mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-05-13 02:30:07 +00:00
4ce00ea434
When running Kata Containers on CSPs, the CSPs may enforce their
clusters to be IPv4-only.
Checking the OCI spec passed down to container, on a GKE cluster, we can
see:
```
"sysctl": {
...
"net.ipv6.conf.all.disable_ipv6": "1",
"net.ipv6.conf.default.disable_ipv6": "1",
...
},
```
Even with ipv6 being explicitly disabled (behind our back ;-)), we've
noticed that IPv6 addresses would be received, but then as IPv6 was
disabled we'd break on CreatePodSandbox with the following error:
```
Warning FailedCreatePodSandBox 4s kubelet Failed to
create pod sandbox: rpc error: code = Unknown desc = failed to create
containerd task: failed to create shim task: "update interface: Failed
to add address fe80::c44c:1cff:fe84:f6b7: NetlinkError(ErrorMessage {
code: Some(-13), header: [64, 0, 0, 0, 20, 0, 5, 5, 19, 0, 0, 0, 0, 0,
0, 0, 10, 64, 0, 0, 2, 0, 0, 0, 20, 0, 1, 0, 254, 128, 0, 0, 0, 0, 0, 0,
196, 76, 28, 255, 254, 132, 246, 183, 20, 0, 2, 0, 254, 128, 0, 0, 0, 0,
0, 0, 196, 76, 28, 255, 254, 132, 246, 183] })\n\nStack backtrace:\n
0: <unknown>\n 1: <unknown>\n 2: <unknown>\n 3: <unknown>\n 4:
<unknown>\n 5: <unknown>\n 6: <unknown>\n 7: <unknown>\n 8:
<unknown>\n 9: <unknown>\n 10: <unknown>": unknown
```
A huge shoutout to Fupan Li for helping with the debug on this one!
Fixes: #11200
Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>