rancher: Update: Rancher 2.5: alone install k3s and can't start without privileged

bug:

Steps to reproduce:

  1. Install Rancher Docker Admin on A server.
  2. Install from Admin with rancher-docker-agent K8S cluster on B server (without ingress, replaced gitlab managed apps ingress)
  3. update docker rancher Admin on A server to 2.5. 3.1. rancher can’t start without privileged:
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
*looped

3.2. add privileged: true to docker-compose.yml and start rancher docker Admin 4. update from docker Admin B-cluster config to kubernetes 1.19.2 !!! 5. Rancher alone install k3s on A-server 6. update k3s to 1.19.2 !!!

  1. stop Rancher docker Admin
curl -sfL https://get.k3s.io | sh
/usr/local/bin/k3s-uninstall.sh
  1. Rancher again require privilege to start docker admin:
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
rancher    | ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes

Result: loop installation k3s without possibility remove

Environment information

  • Rancher version 2.5 (latest)
  • K8S 1.19.2
  • k3s 1.19.2
  • Ubuntu 18.04

Cluster information

  • Cluster type Hosted
  • Machine type virtual in ESXi on bare-metal
  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-09-30T19:31:27Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
  • Docker version (use docker version):
docker version
Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:02:36 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:01:06 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 3
  • Comments: 15 (2 by maintainers)

Most upvoted comments

sudo docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v /host/rancher:/var/lib/rancher rancher/rancher --acme-domain rancher.example.com

+9
demangejeremy on Nov 19, 2020

It worked for me by just providing the privileged flag.

docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

+9
rezicosta on Oct 16, 2020

I have the same issue while trying Rancher Vagrant quickstart. Rancher server keeps restarting and logs show ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes.

+3
alphabetek on Oct 23, 2020

It’s not “unnecessary” and isn’t new (though it hasn’t always been k3s). Rancher runs only in a kubernetes cluster; everything depends on CRDs and controllers. The single docker container version has always contained a single node kubernetes cluster inside of it to run that.

The only thing that’s new is that it’s exposed (as “local”) to be selected all the time now, because there are new features that use it.

+1
vincent99 on Nov 19, 2020

@alphabetek @rezicosta problem not in privileged access, rancher docker with update install new local k3s cluster and I can’t remove this cluster, can’t disable install k3s with docker start rancher (admin dashboard UI). I not found info about k3s with docker image in documentation and was force remove rancher, downgrade to 2.4.8 without k3s autoinstall and reinstall rancher docker again.

+1
meteoritt on Oct 31, 2020
Read more comments on GitHub
← rancher: Unable to update istio configuration in air-gapped environment in Rancher v2.5.x
rancher: Upgrade to 2.6.5 breaks default admin cluster role , with okta integration →