*** david-lyle has joined #kata-dev | 07:04 | |
*** dklyle has quit IRC | 07:08 | |
*** jodh has joined #kata-dev | 07:15 | |
*** jodh has quit IRC | 07:21 | |
*** jodh has joined #kata-dev | 07:22 | |
*** fgiudici has joined #kata-dev | 07:23 | |
*** fidencio-test has joined #kata-dev | 11:45 | |
*** fuentess has joined #kata-dev | 12:47 | |
*** devimc has joined #kata-dev | 13:09 | |
kata-irc-bot | <jakob.naucke> @samuel.ortiz unless I've just totally lost connection to the discussion, the replay link you provided in the Confidential Computing Use Case Google doc for June 3rd is for the perf isolation meeting. Would you fix it? | 13:35 |
---|---|---|
kata-irc-bot | <samuel.ortiz> @aadam Hey, can you please help with that ^^ ? I do not have the recordings :S | 13:37 |
kata-irc-bot | <aadam> @bergwolf You are still pushing your use case updates to document https://docs.google.com/document/d/1E3GLCzNgrcigUlgWAZYlgqNTdVwiMwCRTJ0QnJhLZGA/edit#heading=h.gd3qi3ibyu6y however we changed that document to only focus.on the confidential computing use case :slightly_smiling_face:. | 13:43 |
kata-irc-bot | <aadam> Could you create a separate document for that use case? | 13:45 |
kata-irc-bot | <anastassios.nanos> hi all! just a quick question probably unrelated to kata but just in case you have any clue. We've been trying to boot a container in a recent aarch64 k8s setup (using calico as the network plugin) and although the VM boots fine (firecracker v0.23.1, kata master branch), we're getting a message from the agent reporting the following: `invalid address: ff00::: unknown` the kubelet error is: `Failed to create pod sandbox: rpc | 14:42 |
kata-irc-bot | error: code = Unknown desc = failed to create containerd task: Failed to update routes: Failed to add new routes` and the relevant logs are: `kata[17004]: time="2021-06-09T19:54:46.702545553-04:00" level=error msg="update routes request failed" error="rpc error: code = Internal desc = Failed to update routes: Failed to add new routes\n\nCaused by:\n invalid address: ff00::" name=containerd-shim-v2 pid=17004 resulting-routes=nil | 14:42 |
kata-irc-bot | routes-requested="[&Route{Dest:,Gateway:169.254.1.1,Device:eth0,Source:,Scope:0,XXX_unrecognized:[],} &Route{Dest:169.254.1.1/32,Gateway:,Device:eth0,Source:,Scope:253,XXX_unrecognized:[],} &Route{Dest:ff00::/8,Gateway:,Device:eth0,Source:,Scope:0,XXX_unrecognized:[],}]" sandbox=9b60cf5bda32cc4b03b992b45d9a428c7f7a8393d544e8c2fb5d2be2426a74b0 source=virtcontainers subsystem=kata_agent` Not entirely sure its related to ipv6 or the cluster config. | 14:42 |
kata-irc-bot | Would disabling ipv6 in the agent mitigate this? (we're not using ipv6 at the moment) is there an option for that somewhere? Maybe disabling it in the kernel build could do the trick? Any pointers/suggestions would be great! | 14:42 |
kata-irc-bot | <fidencio> @sbrivio, does that ring a bell about ipv6? | 15:38 |
kata-irc-bot | <fidencio> @sbrivio, does that ring a bell about ipv6? | 15:39 |
kata-irc-bot | <eric.ernst> You main kata main branch, right? | 15:39 |
kata-irc-bot | <eric.ernst> ie, 2.x based runtime/agent? | 15:39 |
kata-irc-bot | <eric.ernst> seems like a lack of ipv6 support, which I don't expect | 15:40 |
kata-irc-bot | <fidencio> Yep, since 2.1.0 ownards ipv6 should just be working (or if you build the `main` branch of https://github.com/kata-containers/kata-containers) | 15:44 |
kata-irc-bot | <anastassios.nanos> hmm, OK, the issue is related to ipv6 after all -- is there an option to disable it? | 15:50 |
kata-irc-bot | <anastassios.nanos> I'm building the main branch for 2.x yeap | 15:50 |
kata-irc-bot | <fidencio> Is this a regression that happened between 2.1.0 and main or is this something that simply doesn't work for you? | 15:57 |
kata-irc-bot | <anastassios.nanos> actually its the first time we're trying 2.x on aarch64 so not sure, that's what I'm trying to debug, if its a problem on the cluster settings or some kind of regression | 16:00 |
kata-irc-bot | <fidencio> @anastassios.nanos, there's no specific configuration in the kata-containers to use either ipv4 or ipv6, AFAIR. | 16:02 |
kata-irc-bot | <anastassios.nanos> just tried this commit: d44412fe2 and the container booted fine | 16:06 |
kata-irc-bot | <anastassios.nanos> so there's some weird ipv6 thing going on -- probably in our cluster config though, we'll post more details once we figure it out | 16:07 |
kata-irc-bot | <anastassios.nanos> thanks for your help! | 16:07 |
kata-irc-bot | <fidencio> @samuel.ortiz, let me restart CIs and whatnot and Tomorrow we can try to get those PRs merged. | 16:09 |
kata-irc-bot | <fidencio> there's also some failures on the static checks which may or may not be related to the PR coming from @jcadden.ibm | 16:10 |
kata-irc-bot | <fidencio> I restarted that CI | 16:10 |
kata-irc-bot | <fidencio> I'll go for a walk, should be back in 2~3 hours :slightly_smiling_face: | 16:12 |
kata-irc-bot | <jcadden.ibm> Thanks @fidencio I’ll be available to make changes to my PR if needed. | 16:14 |
kata-irc-bot | <samuel.ortiz> @fidencio Thanks. Let's work on those tomorrow morning then. | 16:41 |
*** jodh has quit IRC | 17:02 | |
*** fgiudici has quit IRC | 17:03 | |
*** david-lyle is now known as dklyle | 17:26 | |
kata-irc-bot | <fidencio> @jcadden.ibm, take a look here: https://github.com/kata-containers/kata-containers/pull/1674/checks?check_run_id=2795386815 | 17:51 |
kata-irc-bot | <fidencio> @jcadden.ibm, I wonder if the test added should pass / run *only* on AMD machines that support SEV? | 18:00 |
*** devimc has quit IRC | 22:07 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!