steps. | 08:24 |
|---|---|---|
| *** cdent has joined #kata-dev | 08:42 | |
| *** chuanchang has joined #kata-dev | 09:14 | |
| *** zerocoolback has joined #kata-dev | 09:44 | |
| *** zerocoolback has quit IRC | 09:51 | |
| *** zerocoolback has joined #kata-dev | 09:52 | |
| *** zerocoolback has quit IRC | 09:52 | |
| *** zerocoolback has joined #kata-dev | 09:53 | |
| *** zerocoolback has quit IRC | 09:53 | |
| *** zerocoolback has joined #kata-dev | 09:54 | |
| *** zerocoolback has quit IRC | 09:54 | |
| *** zerocoolback has joined #kata-dev | 09:54 | |
| *** zerocoolback has quit IRC | 09:55 | |
| *** zerocoolback has joined #kata-dev | 09:55 | |
| *** zerocoolback has quit IRC | 09:55 | |
| *** chuanchang has quit IRC | 10:11 | |
| *** chuanchang has joined #kata-dev | 10:12 | |
| *** chuanchang has quit IRC | 10:16 | |
| *** dlw has quit IRC | 10:46 | |
| *** chuanchang has joined #kata-dev | 10:48 | |
| *** gwhaley has quit IRC | 11:07 | |
| *** bgmccollum has joined #kata-dev | 11:44 | |
| *** devimc has joined #kata-dev | 11:45 | |
| *** gwhaley has joined #kata-dev | 12:15 | |
| *** zerocoolback has joined #kata-dev | 12:29 | |
| kata-irc-bot | <salvador.fuentes> @kata ping | 12:37 |
| *** dlw has joined #kata-dev | 13:02 | |
| *** lamego has joined #kata-dev | 13:05 | |
| *** chuanchang has quit IRC | 13:09 | |
| *** zerocoolback has quit IRC | 13:47 | |
| *** zerocoolback has joined #kata-dev | 14:18 | |
| *** zerocoolback has quit IRC | 14:19 | |
| *** dlw has quit IRC | 14:27 | |
| *** lamego1 has joined #kata-dev | 14:49 | |
| *** zerocoolback has joined #kata-dev | 14:49 | |
| *** lamego1 has quit IRC | 14:50 | |
| *** zerocoolback has quit IRC | 14:50 | |
| *** eernst has joined #kata-dev | 14:51 | |
| *** zerocoolback has joined #kata-dev | 14:51 | |
| *** sameo has quit IRC | 14:51 | |
| *** lamego has quit IRC | 14:51 | |
| *** lamego has joined #kata-dev | 14:51 | |
| kata-irc-bot | <anne> @niteshkonkar007 the first line of the install guide calls this out. New addition as of last week | 14:52 |
| *** lamego has joined #kata-dev | 14:53 | |
| kata-irc-bot | <niteshkonkar007> @anne: Oh nice. I missed it somehow. | 14:53 |
| *** mordred has quit IRC | 14:55 | |
| *** zerocoolback has quit IRC | 14:55 | |
| *** jodh has quit IRC | 15:04 | |
| *** mordred has joined #kata-dev | 15:09 | |
| *** devimc has quit IRC | 15:29 | |
| *** fiddletwix has quit IRC | 15:29 | |
| *** fiddletwix has joined #kata-dev | 15:31 | |
| *** lamego has quit IRC | 15:33 | |
| *** lamego has joined #kata-dev | 15:34 | |
| *** lamego1 has joined #kata-dev | 15:35 | |
| *** lamego has quit IRC | 15:39 | |
| *** mordred has quit IRC | 15:48 | |
| *** mordred has joined #kata-dev | 15:52 | |
| *** libregeekingkid[ has quit IRC | 16:08 | |
| *** devimc has joined #kata-dev | 16:11 | |
| *** devimc has left #kata-dev | 16:17 | |
| *** devimc has joined #kata-dev | 16:18 | |
| kata-irc-bot | <jdandrea> Good hello all. I am trying to troubleshoot a kata-on-k8s installation. Has anyone perchance run into a problem where cni0 already has a different CIDR assignment than expected when bringing up an untrusted workload? If so, how did you work around it? | 16:19 |
| kata-irc-bot | <sebastien.boeuf> @jdandrea if you installed CNI plugins before, you might have some remaining things inside `/var/lib/cni/networks/` | 16:24 |
| kata-irc-bot | <sebastien.boeuf> running `rm -r /var/lib/cni/networks/*` helps | 16:24 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Yup, as part of troubleshooting I'm resetting kubeadm, stopping kubelet and docker, then removing everything under /var/lib/cni, /var/lib/kubelet, /etc/cni, bringing cni0, flannel.1 (we're using flannel), and docker0 down, then deleting cni0 and flannel.1 links besides. | 16:29 |
| kata-irc-bot | <jdandrea> Still happens. *scratches head* | 16:30 |
| kata-irc-bot | <sebastien.boeuf> here is my gist on how to tear everything down related to k8s+crio: https://gist.github.com/sboeuf/d84acfbaf2bccd528098d73a3b891cd1#file-run-k8s-cri-o-L7-L37 | 16:31 |
| kata-irc-bot | <sebastien.boeuf> it's using flannel too | 16:31 |
| *** libregeekingkid[ has joined #kata-dev | 16:32 | |
| kata-irc-bot | <jdandrea> Thanks @sebastien.boeuf - appreciated! I will compare/contrast with what I'm doing so I can understand if/what I'm doing that's amiss. biab... | 16:37 |
| kata-irc-bot | <sebastien.boeuf> np ! | 16:38 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Hmm. So the first thing I notice is your rm on line 5 won't work for me. Do I need to already have /var/lib/cni/networks owned by a non-root user? | 16:41 |
| kata-irc-bot | <jdandrea> The other difference is I don't use istio, but I suppose I can just bring up what I was bringing up previously. | 16:42 |
| kata-irc-bot | <sebastien.boeuf> no no, just follow lines 7 to 37, forget about the other ones | 16:46 |
| kata-irc-bot | <jdandrea> Got it | 16:46 |
| kata-irc-bot | <sebastien.boeuf> and yes, you don't care about istio, this is something I am working on, don't apply it in your case | 16:46 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Ah, I'm using containerd, not crio (gave up on crio for the time being). | 16:49 |
| kata-irc-bot | <jdandrea> So I will just do the equivalent bits for containerd. | 16:49 |
| kata-irc-bot | <sebastien.boeuf> you can follow this: https://github.com/kata-containers/documentation/blob/master/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md#configure-containerd-to-use-kata-containers for details about CRI-containerd setup | 16:51 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Yes, that's what I was originally following. (I still appreciate the confirmation that I'm on the right track!) | 16:57 |
| kata-irc-bot | <jdandrea> Everything's fine up until that point with the cni0 conflict. :S | 16:57 |
| kata-irc-bot | <sebastien.boeuf> @jose.carlos.venegas.m thoughts ^^ ? | 17:02 |
| kata-irc-bot | <eric.ernst> That seems like a weird misconfiguration. Curious -- you are running nested -- does your host have similar mix of CNI installed? | 17:03 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf You did it! It's working! | 17:43 |
| kata-irc-bot | <jdandrea> Now I have to retrace my steps once again and understand *why*. | 17:44 |
| kata-irc-bot | <jdandrea> ty tyvm | 17:44 |
| kata-irc-bot | <jdandrea> @eric.ernst It's possible, but anything in that regard that's on the host is disabled/stopped/deleted. | 17:45 |
| kata-irc-bot | <jdandrea> (This from before we went and tried the containerd steps.) | 17:45 |
| kata-irc-bot | <sebastien.boeuf> @jdandrea glad it worked :slightly_smiling_face: | 17:46 |
| kata-irc-bot | <sebastien.boeuf> don't hesitate to raise an issue if you run into a specific case where the documentation was not completely accurate ! | 17:46 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Absolutely. | 17:46 |
| kata-irc-bot | <jdandrea> I am trying this within a ccloudvm instance as well. | 17:47 |
| kata-irc-bot | <jdandrea> To help make it easy to start over as I futz with getting things working. | 17:47 |
| *** annabelleB has joined #kata-dev | 17:47 | |
| kata-irc-bot | <eric.ernst> Also, let us know if it is accurate but insufficient! | 17:49 |
| kata-irc-bot | <jdandrea> Yes yes! | 17:49 |
| kata-irc-bot | <jdandrea> I am going to stop this VM, start a new one, and run the whoooole thing again, and compare vs. the instructions. | 17:49 |
| *** annabelleB has quit IRC | 18:30 | |
| *** annabelleB has joined #kata-dev | 18:35 | |
| *** annabelleB has quit IRC | 19:04 | |
| *** fiddletwix has quit IRC | 19:20 | |
| *** fuentess has quit IRC | 19:24 | |
| kata-irc-bot | <yonatan.gefen> Hello All, While building kata-containers following the developer guide I noticed that in the _"Install guest kernel images"_ section you pull the kernel config from https://raw.githubusercontent.com/kata-containers/packaging/master/kernel/configs/x86_kata_kvm_4.14.x. It looks to me, based on the URL and some of the configuration parameters in this file, that this is specifically for an x86 target architecture. Will this | 19:28 |
| kata-irc-bot | configuration file and the resulting kernel also work if I would like to run Kata-Containers on top of an ARM target? How would you recommend approaching this goal? Thank you very much for your input, Yonatan | 19:28 |
| *** davidgiluk has quit IRC | 19:30 | |
| gwhaley | @yonatan.gefen: is that the same thing as handled by this pending PR? :-) https://github.com/kata-containers/documentation/pull/152 | 19:31 |
| * gwhaley has to drop ... | 19:31 | |
| *** gwhaley has quit IRC | 19:32 | |
| kata-irc-bot | <jdandrea> Is there a requirement to install a particular cri-tools version for use with Kata? | 19:33 |
| kata-irc-bot | <jdandrea> File uploaded https://katacontainers.slack.com/files/UAYMNLRK6/FB63U2RTN/-.sh / https://slack-files.com/T86U7NQTT-FB63U2RTN-4dfcf2f4f5 | 19:33 |
| kata-irc-bot | <jdandrea> ^^ what I'm doing now. | 19:33 |
| kata-irc-bot | <eric.ernst> the requirement would be with respect to the CRI shim, not kata. | 19:38 |
| kata-irc-bot | <eric.ernst> (for cri-tools) | 19:38 |
| kata-irc-bot | <yonatan.gefen> @graham.whaley Thank you. Looking through it now. | 19:45 |
| kata-irc-bot | <jdandrea> @eric.ernst Ok. This is what I was directed to use last Friday, so I want to be sure I should just stay on that version and not use the latest. | 19:46 |
| kata-irc-bot | <jdandrea> Also, since starting from scratch with the notes thus far, /etc/systemd/system/kubelet.service.d/10-kubeadm.conf is missing, hmm. Checking docs again. | 19:46 |
| *** eernst has quit IRC | 19:47 | |
| *** eernst has joined #kata-dev | 19:48 | |
| *** fuentess has joined #kata-dev | 19:56 | |
| kata-irc-bot | <jdandrea> @eric.ernst So, by following all the steps (and using containerd) I am now repeatedly bumping up against /etc/kubernetes/pki/ca.crt not being found. Steps thus far: https://paste.ofcode.org/jmfAV5Wz6cpMe9yaD9pwhi | 20:15 |
| kata-irc-bot | <jdandrea> I may need to install a newer docker. | 20:15 |
| kata-irc-bot | <jdandrea> https://github.com/kubernetes/kubernetes/issues/53889 | 20:17 |
| kata-irc-bot | <jdandrea> Ah. It's a catch-22 between kubelet and kubeadm init! | 20:19 |
| kata-irc-bot | <jdandrea> @eric.ernst So what I'm noticing is that kubelet doesn't have the cert in place so startup fails. kubeadm init, meanwhile, sets up those items but also requires kubelet to be running. Tenuous. Hmm... | 20:35 |
| *** devimc has quit IRC | 20:45 | |
| *** libregeekingkid[ has quit IRC | 20:49 | |
| kata-irc-bot | <jdandrea> So while kubeadm init DOES eventually succeed, kubelet is in fact not working for a while during that timeframe. | 20:53 |
| kata-irc-bot | <sebastien.boeuf> yes kubelet needs those certs, and kubeadm provide them to kubelet, which makes the service properly starting only when kubeadm is started | 20:56 |
| kata-irc-bot | <jdandrea> @sebastien.boeuf Indeed! So, what I'm wondering is: "Is it good form" to start kubelet knowing it won't startup successfully, and then use kubeadm to finish the job? (I suppose that's debatable...) | 20:57 |
| kata-irc-bot | <sebastien.boeuf> not sure, but you need to start kubelet so that it retries overtime and at some point the certs are there, which makes it succeeding | 20:58 |
| kata-irc-bot | <jdandrea> *nodnod* | 21:02 |
| kata-irc-bot | <jdandrea> Chicken-egg-ish. :) | 21:02 |
| kata-irc-bot | <jdandrea> But it does eventually work. | 21:02 |
| kata-irc-bot | Action: jdandrea makes note... | 21:03 |
| kata-irc-bot | <sebastien.boeuf> definitely chicken-egg ! | 21:05 |
| kata-irc-bot | <sebastien.boeuf> haha | 21:05 |
| *** libregeekingkid[ has joined #kata-dev | 21:06 | |
| *** PagliaccisCloud has left #kata-dev | 21:13 | |
| kata-irc-bot | <jdandrea> How long after kata-deploy.yaml is applied (on avg) "kubectl get nodes --show-labels" shows kata-runtime=true in the LABELS section? | 21:16 |
| kata-irc-bot | <jdandrea> File uploaded https://katacontainers.slack.com/files/UAYMNLRK6/FB6GKAJ5T/-.php / https://slack-files.com/T86U7NQTT-FB6GKAJ5T-6a6e5e8ae2 | 21:17 |
| *** fuentess has quit IRC | 21:20 | |
| kata-irc-bot | <eric.ernst> it takes a bit due to the large size of the container image being downloaded. | 21:51 |
| kata-irc-bot | <eric.ernst> I hope that it came up in last 30 minutes though. | 21:51 |
| kata-irc-bot | <eric.ernst> hey hackers (@jonolson, @tallclair) - any suggestions on a run once daemonset? :slightly_smiling_face: | 22:25 |
| kata-irc-bot | <eric.ernst> and other ways to abuse kubernetes. | 22:26 |
| kata-irc-bot | <eric.ernst> Basically, the cleanup preStopHook for my kata-deploy has a hard time (I do systemctl restart <cri-shim> and restart kubelet), so I was going to do this as part of a cleanup daemonset. But....... I don't want to have to apply and then delete a cleanup, run once daemonset | 22:27 |
| kata-irc-bot | <tallclair> I've wanted support for this before... basically you're looking for a "DaemonJob" (doesn't exist) | 22:29 |
| kata-irc-bot | <eric.ernst> yeah. | 22:31 |
| kata-irc-bot | <eric.ernst> I guess the directions are apply -f cleanup-daemonset.yaml | 22:31 |
| kata-irc-bot | <eric.ernst> delete -f cleanup-daemonset.yaml | 22:31 |
| kata-irc-bot | <eric.ernst> Yeah, it'd be a nice feature (daemonjob) | 22:33 |
| kata-irc-bot | <tallclair> hmm, so here's a big hack: Do the work in an InitContainer, and make the actualy container "pause". (InitContainer needs to be idempotent, in case of a restart). | 22:38 |
| kata-irc-bot | <tallclair> Then, wait for numberReady == desiredNumberScheduled | 22:38 |
| kata-irc-bot | <tallclair> At that point, the work is completed, and it's safe to delete. | 22:38 |
| *** cdent has quit IRC | 22:51 | |
| *** lamego1 has quit IRC | 22:53 | |
| *** dklyle has quit IRC | 22:55 | |
| *** dklyle has joined #kata-dev | 22:56 | |
| *** sameo has joined #kata-dev | 23:08 | |
| *** eernst has quit IRC | 23:16 | |
| *** libregeekingkid[ has quit IRC | 23:16 | |
| *** eernst has joined #kata-dev | 23:22 | |
| *** eernst has quit IRC | 23:25 | |
| *** eernst has joined #kata-dev | 23:25 | |
| *** annabelleB has joined #kata-dev | 23:25 | |
| *** eernst has quit IRC | 23:27 | |
| *** eernst has joined #kata-dev | 23:27 | |
| *** eernst_ has joined #kata-dev | 23:28 | |
| *** eernst has quit IRC | 23:29 | |
| *** eernst has joined #kata-dev | 23:32 | |
| *** libregeekingkid[ has joined #kata-dev | 23:32 | |
| *** eernst_ has quit IRC | 23:33 | |
| *** eernst has quit IRC | 23:36 | |
| *** annabelleB has quit IRC | 23:44 | |
| *** fuentess has joined #kata-dev | 23:47 | |
| *** zerocoolback has joined #kata-dev | 23:58 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!