Can't run containerized Kubernetes (low-pri)

blackxored · April 9, 2016, 9:05pm

Low priority of course, but in case you’re not aware we can’t run Kubernetes under Docker for Mac.

justincormack · April 12, 2016, 4:04pm

I have had success reports actually. Instructions to reproduce the failure would be useful.

dpratt99 · April 14, 2016, 4:17am

The following docker-compose config fails to start the Kubelet with the error “[Failed to start ContainerManager [open /proc/sys/vm/overcommit_memory: read-only file system, open /proc/sys/kernel/panic: read-only file system, open /proc/sys/kernel/panic_on_oops: read-only file system]]”

version: '2'
services:

  etcd:
    image: gcr.io/google_containers/etcd:2.2.1
    restart: always
    ports:
    - 4001:4001
    volumes:
    - ./volumes/etcd:/var/etcd
    command: >
      /usr/local/bin/etcd
      --listen-client-urls=http://0.0.0.0:4001
      --advertise-client-urls=http://0.0.0.0:4001
      --data-dir=/var/etcd/data

  kubelet:
    image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
    restart: always
    privileged: true
    network_mode: host
    pid: host
    volumes:
    - ./volumes/kubelet:/etc/kubernetes/manifests
    - /var/lib/kubelet:/var/lib/kubelet
    - /var/lib/docker:/var/lib/docker:rw
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /:/rootfs:ro
    command: >
      /hyperkube kubelet
      --containerized=true
      --address="0.0.0.0"
      --allow-privileged=true
      --enable-server
      --api-servers=http://localhost:8080
      --config=/etc/kubernetes/manifests
      --hostname-override="localhost"
      --cluster-dns=10.0.0.10
      --cluster-domain=cluster.local
      --v=1

  proxy:
    image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
    restart: always
    network_mode: host
    privileged: true
    command: >
      /hyperkube proxy
      --master=http://localhost:8080
      --v=1

  apiserver:
    image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
    restart: always
    links:
    - etcd
    ports:
    - 8080:8080
    command: >
      /hyperkube apiserver
      --service-cluster-ip-range=10.0.0.0/16
      --insecure-bind-address=0.0.0.0
      --insecure-port=8080
      --etcd-servers=http://etcd:4001
      --admission-control=NamespaceLifecycle,InitialResources,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
      --min-request-timeout=300
      --allow-privileged=true
      --runtime-config=extensions/v1beta1=true,extensions/v1beta1/daemonsets=true,extensions/v1beta1/deployments=true
      --logtostderr=true
      --v=1

  controller-manager:
    image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
    restart: always
    links:
    - apiserver
    command: >
      /hyperkube controller-manager
      --master=http://apiserver:8080
      --terminated-pod-gc-threshold=100
      --min-resync-period=3m
      --v=1

  scheduler:
    image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
    restart: always
    links:
    - apiserver
    command: >
      /hyperkube scheduler
      --master=http://apiserver:8080
      --v=1

justincormack · April 14, 2016, 10:16am

I think that may have been a known issues with last week’s docker release candidate. We are preparing a new beta today, if you could re-test after the update that would be helpful.

frenchben · April 14, 2016, 6:17pm

More information from @feelobot

http://kubernetes.io/docs/getting-started-guides/docker/ if you run that the api server isn't able to connect even when changing to docker.local:8080

I0413 18:36:43.178340 2387 kubelet.go:2255] skipping pod synchronization - [Failed to start ContainerManager [open /proc/sys/vm/overcommit_memory: read-only file system, open /proc/sys/kernel/panic: read-only file system, open /proc/sys/kernel/panic_on_oops: read-only file system]] 
E0413 18:36:46.100370 2387 event.go:201] Unable to write event: 'Post http://docker.local:8080/api/v1/namespaces/default/events: dial tcp: lookup docker.local: no such host' (may retry after sleeping)

I0413 18:17:07.382523 2101 kubelet.go:2618] Recording NodeHasSufficientDisk event message for node 127.0.0.1 
I0413 18:17:07.384496 2101 kubelet.go:1069] Attempting to register node 127.0.0.1 
I0413 18:17:07.386417 2101 kubelet.go:1072] Unable to register 127.0.0.1 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused

feelobot · April 15, 2016, 3:35am

Thanks!

justincormack · April 15, 2016, 2:23pm

Those errors are from the rc, known issue. If you could retry with the new beta that would help.

fridder · April 29, 2016, 4:39pm

I am still seeing the unable to register errors. Is there a setting wrong in the yml posted or do you have an example of a correct config or steps to get it running?

errordeveloper · April 29, 2016, 4:56pm

Hey folks,

I’ve been able to run it actually, please take a look here: https://github.com/weaveworks/kubernetes-anywhere/blob/master/DOCKER_FOR_MAC.md

Do let me know if you have more questions (file issues, or ask here), as docs are still quite fresh.

Best,
Ilya

fridder · April 29, 2016, 8:29pm

Thank you. It might be nice to detail how to launch your own pods, etc as it is not clear what is mounted where and from where.

jetlabs · May 1, 2016, 1:44pm

I tried the original way to run kubernetes as docker containers and encountered a strange not implemented error. The Kube itself is up and running and responds to kubctl. But running a simple busybox pod hangs at ContainerCreating with the followings message:

{kubelet 127.0.0.1} Warning FailedMount Unable to mount volumes for pod “busybox_default(d4bf38aa-0fa1-11e6-8863-1ec090dbf22e)”: statfs(“/var/lib/kubelet/pods/d4bf38aa-0fa1-11e6-8863-1ec090dbf22e/volumes/kubernetes.io~secret/default-token-g4bjq”): function not implemented

Could it be that statfs() really isn’t implemented?

errordeveloper · May 3, 2016, 3:25pm

@fidder I have improved the docs, please take a look and see if it’s clearer now.

spiddy · May 4, 2016, 11:29am

@errordeveloper looks good, tried it and managed to create the cluster, configured kubectl to point there from Mac’s machine. Can’t figure out how to see services from a browser though. Any hints on a port connectivity mecanisms (outside the docker context - e.g. chrome)?

justincormack · May 4, 2016, 12:36pm

statfs is currently not implemented in shared volumes, we are still working on that.

dsheets · May 4, 2016, 12:41pm

I don’t believe /var/lib/kubelet/pods/d4bf38aa-0fa1-11e6-8863-1ec090dbf22e/volumes/kubernetes.io~secret/default-token-g4bjq should be on a shared volume unless kubernetes is doing something odd.

errordeveloper · May 4, 2016, 1:04pm

@spiddy Kubernetes (via kubectl proxy) provides URL prefixes for you.

Here is the gist:

http://localhost:8081/api/v1/proxy/namespaces/<namespace_name>/services/<service_name>[:port_name]

spiddy · May 4, 2016, 1:29pm

Thanks, that would work. I tried restarting the service and now I get the following error:

➜  ~ docker run \
>   --volume="/:/rootfs" \
>   --volume="/var/run/weave/weave.sock:/docker.sock" \
>     weaveworks/kubernetes-anywhere:toolbox-v1.2 \
>       sh -c 'setup-single-node && compose -p kube up -d'
Creating data volumes container for kubelet (`kubelet-volumes`)...
Docker container `kubelet-volume` aleady exists
Calling `mount  --make-rshared /` to ensure `kubelet-volumes` is functional
Service "kubelet" mounts volumes from "kubelet-pki", which is not the name of a service or container.

any hints?

errordeveloper · May 4, 2016, 1:43pm

@spiddy I’ve seen this once earlier, it’s a bit odd, but I have not managed to reproduce it. To reset, please use docker run ... weaveworks/kubernetes-anywhere:toolbox-v1.2 reset-single-node. I’m testing an up/down wrap at the moment, if you are interested to try it out…

fridder · May 13, 2016, 9:33pm

I am having some occasional success with it but it seems a little brittle, especially with suspend resume.

fridder · May 13, 2016, 10:33pm

Looks like the kublet container is not coming up either after resume or if you exit docker for mac and relaunch. It is exiting with a status of 2 and I am not seeing anything obvious in the logs