Problem building the vault-secrets-operator - control-plane not ready

nealef · March 11, 2024, 5:22am

When building the operator (from within a container) with make setup-kind I get:

Creating cluster "vault-secrets-operator" ...
 ✓ Ensuring node image (kindest/node:v1.29.0) 🖼
 ✓ Preparing nodes 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing CNI 🔌
 ✓ Installing StorageClass 💾
 ✗ Waiting ≤ 5m0s for control-plane = Ready ⏳
 • WARNING: Timed out waiting for Ready ⚠️

On the container vault-secrets-operator-control-plane the kubectl describe node reports:

Conditions:
  Type             Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----             ------  -----------------                 ------------------                ------                       -------
  MemoryPressure   False   Fri, 08 Mar 2024 09:42:21 +0000   Fri, 08 Mar 2024 09:42:15 +0000   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure     False   Fri, 08 Mar 2024 09:42:21 +0000   Fri, 08 Mar 2024 09:42:15 +0000   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure      False   Fri, 08 Mar 2024 09:42:21 +0000   Fri, 08 Mar 2024 09:42:15 +0000   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready            False   Fri, 08 Mar 2024 09:42:21 +0000   Fri, 08 Mar 2024 09:42:15 +0000   KubeletNotReady              container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized

The container I am running the make from is started with:

docker run --rm -it --privileged -v /var/run/docker.sock:/var/run/docker.sock \
            -v ${PWD}/output:/output operator:builder

Is this a valid means of building the operator or am I missing runtime options on the docker command?

TIA… Neale

nealef · March 20, 2024, 3:18am

I’ve also run it not in a container and get the same result. This is what’s in /opt/cni/bin:

$ docker exec vault-secrets-operator-control-plane ls -l /opt/cni/bin
total 16024
-rwxr-xr-x. 1 root root 3743985 Mar  7 04:36 host-local
-rwxr-xr-x. 1 root root 3756761 Mar  7 04:36 loopback
-rwxr-xr-x. 1 root root 4223485 Mar  7 04:36 portmap
-rwxr-xr-x. 1 root root 4669785 Mar  7 04:36 ptp

and verified they are executable:

CNI host-local plugin version unknown
CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0

CNI loopback plugin version unknown
CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0

CNI portmap plugin version unknown
CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0

CNI ptp plugin version unknown
CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0

nealef · March 20, 2024, 4:46am

I think the problem is this:

  Normal   Pulling    5m4s (x4 over 6m37s)   kubelet            Pulling image "docker.io/kindest/kindnetd:v20240202-8f1494ea"
  Warning  Failed     5m3s (x4 over 6m37s)   kubelet            Failed to pull image "docker.io/kindest/kindnetd:v20240202-8f1494ea": rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/kindest/kindnetd:v20240202-8f1494ea": no match for platform in manifest: not found

On my local system I have:

kindest/kindnetd                                v20240202-8f1494ea   ae891eac5e20   26 minutes ago      63.8MB
gcr.io/k8s-staging-kind/kindnetd                v0.22.0              ae891eac5e20   26 minutes ago      63.8MB

However, it appears k8s is trying to pull from docker.io where no image for my architecture is living. I think I can override it by changing /kind/manifests/default-cni.yaml by updating const_cni.go.

nealef · March 21, 2024, 4:34am

That was the key and once done things came up and built cleanly.