"portmap" plugin lost

[delfer]

Flannel v0.9.1 image does not contains "portmap" plugin enabled in 014b2d5#diff-7891b552b026259e99d479b5e30d31ca

Expected Behavior

working cluster

Current Behavior

kube-dns pod in ContainerCreating state with Failed create pod sandbox.
journalctl shows:

cni.go:319] Error deleting network: failed to find plugin "portmap" in path [/opt/flannel/bin /opt/cni/bin]
remote_runtime.go:115] StopPodSandbox "8046a5441a0f18637c643665d0d7bbf77ced11a0e987f9ee1f633e8e95afe952" from runtime service failed: rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod "kube-dns-545bc4bfd4-sbhpp_kube-system" network: failed to find plugin "portmap" in path [/opt/flannel/bin /opt/cni/bin]
kuberuntime_gc.go:152] Failed to stop sandbox "8046a5441a0f18637c643665d0d7bbf77ced11a0e987f9ee1f633e8e95afe952" before removing: rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod "kube-dns-545bc4bfd4-sbhpp_kube-system" network: failed to find plugin "portmap" in path [/opt/flannel/bin /opt/cni/bin]

Possible Solution

Do not enable portmap http://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml

Steps to Reproduce (for bugs)

1. kubeadm init --pod-network-cidr=10.244.0.0/16
2. kubectl apply -f http://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
3. kubeadm init join ...

Your Environment

• Flannel version: v0.9.1
• Backend used (e.g. vxlan or udp): vxlan
• Kubernetes version (if used): v1.8.4
• Operating System and version: Debian 9

[magic7s]

I have this issue as well.
OS: Ubuntu 16.04
root@ip-10-0-0-10:~# dpkg-query -L kubernetes-cni /. /opt /opt/cni /opt/cni/bin /opt/cni/bin/dhcp /opt/cni/bin/host-local /opt/cni/bin/bridge /opt/cni/bin/tuning /opt/cni/bin/macvlan /opt/cni/bin/flannel /opt/cni/bin/cnitool /opt/cni/bin/ptp /opt/cni/bin/loopback /opt/cni/bin/ipvlan /opt/cni/bin/noop

Fixed by downloading portmap to /opt/cni/bin
https://github.com/projectcalico/cni-plugin/releases/download/v1.9.1/portmap

[osoriano]

Sounds like there are two workarounds.

1. Use the 0.9.1 kube-flannel.yml
2. Update the CNI plugin installation on the host

AFAIK we don't package CNI plugins into the flannel image. Maybe we should update the docs? Sorry for the breakage, the portmap plugin is used for hostPort support

[tomdee]

@osoriano Thanks for the summary.

IIUC this is only a problem for people using the kube-flannel.yml from master. It would be great to find a way to stop people from doing that!

And it would also be great if flannel had a better way of ensuring that the CNI plugins it needs are installed on the host, maybe https://github.com/coreos/flannel-cni could be updated to install the portmap plugin

[klausenbusk]

maybe https://github.com/coreos/flannel-cni could be updated to install the portmap plugin

https://github.com/coreos/flannel-cni already install the portmap plugin and is used by bootkube where the portmap plugin is enabled.

[cmoscardi]

+1, just ran into this

[ghost]

I have used flannel-cni:v0.3.0 as initContainer to copy portmap (and flannel!) from the container to the host and ... portmapping is still not working, hostPort has no effect
I was checking with the netstat -lptn command and it was not showing me open ports, I think because they are in the different network namespace. Accessing the host on the hostPort from the outside works as expected.

[klausenbusk]

I was checking with the netstat -lptn command and it was not showing me open ports, I think because they are in the different network namespace. Accessing the host on the hostPort from the outside works as expected.

portmap works by creating a iptables rule.. Check with iptables-save | grep <port> or something like that.

[ghost]

@klausenbusk after I discovered that hostPort is accessible, I have also used iptables to check the rules. Just didn't mention this in the previous comment.

[fengyd2018]

The 0.9.1 kube-flannel.yml is used, but hostPort still cannot work.
Any extra work is needed?

Enviroment:
Linux master 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

CentOS Linux release 7.4.1708 (Core)

[root@master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.3", GitCommit:"d2835416544f298c919e2ead3be3d0864b52323b", GitTreeState:"clean", BuildDate:"2018-02-07T11:55:20Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

[ghost]

The 0.9.1 kube-flannel.yml is used

You mean this file? As you can clearly see, the portmapping is not enabled in the ConfigMap. Cf. https://github.com/coreos/flannel/blob/ce1f224dbd4f00f4abf6009bf412c31618d73921/Documentation/kube-flannel.yml#L55-L73

[fengyd2018]

Thanks for your answer.

I tried with portmappign enabled, but hostPort cannot work.
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

I just reset the kubernetes cluster and install it again, and hostPort can work now.

[fengyd2018]

I think the kubernetes docs should be updated
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/

In (3/4) Installing a pod network, the flannel version is still v0.9.1.
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml

[m11y]

I encounter the same problem, any updates?

[m11y]

Download cni plugins binaries and put it in /opt/cni/bin solve my problem.

[aronica]

Download cni plugins binaries and put it in /opt/cni/bin solve my problem.

This works for me with kubelet version v1.8.1

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.