Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate need for k8s prestart-pull-pause-ctr #3088

Open
stmcginnis opened this issue May 5, 2023 · 1 comment
Open

Investigate need for k8s prestart-pull-pause-ctr #3088

stmcginnis opened this issue May 5, 2023 · 1 comment
Labels
area/kubernetes K8s including EKS, EKS-A, and including VMW status/research This issue is being researched type/bug Something isn't working

Comments

@stmcginnis
Copy link
Contributor

Description:

We currently have a drop-in for the pause container. @bcressey raised the question about it here: #3046 (comment)

https://github.com/bottlerocket-os/bottlerocket/blob/develop/packages/kubernetes-1.22/prestart-pull-pause-ctr.conf

We should add comments explaining why it is needed, or determine if there is anything to be done to drop it.

Possibly related, all current k8s variants no longer need dockershim.sock once 1.22 is dropped, but this file refers to it. If it's the just for this, we should see if it can be dropped.
@stmcginnis stmcginnis added type/bug Something isn't working area/kubernetes K8s including EKS, EKS-A, and including VMW status/research This issue is being researched labels May 5, 2023
@stmcginnis
Copy link
Contributor Author

I was able to track down when and why this was introduced: #382

Updating PR to implement image fetch from ECR before kubelet starts so containerd is able to start pause containers without needing to auth to ECR (which it cannot do),

Tried removing the pull from a build. Deploying the node failed to join the cluster. Got log messages indicating the original reason for adding this still appears to be true.

Jun 27 13:03:54 ip-192-168-32-115.us-east-2.compute.internal kubelet[1168]: E0627 13:03:54.982296    1168 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"aws-node-7kprb_kube-system(66688bb4-0a4c-42db-9286-d79d2acb027d)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"aws-node-7kprb_kube-system(66688bb4-0a4c-42db-9286-d79d2acb027d)\\\": rpc error: code = Unknown desc = failed to get sandbox image \\\"602401143452.dkr.ecr.us-east-2.amazonaws.com/eks/pause:3.1-eksbuild.1\\\": failed to pull image \\\"602401143452.dkr.ecr.us-east-2.amazonaws.com/eks/pause:3.1-eksbuild.1\\\": failed to pull and unpack image \\\"602401143452.dkr.ecr.us-east-2.amazonaws.com/eks/pause:3.1-eksbuild.1\\\": failed to resolve reference \\\"602401143452.dkr.ecr.us-east-2.amazonaws.com/eks/pause:3.1-eksbuild.1\\\": pulling from host 602401143452.dkr.ecr.us-east-2.amazonaws.com failed with status code [manifests 3.1-eksbuild.1]: 401 Unauthorized\"" pod="kube-system/aws-node-7kprb" podUID=66688bb4-0a4c-42db-9286-d79d2acb027d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kubernetes K8s including EKS, EKS-A, and including VMW status/research This issue is being researched type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stmcginnis