This message was deleted Rancher Users #general

Join Slack

This message was deleted.

# general

adamant-kite-43734

01/12/2023, 6:50 PM

This message was deleted.

big-jordan-45387

01/12/2023, 7:19 PM

Not sure this is relevant...

Copy code

nid003207:~ # ipset
ipset v6.36: No command specified.
Try `ipset help' for more information.

creamy-pencil-82913

01/12/2023, 7:22 PM

Copy code

Kernel error received: set type not supported

Looks like your kernel is too old?

big-jordan-45387

01/12/2023, 7:22 PM

it is suse enterprise 15.3

big-jordan-45387

01/12/2023, 7:22 PM

but yeah I am checking if I can update ipset to 7.11 or so

creamy-pencil-82913

01/12/2023, 7:22 PM

its not the ipset binary thats the problem

creamy-pencil-82913

01/12/2023, 7:23 PM

as it says, the kernel doesn’t support the set type that calico wants to use

creamy-pencil-82913

01/12/2023, 7:24 PM

either that or you’re missing kernel modules, not sure which

creamy-pencil-82913

01/12/2023, 7:24 PM

https://github.com/kubernetes/minikube/pull/1697

creamy-pencil-82913

01/12/2023, 7:25 PM

can you

modprobe xt_set

big-jordan-45387

01/12/2023, 7:25 PM

I think so, at leat it does not compalin

creamy-pencil-82913

01/12/2023, 7:25 PM

does that fix the error?

big-jordan-45387

01/12/2023, 7:25 PM

let me check

big-jordan-45387

01/12/2023, 7:26 PM

should I kill the calico pod?

creamy-pencil-82913

01/12/2023, 7:26 PM

sure

big-jordan-45387

01/12/2023, 7:27 PM

same error

creamy-pencil-82913

01/12/2023, 7:28 PM

interesting

creamy-pencil-82913

01/12/2023, 7:28 PM

what kernel version are you on?

creamy-pencil-82913

01/12/2023, 7:28 PM

We test on SLES 15.3 and 15.4 and have not run into that issue

big-jordan-45387

01/12/2023, 7:29 PM

Copy code

nid003207:~ # uname -r
5.3.18-150300.59.68_11.0.76-cray_shasta_c

big-jordan-45387

01/12/2023, 7:30 PM

ppl from calico are saying I should update the ipset in my kernel to match the one calico expects

creamy-pencil-82913

01/12/2023, 7:31 PM

that looks like a custom kernel

creamy-pencil-82913

01/12/2023, 7:31 PM

I suspect that whoever built it didn’t enable all the correct ipset options

creamy-pencil-82913

01/12/2023, 7:32 PM

see: https://github.com/weaveworks/weave/issues/3062#issuecomment-315335046

creamy-pencil-82913

01/12/2023, 7:32 PM

If you’re running a custom kernel that’s on you (or your sysadmin) to ensure that it has all the same bits as the default SLES kernel, otherwise things will break

big-jordan-45387

01/12/2023, 7:33 PM

yeah

big-jordan-45387

01/12/2023, 7:33 PM

true

creamy-pencil-82913

01/12/2023, 7:38 PM

you might see if canal fares any better but I suspect you’ll run into the same problem

big-jordan-45387

01/12/2023, 7:39 PM

mmm I tried cilium and had the same issue, but yeah I can try canal also

big-jordan-45387

01/12/2023, 7:39 PM

first I am trying to update the ipset and see if I get things working

creamy-pencil-82913

01/12/2023, 7:40 PM

its really the kernel and not the binary…

big-jordan-45387

01/12/2023, 10:08 PM

with canal works

big-jordan-45387

01/12/2023, 10:08 PM

it is weird because is also shows the same error message

big-jordan-45387

01/12/2023, 10:09 PM

so this tells me the issues is not with ipset when using calico

big-jordan-45387

01/12/2023, 11:50 PM

ipset 7.17 requires kernel >= 3.11 https://ipset.netfilter.org/install.html so my kernel should be ok to run calico

creamy-pencil-82913

01/12/2023, 11:51 PM

right but there are different ipset hash algs and set types, the ipset binary and kernel have to both support the ones that the CNI is trying to use.

creamy-pencil-82913

01/12/2023, 11:51 PM

the error suggests that the ipset command is OK with it, but the kernel is not

big-jordan-45387

01/12/2023, 11:55 PM

ok, let me keep investigating

big-jordan-45387

01/12/2023, 11:56 PM

its is weird canal works however it uses an older version of calico which uses ipset6

95 Views

Open in Slack

Previous Next