k3s: Failed to start ContainerManager open /proc/sys/kernel/panic: permission denied

Version:

k3s version v1.0.1 (e94a3c60)

Describe the bug

Failed to start ContainerManager open /proc/sys/kernel/panic: permission denied

To Reproduce

install k3s using the get shell script (without any special parameters) run kubectl get nodes

Expected behavior

I would like to see at least the current host

Actual behavior

Instead The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port? gets displayed

Additional context

I checked the log by running journalctl -u k3s. There I can see this at the end:

Dez 21 22:36:49 h12345678.stratoserver.net k3s[2328]: F1221 22:36:49.814798    2328 kubelet.go:1380] Failed to start ContainerManager open /proc/sys/kernel/panic: permission denied

As you can see I run this on a Strato VPS which uses Virtuozzo. In former times Strato didn’t support docker on their virtualization platform but starting from November 2019 they do: https://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/setting-up-docker-in-containers.html I checked the server, it is able to run docker (in this case 18.09.7) without issues. The server uses Ubuntu 18.04.3.

This is the output of k3s check-config:

 sha256sum: good
- links: good

System:
- /sbin iptables v1.6.1: older than v1.8
- swap: disabled
- routes: ok

Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000

modprobe: module configs not found in modules.dep
error: cannot find kernel config 
  try running this script again, specifying the kernel config:
  set CONFIG=/path/to/kernel/.config or add argument /path/to/kernel/.config

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (1 by maintainers)

Most upvoted comments

Could you solve your problem with Strato and Kubernetes in the meantime? We have exactly the same problem. Do you know anything new?

+2
jewelt on May 7, 2020

One more note: I played some more with the VPS and installed wireguard. Wireguard somehow detected a version: Building for 4.15.0 and 4.15.0-72-generic.

+1
mar1ged on Dec 22, 2019

Docker requires less privileges/kernel modules than K8S/K3S.

why should I install a kernel?

I recommended it because this issue:

modprobe: module configs not found in modules.dep

often happens where there is a mismatch between installed kernel and installed headers. Then simply installing a kernel again usually fixes it. But I installed different version on that Virtuozzo VPS and I am not even able to boot it up.

+1
DavidZisky on Dec 22, 2019
Read more comments on GitHub
← k3s: Failed to start agent (node.crt) 403 forbidden
k3s: Fresh K3s install fails to start with \"k3s-server\": executable file not found in $PATH →