Failed to create bridge cni0

[kygx-legend]

After running sudo k3s server & in a master node and sudo k3s agent --server https://master:6443 --token {} in a worker node, I got the error as below:

E0306 12:24:17.726312   29720 pod_workers.go:190] Error syncing pod a22d9673-3fc6-11e9-8d02-000c29013dd9 ("coredns-7748f7f6df-hwmpt_kube-system(a22d9673-3fc6-11e9-8d02-000c29013dd9)"), skipping: failed to "CreatePodSandbox" for "coredns-7748f7f6df-hwmpt_kube-system(a22d9673-3fc6-11e9-8d02-000c29013dd9)" with CreatePodSandboxError: "CreatePodSandbox for pod \"coredns-7748f7f6df-hwmpt_kube-system(a22d9673-3fc6-11e9-8d02-000c29013dd9)\" failed: rpc error: code = Unknown desc = failed to setup network for sandbox \"69c3e061d44fa7838606840c46c10d60aa6513bf4b326fe2cf611afe8c2ed142\": failed to create bridge \"cni0\": could not add \"cni0\": operation not supported"

Any idea to solve this problem? Thank you!

[pwFoo]

During tests I think I had similar problems. VXLAN and BRIDGE_NETFILTER enabled / loaded?

[ibuildthecloud]

@kygx-legend My guess is that your kernel does not support bridges. A good sanity test is "does Docker run on this host fine?" If docker won't work there's a good chance your kernel doesn't have the bits needed for k3s.

[kygx-legend]

@pwFoo Thanks! But how to check if they are enabled? Both net.ipv4.ip_forward and net.bridge.bridge-nf-call-iptables are 1.

@ibuildthecloud I have the same guess as yours. Then I tried on another node where the docker is runnable. But the agent is still not running and keeps logging as:

INFO[2019-03-06T15:14:43.371199980+08:00] Waiting for containerd startup: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial unix /run/k3s/containerd/containerd.sock: connect: no such file or directory"
INFO[2019-03-06T15:14:44.372515086+08:00] Waiting for containerd startup: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService
INFO[2019-03-06T15:14:45.373459246+08:00] Waiting for containerd startup: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService
INFO[2019-03-06T15:14:46.374438840+08:00] Waiting for containerd startup: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService

[kondor6c]

@kygx-legend Are you still having these issues? What distribution are you using?

One thought I had after overcoming something similar to this was that you might need to add kernel boot options. I stumbled across this while trying address my own CNI driver issues due to the fact that I did not have CONFIG_BRIDGE_VLAN_FILTERING: enabled in my kernel.

I created https://bugs.gentoo.org/show_bug.cgi?id=690054 for a check to be added

[kygx-legend]

@kondor6c Thanks for your reply! We're using CentOS 7. We may look into the kernel if so. Is the kernel required to be above any version?

[kondor6c]

CentOS 7 should absolutely have that, and I don't believe you would be encountering any version issue. What package of docker or are you using a different runtime? What do your interfaces look like? do you see any other errors at the exact time of the output, specifically in /var/log/audit.log?

[alexellis]

I got a similar error on RPi3 / Raspbian trying to use a bridge from CNI. Did anyone get anywhere with this?

[carlosedp]

Found something here: containernetworking/plugins#370 (comment)

Reverting to CNI plugins v0.7.5 fixed. Will investigate further.

[brandond]

Closing due to age.