cilium: Complexity issue with Linux 4.19.207
Bug report
General Information
- Cilium version
09:19:59 # cilium version
cilium-cli: v0.9.1 compiled with go1.17.1 on linux/amd64
cilium image (default): v1.10.4
cilium image (stable): v1.10.5
cilium image (running): v1.10.4
- Kernel version
Linux control-01 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
- Orchestration system version in use
09:20:03 # kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.15", GitCommit:"58178e7f7aab455bc8de88d3bdd314b64141e7ee", GitTreeState:"clean", BuildDate:"2021-09-15T19:23:02Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.15", GitCommit:"58178e7f7aab455bc8de88d3bdd314b64141e7ee", GitTreeState:"clean", BuildDate:"2021-09-15T19:18:00Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
- Link to relevant artifacts (policies, deployments scripts, …)
None
- Generate and upload a system zip:
Take a look at the .zip in attachment to this issue
How to reproduce the issue
- Install Debian 10 from the latest available ISO
- Install it on a Virtual Machine. (I’m using VmWare 6.5.x)
- Create a total of VM Like this. (3 Controle Plane node / 3 Worker nodes)
- Run
apt update; apt upgradeon all VMs. - Configure Kubernetes apt repository
- Run
apt install kubeadm=1.19.15-00 kubectl=1.19.15-00 kubelet=1.19.15-00 dockeron all VMs. - Run
apt install iproute2on all VMs. - Configure a load balancer for the control plane endpoint (I’m using haproxy/keepalived), it must listen on port 6444
- Run
kubeadm init --control-plane-endpoint k8s-apiserver:6444 --pod-network-cidr 10.217.0.0/16 --upload-certs - Run the join command for control plane on two Control Plane node.
- Run the join command for worker node, on the three remaining node
- Install cilium-cli
- Run
cilium install - Run
cilium status --verbose
Result: You should have this error:
cilium-health-ep 11m12s ago 4s ago 28 Get "http://10.0.0.35:4240/hello": dial tcp 10.0.0.35:4240: connect: no route to host
And a cluster health like this:
Cluster health: 0/6 reachable (2021-10-20T09:07:56Z)
Name IP Node Endpoints
kubernetes/worker-02 (localhost) 100.121.22.21 reachable unreachable
kubernetes/control-01 100.121.22.10 reachable unreachable
kubernetes/control-02 100.121.22.11 reachable unreachable
kubernetes/control-03 100.121.22.12 reachable unreachable
kubernetes/worker-01 100.121.22.20 reachable unreachable
kubernetes/worker-03 100.121.22.22 reachable unreachable
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 5
- Comments: 26 (11 by maintainers)
Commits related to this issue
- Update to kernel 4.19.210 A new complexity issue was reported in cilium/cilium with default configuration on kernel 4.19.208+ [1]. We can update our 4.19 image to try and catch it if it affects Ciliu... — committed to cilium/packer-ci-build by pchaigno 3 years ago
- Update to kernel 4.19.210 A new complexity issue was reported in cilium/cilium with default configuration on kernel 4.19.208+ [1]. We can update our 4.19 image to try and catch it if it affects Ciliu... — committed to cilium/packer-ci-build by pchaigno 3 years ago
- Update to kernel 4.19.210 A new complexity issue was reported in cilium/cilium with default configuration on kernel 4.19.208+ [1]. We can update our 4.19 image to try and catch it if it affects Ciliu... — committed to cilium/packer-ci-build by pchaigno 3 years ago
- Revert "Update to kernel 4.19.210" This reverts commit 29fcc296cac7bc42f4b366a6054d169e2fbaee68. From that commit: A new complexity issue was reported in cilium/cilium with default configur... — committed to cilium/packer-ci-build by pchaigno 2 years ago
- Revert "Update to kernel 4.19.210" This reverts commit 29fcc296cac7bc42f4b366a6054d169e2fbaee68. From that commit: A new complexity issue was reported in cilium/cilium with default configur... — committed to cilium/packer-ci-build by pchaigno 2 years ago
- bpf: disable cluster aware addressing in 4.19 complexity tests The bpf_lxc complexity test fails on current 4.19 kernels due to a backported kernel fix [0] that increases complexity across the board.... — committed to cilium/cilium by lmb a year ago
- bpf: disable cluster aware addressing in 4.19 complexity tests The bpf_lxc complexity test fails on current 4.19 kernels due to a backported kernel fix [0] that increases complexity across the board.... — committed to cilium/cilium by lmb a year ago
Thank you for the report.
As @joamaki pointed out, this is a complexity failure on
bpf_lxc.cI believe this might be potentially fixed by a backport of https://github.com/cilium/cilium/pull/17573. The latter depends on a backport of a test #17652, that we are currently working on. CC: @pchaigno. So I’m hoping we will have a potential fix for this soon.
Hello ! Same problem here. We are using Debian 10 and cilium no longer works with 4.19.0-18-amd64 but works with 4.19.0-17-amd64.
We are using k8s 1.21.1 with cri-o 1.21.3. The helm command to install cilium was :
Same Problem in Debian10(kernel version 4.19.20 and 4.19.235)
I install cilium with
cilium-cli installin 4.19.20 and then get error logs like this:I try to compile kernel 4.19.235 with required options,
but still get the same wrong. Finally I upgrade a node (i have two node in cluster ) to 5.10.120 and fix this issue.
Here is my currently enviroment
Cilium Version
Nodes Info
Cilium Config
Sysdump cilium-sysdump-20220706-093835.zip
fixed this error by downgrading kernel from
4.19.0-18-amd64to4.19.0-17-amd64Yes
Thanks!
You can also use
quay.io/cilium/cilium-ci:v1.10if you want to test it before the release.Previously mentioned fix was backported in 1.10 and would be part of the next release. @Izual750 it would be great If you could test latest 1.10 and check whether it solves your issue.