ksync: ksync init cannot connect to docker daemon
hi, I am trying to run ksync init to set up ksync on a CodeReady Containers cluster running locally on my Fedora machine
ksync init failed with this message:
[ /redhat-actions/openshift-actions-connector/containerize ] 47 (main) $ ksync init
==== Preflight checks ====
==== Cluster Environment ====
==== Postflight checks ====
↳ rpc error: code = Unknown desc = Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version": dial unix /var/run/docker.sock: connect: permission denied
FATA[0001]
Adding sudo results in the same error message.
dockerd is running and i can run all docker commands as my current user since I am part of the docker group.
Thanks for any help
[ /redhat-actions/openshift-actions-connector/containerize ] 06 (main) $ ksync version
ksync:
Version: Release
Go Version: go1.16.2
Git Commit: 14ec9e2
Git Tag: 0.4.7-hotfix
Built: Wed Mar 24 22:04:50 +0000 2021
OS/Arch: linux/amd64
service:
Version: Release
Go Version: go1.16.2
Git Commit: 14ec9e2
Git Tag: 0.4.7-hotfix
Built: Wed Mar 24 22:08:03 +0000 2021
[ /redhat-actions/openshift-actions-connector/containerize ] 06 (main) $ docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server:
Containers: 14
Running: 0
Paused: 0
Stopped: 14
Images: 616
Server Version: 20.10.5
Storage Driver: btrfs
Build Version: Btrfs v5.10
Library Version: 102
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
cgroupns
Kernel Version: 5.10.23-200.fc33.x86_64
Operating System: Fedora 33 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 31.11GiB
Name: tims-fedora
ID: 2TP6:X5QS:VJ36:ZABX:GMIV:J6R3:Q5DW:44JZ:EGSR:MR3G:R3IZ:G42Z
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: Support for cgroup v2 is experimental
About this issue
- Original URL
- State: open
- Created 3 years ago
- Comments: 17
I’m not sure if this helps or not but I ran into a similar issue - not 100% the same as the one described here (maybe closer to #289). I’m currently using microk8s on macOS Big Sur (microk8s is installed/configured/managed via multipass and is a VirtualBox VM). After a bit of debugging it turned out that the
rpc error: code = Unknown desc = Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?error that I was getting was because the ksync pod couldn’t access the Docker socket - which makes total sense because in my situation Docker is running on macOS not inside the VirtualBox VM.What I did to work around this until I can come up with a better solution was run two socat instances, the first on macOS exposing /var/run/docker.sock as a TCP service:
socat -d TCP-LISTEN:17443,reuseaddr,fork UNIX-CLIENT:/var/run/docker.sockthen another inside the VM connecting to the TCP service on macOS and recreating the socket in /var/run/docker.sock:
sudo socat -d UNIX-LISTEN:/var/run/docker.sock,reuseaddr,fork TCP:[macOS host IP]:17443This is a total hack for now but I just needed to determine where the issue was.
I first attempted to share /var/run/docker.sock into the VM but due to it being a unix socket it looses access to the kernel inside the VM and becomes a file - socat to the rescue 😉
@tetchel Looks like you’re using BTRFs as a storage driver. Unfortunately
ksyncdoesn’t support that right now.