Skip to content

rootless docker in kubernetes: "getting the final child's pid from pipe caused \"EOF\"": unknown" #40068

Closed
#42189
Closed
rootless docker in kubernetes: "getting the final child's pid from pipe caused \"EOF\"": unknown"#40068
#42189
Labels
area/rootlessRootless Modekind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.
Milestone
20.10.6
@lukasheinrich

Description

@lukasheinrich
lukasheinrich
opened on Oct 10, 2019

I am trying to run rootless docker-in-docker deployed on Kubernetes, where the docker daemon is deployed using this manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: rootless
  name: rootless
spec:
  replicas: 1
  selector:
    matchLabels:
      run: rootless
  template:
    metadata:
      labels:
        run: rootless
    spec:
      containers:
      - image: docker:19.03.1-dind-rootless
        name: rootless
        command:
        - sh
        - -c
        - dockerd-entrypoint.sh --experimental --storage-driver=vfs
        securityContext:
          runAsUser: 1000
          allowPrivilegeEscalation: true
          privileged: true
        resources: {}
status: {}

The daemon seems to start up fine but kubectl exec'ing into the pod, setting the DOCKER_HOST and attempting to run a container seems to break

kubctl create -f rootless.yml
kubectl exec -it rootless-7c94dcc5d7-gplvm sh
/ $ export DOCKER_HOST=unix:///run/user/1000/docker.sock
/ $ docker run --rm -it  busybox sh
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:303: getting the final child's pid from pipe caused \"EOF\"": unknown.
/ $ command terminated with exit code 125

The dockerd daemon logs are collected in this gist

https://gist.github.com/lukasheinrich/e23c00240afed83066978dab8c354f52#file-logs

kubectl version gives

Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.3", GitCommit:"5e53fd6bc17c0dec8434817e69b04a25d8ae0ff0", GitTreeState:"archive", BuildDate:"2019-06-18T20:40:14Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.3", GitCommit:"435f92c719f279a3a67808c80521ea17d5715c66", GitTreeState:"clean", BuildDate:"2018-11-26T12:46:57Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}

cc @AkihiroSuda @rochaporto

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/rootlessRootless Modekind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions