cri-o: crio on minikube: could not add IP address to "cni0": permission denied
hi we have added crio run-time to our newest minikube drivers (docker and podman). we have a an issue that was hoping you could help us find the root cause,
currently only in docker driver (not our VM drivers) the coreDNS container is stuck in creating and gives this error:
Warning FailedCreatePodSandBox 5m56s kubelet, crio-20200409t233749.209311739-13478 Failed create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_coredns-5d4dd4b4db-jbm6d_kube-system_77d4783a-a3dd-411e-94f5-7832cc34a3dc_0(9be71bb67410c84168e0a5b940360b84c0a15b1e1acb877d19cec4259cd3f442): failed to set bridge addr: could not add IP address to "cni0": permission denied
so the error is:
failed to set bridge addr: could not add IP address to "cni0": permission denied
but doesnt say what kind of permission it needs and any way we could see more details?
we apply the same cni overlay network for containerd (and containerd works in docker driver) but crio doesnt work. any chance anyone here knows why?
here is the related issue on minikube repo if you need more debugging notes: https://github.com/kubernetes/minikube/issues/7380
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 16 (8 by maintainers)
I was able to resolve my issue finally. I don’t remember exactly what I did before it started to not work, but to resolve it I disabled ipv6. Once I disabled ipv6 it still gave the same error and then once I updated the bridge config to remove ipv6 range, it started to work ok and the error message went away.
Thx, i fix it with:
I tried this method and it works. The crio cni files have ipv6 by default. My host did not have IPv6 enabled. This work around is useful in cases IPv6 is disabled on the host or not correctly configured.
@medyagh FYI