1

I am trying to setup an LXC container (debian) as a Kubernetes node. I am so far that the only thing in the way is the kubeadm init script...

error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR SystemVerification]: failed to parse kernel config: unable to load kernel module: "configs", output: "modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/5.4.44-2-pve/modules.dep.bin'\nmodprobe: FATAL: Module configs not found in directory /lib/modules/5.4.44-2-pve\n", err: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

After some research I figured out that I probably need to add the following: linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay But adding this to /etc/pve/lxc/107.conf doesn't do anything.

Does anybody have a clue how to add the linux kernel modules?

Rico
  • 58,485
  • 12
  • 111
  • 141
kevingoos
  • 3,785
  • 4
  • 36
  • 63
  • LXCs would run atop your hosts kernel. You might want to try loading these on the Proxmox hosts themselves instead. – SYN Aug 15 '20 at 14:38
  • @SYN yes that is indeed also possible, but I find it cleaner to run them in containers. This gives me a good seperation, and also I can run multiple nodes on my one server (for lab testing). I could also do it in VM's but then I need to install the full operating system again... – kevingoos Aug 15 '20 at 17:17

3 Answers3

2

To allow load with modprobe any modules inside privileged proxmox lxc container, you need add this options to container config:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
lxc.mount.auto: proc:rw sys:rw
lxc.mount.entry: /lib/modules lib/modules none bind 0 0

before that, you must first create the /lib/modules folder inside the container

Ruslan Ryngach
  • 21
  • 4
1

I'm not sure what guide you are following but assuming that you have the required kernel modules on the host, this would do it:

lxc config set my-container linux.kernel_modules overlay

You can follow this guide from K3s too. Basically:

lxc config edit k3s-lxc

and

config:
  linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
  raw.lxc: lxc.mount.auto=proc:rw sys:rw
  security.privileged: "true"
  security.nesting: "true"

✌️

Rico
  • 58,485
  • 12
  • 111
  • 141
  • so I tried this, but this command doesn't work on proxmox. LXC is unkown, I don't know how they implements LXC on proxmox – kevingoos Aug 19 '20 at 21:03
  • Can you see the LXC version there? – Rico Aug 19 '20 at 21:29
  • 1
    proxmox doesn't know the LCX command, so I have no clue how they implemented it. But after a lot of trying I am just going to use a VM. Maybe somebody will figure it out in the future – kevingoos Sep 02 '20 at 12:50
1

For the fix ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file run from the host:

pct set $VMID --mp0 /usr/lib/modules/$(uname -r),mp=/lib/modules/$(uname -r),ro=1,backup=0

For the fix [ERROR SystemVerification]: failed to parse kernel config run from the host:

pct push $VMID /boot/config-$(uname -r) /boot/config-$(uname -r)

Where $VMID is your container id.

qRoC
  • 183
  • 1
  • 4
  • 13
  • The kernel config fix worked for me, though in the future it might be helpful to elaborate on what the command will do. For reference, that module error isn't _actually_ a missing module. kubeadm needs the kernel config to do certain things during the init, and when it doesn't have it, it tries to modprobe that module. So, the pct push command copies the kernel config file from the host machine with the running kernel into the path kubeadm expects to find the config on the LXC container. The container doesn't have it by default, since they run on top of the host's kernel. – garrettmills Mar 04 '22 at 03:59
  • 1
    not working for me, ``` lxc-start: 101: ../src/lxc/start.c: __lxc_start: 2008 Failed to initialize container "101" lxc-start: 101: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start lxc-start: 101: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options ``` – Derek Zhu Oct 27 '22 at 05:35