kind: Can't run KIND on ChromeOS Linux VM
What happened: I tried to run kind (v0.4.0) on the Linux VM in Chrome OS 75.0.3770.144:
aludwin@penguin:~$ kind create cluster
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.15.0) 🖼
✓ Preparing nodes 📦
✗ Creating kubeadm config 📜
Error: failed to create cluster: failed to get kubernetes version from node: failed to get file: exit status 1
Based on the error and a quick look at the source code, I decided to try to run kindest/node manually, and got the following result:
aludwin@penguin:~$ docker run kindest/node:v1.15.0 -it /bin/bash
mount: /sys: permission denied.
I suspect (but have not tried to confirm) that this comes from the following lines in images/base/entrypoint:
fix_mount() {
echo 'INFO: ensuring we can execute /bin/mount even with userns-remap'
# necessary only when userns-remap is enabled on the host, but harmless
# The binary /bin/mount should be owned by root and have the setuid bit
chown root:root /bin/mount
chmod -s /bin/mount
# This is a workaround to an AUFS bug that might cause `Text file
# busy` on `mount` command below. See more details in
# https://github.com/moby/moby/issues/9547
sync
echo 'INFO: remounting /sys read-only'
# systemd-in-a-container should have read only /sys
# https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
# however, we need other things from `docker run --privileged` ...
# and this flag also happens to make /sys rw, amongst other things
mount -o remount,ro /sys
What you expected to happen: Cluster gets created.
How to reproduce it (as minimally and precisely as possible):
If my suspicion that the problems is in the entrypoint is correct, docker run kindest/node:v1.15.0 -it /bin/bash should be sufficient. If that’s wrong, kind create cluster reliably reproduces.
Anything else we need to know?:
Environment:
- kind version: v0.4.0
- Kubernetes version: n/a
- Docker version: 19.03.1
- OS: Chrome OS 75.0.3770.144. VM is running Debian 9.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 6
- Comments: 31 (17 by maintainers)
Hi! 👋
you can configure kind to use a particular port with
kind create cluster --config=config.yamlandconfig.yaml:That’s a bit more of a blocker.
Each kind “node” docker container is
--privilegedin order to run containerd / pods on the inside, each kubelet needs its own container runtime. To run pods we need proc, cgroups, mounting …It might be possible to hack up kind to use usermode Linux instead but that’s going to be fairly involved.
If I read the logs from @adrianludwin correctly though, we actually manage to create those containers, but it fails once we try to use
mountinside them. Besides the re-mounting we do*, I believe kubelet needs permission tomountin order to setup pods etc.* (changing
/systo read only, docker forces/systo a read-write mount if you specify--privileged),I would like to inform you I can run KinD on ChromeOS: either with docker or with podman (running from root).
First I enabled nesting mode for LXC container: it is requirement for Docker on ChromeOS. After
ctrl+alt+tin Chrome:Then:
The reason why KinD fails is LXC container misses some devices (/dev/kmsg, /dev/mapper/control) then kubelet panics.
Also rootless setup doesn’t work because either it doesn’t have bridge-nf-call-iptables or cgroups v2. I think it is not a problem if KubeletInUserNamespace is used and docker or podman are started from root.
oh, it works after changing the /etc/libvirt/qemu.conf and rebooting the chrome book! Thanks @cbandy ! add these lines: user = “root” group = “root” remember_owner = 0
@maxamillion I’m sorry. It works for me: very fresh ChromeOS with bookworm (fresh install, not an upgrade) with Docker 24.0.7 and kind v0.20.0:
You can try
docker logs -f kind-control-planefor troubleshooting. Also:Thanks @keyonjie I updated my blog with the additional steps.
I used ChromeOS debian (Crostini) environment, no additional changes were required. I used a Pixelbook i7 16Gb and a Asus CN60 i7 16Gb to test. I posted the blog post over a year ago, so may require some changes?
Thanks for sharing @rosera . I am going to try what you have shared. Can you share more details about your environment? e.g. we should perform all commands on ChromeOS/crostini/debian (or ubuntu? 20.04?)
FYI - ChromeOS supports minikube. I havent tried Kind, so not sure if this works. I wrote how to run Minikube here https://richrose.dev/posts/chromeos/productivity/chromeos-minikube/
Hey, I am highly interested in getting this working on ChromeOS (I raised the original ticket reference https://bugs.chromium.org/p/chromium/issues/detail?id=878034). Thanks very much for the tips regarding debugging - very helpful.
I plan to investigate a bit more over the coming weekend. My thoughts at the moment relate to the container being restricted on the accessible ports available to Crostini. K8s ports are not on the existing list of default ports. I believe you can enable them, so it might be trial and error for this to work. Beyond that there is also the use of a privileged container - which I understood was not supported on Crostini? This is more of an issue and one which I do not think will be enabled due to security concerns.
Running the
docker runcommand on its own, without-d, has the same result I got initially:Re #462: I did see that bug but I thought this was something different. My computer successfully got past the “preparing nodes” step but died on the next “Creating kubeadm config” step.
Can I provide any more details that would help with this? Agreed that there’s a chance ChromeOS won’t want to “fix” this but I’m motivated to push on it a bit 😃
Here’s the result of the debug logs:
I’ll try to reproduce this more precisely.