Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

antrea-eks-node-init and containerd #3471

Closed
jsalatiel opened this issue Mar 17, 2022 · 3 comments · Fixed by #3840
Closed

antrea-eks-node-init and containerd #3471

jsalatiel opened this issue Mar 17, 2022 · 3 comments · Fixed by #3840
Assignees
@antoninbas
Labels
area/provider/aws Issues or PRs related to aws provider. kind/bug Categorizes issue or PR as related to a bug.
Milestone
Antrea v1.7 release

Comments

@jsalatiel
Copy link

Describe the bug
Apparently antrea-eks-node-init does not support containerd. It would be good if it supports since docker is deprecatd for k8s container runtime.

To Reproduce
Read eksctl documentation on how to create the cluster using the containerd runtime and try to follow antrea eks guide.

Expected
The containers should be restarted to use the antrea netpol.

Actual behavior
antrea-eks-node-init container log shows:

Waiting for antrea config to be updated
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   109  100   109    0     0   162k      0 --:--:-- --:--:-- --:--:--  106k
{"AvailableCommands":["/v1/ipamd-env-settings","/v1/enis","/v1/eni-configs","/v1/networkutils-env-settings"]}\n
Restarting container with ID: 9510f27f0ac255385dff96cbda26d96062b7e1285504b315a829a7cb820f2292
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: b3535ce1df9e39661663042e2d16722b2640b73fce8c3c66f088221591f25e39
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: 80f73709ef51a838fb4ec99909f05dc4a88efe413d2e53f0b4edb872eebde540
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: 70fdc46e2df1767ac690123b1f009d2cc8c30389ab4fc5c4de02e6d828f1c26a
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: 3baf9d2731ff54819cd9c89a963cf6466621ee29396bb96f9b3c31930571f098
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: e7b5b08eceb0adf03f5db615dc02118313206b23b459c4f52283232844c329aa
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Restarting container with ID: 7919f0b7d51186bd78f15e7d2e0b28c31e0dc65ee509be140fc1f204b75fd42e
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Node initialization completed
!!! startup-script succeeded!

Antrea controller will have this log:

I0317 21:12:33.931073       1 tlsconfig.go:240] Starting DynamicServingCertificateController
W0317 21:12:33.939838       1 tier.go:158] Failed to create baseline Tier on init: Internal error occurred: failed calling webhook "tiervalidator.antrea.io": Post "https://antrea.kube-system.svc:443/validate/tier?timeout=5s": no endpoints available for service "antrea". Retry attempt: 1
I0317 21:12:34.030924       1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController 
I0317 21:12:34.030935       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file 
I0317 21:12:34.030961       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file 
W0317 21:12:34.948518       1 tier.go:158] Failed to create baseline Tier on init: Internal error occurred: failed calling webhook "tiervalidator.antrea.io": Post "https://antrea.kube-system.svc:443/validate/tier?timeout=5s": no endpoints available for service "antrea". Retry attempt: 2
W0317 21:12:36.953655       1 tier.go:158] Failed to create baseline Tier on init: Internal error occurred: failed calling webhook "tiervalidator.antrea.io": Post "https://antrea.kube-system.svc:443/validate/tier?timeout=5s": no endpoints available for service "antrea". Retry attempt: 3
W0317 21:12:40.965318       1 tier.go:158] Failed to create baseline Tier on init: Internal error occurred: failed calling webhook "tiervalidator.antrea.io": Post "https://antrea.kube-system.svc:443/validate/tier?timeout=5s": no endpoints available for service "antrea". Retry attempt: 4

Versions:

  • Antrea version (Docker image tag). 1.5.0
  • Kubernetes version (use kubectl version). v1.21.5-eks-bc4871b
  • Container runtime: which runtime are you using (e.g. containerd, cri-o, docker) and which version are you using? containerd

Additional context
Antrea will only work for new nodes/pods. I have to replace the old nodes so it will work to the whole cluster.

Maybe this is related to #3446.
@jsalatiel jsalatiel added the kind/bug Categorizes issue or PR as related to a bug. label Mar 17, 2022
@jsalatiel jsalatiel mentioned this issue Mar 17, 2022
Closed
@jsalatiel
Copy link
Author

Any updates on this ?

@antoninbas
Copy link
Contributor

I'll take a look at this. I assume it's just a matter of changing the docker command in the script to use ctr instead.

@antoninbas antoninbas self-assigned this May 27, 2022
antoninbas added a commit to antoninbas/antrea that referenced this issue May 27, 2022
@antoninbas
Add support for containerd to antrea-eks-node-init.yml

Verified

This commit was signed with the committer’s verified signature.
adevade Andréas Lundgren
GPG key ID: 7DD0B8A0125E5871
Verified
Learn about vigilant mode
ebc43e4 
Containerd is available as an alternative to docker since EKS
v1.21. Starting with EKS v1.23, containerd will also be the default
container runtime. Currently antrea-eks-node-init.yml assumes that
docker is always the container runtime, which means that Antrea cannot
be run on EKS clusters using containerd. We fix this by adding support
for containerd.

We also make a couple of improvements to the startup script in
antrea-eks-node-init.yml, to ensuire that it can be run again if the
contents of the script change, which is useful for testing and may
also be useful to roll out patches.

Finally, we update our EKS CI to test with containerd instead of docker,
since containerd will be the default soon.

Fixes antrea-io#3471

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas antoninbas mentioned this issue May 27, 2022
Merged
@antoninbas
Copy link
Contributor

@tnqn I submitted a patch for this, would be good to include it in v1.7 if possible

@antoninbas antoninbas added the area/provider/aws Issues or PRs related to aws provider. label May 27, 2022
@antoninbas antoninbas added this to the Antrea v1.7 release milestone May 27, 2022
antoninbas added a commit to antoninbas/antrea that referenced this issue May 31, 2022
@antoninbas
Add support for containerd to antrea-eks-node-init.yml

Verified

This commit was signed with the committer’s verified signature.
adevade Andréas Lundgren
GPG key ID: 7DD0B8A0125E5871
Verified
Learn about vigilant mode
d8f3572 
Containerd is available as an alternative to docker since EKS
v1.21. Starting with EKS v1.23, containerd will also be the default
container runtime. Currently antrea-eks-node-init.yml assumes that
docker is always the container runtime, which means that Antrea cannot
be run on EKS clusters using containerd. We fix this by adding support
for containerd.

We also make a couple of improvements to the startup script in
antrea-eks-node-init.yml, to ensuire that it can be run again if the
contents of the script change, which is useful for testing and may
also be useful to roll out patches.

Finally, we update our EKS CI to test with containerd instead of docker,
since containerd will be the default soon.

Fixes antrea-io#3471

Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas added a commit to antoninbas/antrea that referenced this issue May 31, 2022
@antoninbas
Add support for containerd to antrea-eks-node-init.yml

Verified

This commit was signed with the committer’s verified signature.
adevade Andréas Lundgren
GPG key ID: 7DD0B8A0125E5871
Verified
Learn about vigilant mode
f82f51e 
Containerd is available as an alternative to docker since EKS
v1.21. Starting with EKS v1.23, containerd will also be the default
container runtime. Currently antrea-eks-node-init.yml assumes that
docker is always the container runtime, which means that Antrea cannot
be run on EKS clusters using containerd. We fix this by adding support
for containerd.

We also make a couple of improvements to the startup script in
antrea-eks-node-init.yml, to ensure that it can be run again if the
contents of the script change, which is useful for testing and may also
be useful to roll out patches.

Finally, we update our EKS CI to test with containerd instead of docker,
since containerd will be the default soon.

Fixes antrea-io#3471

Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas added a commit that referenced this issue May 31, 2022
@antoninbas
Add support for containerd to antrea-eks-node-init.yml (#3840)

Verified

This commit was signed with the committer’s verified signature.
adevade Andréas Lundgren
GPG key ID: 7DD0B8A0125E5871
Verified
Learn about vigilant mode
8a49504 
Containerd is available as an alternative to docker since EKS
v1.21. Starting with EKS v1.23, containerd will also be the default
container runtime. Currently antrea-eks-node-init.yml assumes that
docker is always the container runtime, which means that Antrea cannot
be run on EKS clusters using containerd. We fix this by adding support
for containerd.

We also make a couple of improvements to the startup script in
antrea-eks-node-init.yml, to ensure that it can be run again if the
contents of the script change, which is useful for testing and may also
be useful to roll out patches.

Finally, we update our EKS CI to test with containerd instead of docker,
since containerd will be the default soon.

Fixes #3471

Signed-off-by: Antonin Bas <abas@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antoninbas antoninbas

Labels
area/provider/aws Issues or PRs related to aws provider. kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
Antrea v1.7 release
Development

Successfully merging a pull request may close this issue.

Add support for containerd to antrea-eks-node-init.yml antoninbas/antrea
2 participants
@antoninbas @jsalatiel