Comments (2)
youngnick
commented on June 16, 2024
Thanks for this issue @Raboo, but from a quick google it seems like this issue is relatively common for rootless or other non-full Docker instalattions. Some links I found that show some more info:
https://unix.stackexchange.com/questions/117414/confusion-about-mount-options#
nextcloud/all-in-one#3177 as well.
Because /sys/fs/bpf is needed by many things, I don't think that we can get around the requirement that it needs to be a shared mount.
To be honest, I'm not sure what Cilium can do to help here, without that mount being set to shared Cilium won't be able to write to that filesystem properly.
from cilium.
Raboo
commented on June 16, 2024
After some extensive searching I finally found the cause. It doesn't have anything to do with rootless or docker.
It's a default in Alpine Linux to make it more secure. It doesn't mount file systems as "shared".
Someone did a nice writeup in a blog post about this issue in 2021 https://www.adyxax.org/blog/2021/07/30/private-and-shared-mounts/.
k3d made a work-around for this k3d-io/k3d#1268.
OpenRC has a issue and a open pr to make "shared" mounting as an option OpenRC/openrc#526.
And the issue has also been reported to Alpine Linux issue tracker https://gitlab.alpinelinux.org/alpine/aports/-/issues/13565.
So this is more of a Alpine/OpenRC issue. Should be handled by them.
from cilium.
Related Issues (20)
- Report the use of components with vulnerabilities in cilium
- TCP connection drops with LB mode: DSR ON when trying to reach ingress endpoint from outside the cluster
- Linux 5.10 (minikube ISO) crashes on "address family not supported by protocol" HOT 1
- Gateway API 1.1.0 released HOT 10
- enable-nat46x64-gateway breaks network connectivity over tun interfaces HOT 2
- Issues with Cilium in eBPF replacement mode on Rocky 9.1 HOT 1
- Ingress paths with multiples match does not give precedence to the longest match HOT 1
- Move program attachment logic out of `replaceDatapath()`
- Stale service conntrack entries causing packet drop HOT 4
- Cilium dropping IPIP packets w/ unknown drop reason of 119 HOT 16
- CFP: add loadBalancerSourceRanges to the Gateway HOT 1
- CFP: add loadBalancerSourceRanges to the Gateway listeners
- Ingress annotations not propagated to the generated Kubernetes service object HOT 1
- Delayed NLRI withdrawl for ingress-nginx endpoint removal HOT 3
- CFP: propagate gateway annotation for source-range to the load-balancer managed by the gateway
- Problems with coredns timeouts and pods DNS resolution with bpf.masquerade enabled HOT 7
- CFP: Support Gateway API v1.1.0
- CFP: don`t EnableIPv4Masquerade=false when lb-only HOT 4
- Helm Values: preflight.nodeSelector Does Not Render Correctly HOT 2
- Unable to reach the kube-dns from external workload HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cilium.