Welcome to the Linux Foundation Forum!

Lab 3.6 RuntimeHandler "runsc" not supported

Exercise 3.6: Leverage Secure Runtimes
I've Installed Kubernetes using containerd following "containerd-setup.txt". For some reason, I install docker as well before kubeadm inited. Then I came to "4. Check the state of the pod." step by step following "Exercise 3.6: Leverage Secure Runtimes". Here encounter a problem:

john@ubuntu:~$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default simple-gvisor 0/1 ContainerCreating 0 4h23m

john@ubuntu:~$ sudo kubectl describe pod simple-gvisor
Name: simple-gvisor
Namespace: default
Priority: 0
Node: ubuntu/10.0.3.151
Start Time: Mon, 29 Nov 2021 17:06:17 +0800
Labels:
Annotations:
Status: Pending
IP:
IPs:
Containers:
secure-nginx:
Container ID:
Image: nginx
Image ID:
Port:
Host Port:
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-l2dgg (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-l2dgg:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 4h25m default-scheduler Successfully assigned default/simple-gvisor to ubuntu
Warning FailedCreatePodSandBox 4h15m (x48 over 4h25m) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = RuntimeHandler "runsc" not supported


Another Pod with nginx image and deafault runtime running .
john@ubuntu:~$ cat doc-gvisor.yaml
apiVersion: v1
kind: Pod
metadata:
name: doc-gvisor
spec:
containers:
- name: secure-nginx
image: nginx

john@ubuntu:~$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default doc-gvisor 1/1 Running 0 5m21s


Any help? Thanks

Answers

  • Hi @rockhai,

    I would recommend removing docker and reconfiguring containerd and kubelet. Kubelet seems to default to docker if found on a node.

    Regards,
    -Chris

  • Yes ,the pod "simple-gvisor" could runing well without a docker runtime installing.
    Thanks a lot @chrispokorni

Categories

Upcoming Training