Ask questionsrootless image didn't work on OKD (OpenShift) 3.11
Tried to deploy a rootless buildkit image to OKD 3.11 using https://raw.githubusercontent.com/tektoncd/catalog/master/buildkit/0-buildkitd.yaml and resulted pod in "Crash Loop Back-off" status. The logs showed the following error: "[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: invalid argument"
Answer
questions
AkihiroSuda
Seems SELinux needs to be disabled
$ crc version
version: 1.0.0-rc.0+34371d3
OpenShift version: 4.2.0-0.nightly-2019-09-26-192831 (embedded in binary)
$ kubectl --as=system:admin run --generator=run-pod/v1 --image=moby/buildkit:master-rootless bkinstance -- --oci-worker-no-process-sandbox
apiVersion: v1
kind: Pod
metadata:
annotations:
k8s.v1.cni.cncf.io/networks-status: |-
[{
"name": "openshift-sdn",
"interface": "eth0",
"ips": [
"10.128.1.17"
],
"default": true,
"dns": {}
}]
openshift.io/scc: anyuid
creationTimestamp: "2019-10-05T17:03:55Z"
labels:
run: bkinstance
name: bkinstance
namespace: foo
resourceVersion: "429816"
selfLink: /api/v1/namespaces/foo/pods/bkinstance
uid: 1d46025b-e792-11e9-97a2-a23a971945de
spec:
containers:
- args:
- --oci-worker-no-process-sandbox
image: moby/buildkit:master-rootless
imagePullPolicy: IfNotPresent
name: bkinstance
resources: {}
securityContext:
capabilities:
drop:
- MKNOD
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-vb7vk
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: default-dockercfg-n7tss
nodeName: crc-chc9n-master-0
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
seLinuxOptions:
level: s0:c23,c7
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-vb7vk
secret:
defaultMode: 420
secretName: default-token-vb7vk
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-10-05T17:03:55Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-10-05T17:04:04Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-10-05T17:04:04Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-10-05T17:03:55Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: cri-o://8dc443f1b193df00f402289600ca1a68d9e7b68b810ad09291e1836b9305ef9b
image: docker.io/moby/buildkit:master-rootless
imageID: docker.io/moby/buildkit@sha256:d20c76a25eaa61a7e834177ae301d1f7ed77bc32d8ca05db71237265e1cc906d
lastState: {}
name: bkinstance
ready: true
restartCount: 0
state:
running:
startedAt: "2019-10-05T17:04:04Z"
hostIP: 192.168.64.9
phase: Running
podIP: 10.128.1.17
qosClass: BestEffort
startTime: "2019-10-05T17:03:55Z"
$ buildctl --addr=kube-pod://bkinstance build --frontend dockerfile.v0 --local context=. --local dockerfile=.
[+] Building 6.0s (5/5) FINISHED
=> [internal] load build definition from Dockerfile 0.2s
=> => transferring dockerfile: 58B 0.1s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.1s
=> [internal] load metadata for docker.io/library/alpine:latest 4.9s
=> [1/2] FROM docker.io/library/alpine@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb 1.0s
=> => resolve docker.io/library/alpine@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb 0.0s
=> => sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4 1.51kB / 1.51kB 0.0s
=> => sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb 1.64kB / 1.64kB 0.0s
=> => sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f 528B / 528B 0.0s
=> => sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609 2.79MB / 2.79MB 0.5s
=> => unpacking docker.io/library/alpine@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01f 0.2s
=> ERROR [2/2] RUN echo 0.0s
------
> [2/2] RUN echo:
------
error: failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to build LLB: failed to prepare v1k1qloq4dpenml2ogrum48b3: copying of parent failed: failed to copy xattrs: failed to set xattr "security.selinux" on /home/user/.local/share/buildkit/runc-native/snapshots/snapshots/new-431277440/bin/arch: operation not supported
Related questions