microk8s

microk8s copied to clipboard

Summary

I have an installation of microk8s v1.19.15 running in LXD which has been working well for a long time. Today it's not running and whenever I run microk8s command I get the error execv failed: Permission denied

What Should Happen Instead?

Any microk8s command such as microk8s status to do what is expected.

Reproduction Steps

This is a system that has been running for a long time and this problem has only just happened so it's difficult to reproduce.

Introspection Report

microk8s inspect gives the same error

Hi @sstubbs, this looks like an issue with AppArmor profiles not being applied correctly. Can you check if the "Load AppArmor profiles on boot" section in https://microk8s.io/docs/install-lxd could help?

Hi @neoaggelos, thanks for leading me in the right direction. I was worried the file being run by exec was corrupt or something along those lines luckily it isn't. I went through the docs like you suggest. I had this in the lxd profile:

  aadisable:
    path: /sys/module/nf_conntrack/parameters/hashsize
    source: /sys/module/nf_conntrack/parameters/hashsize
    type: disk
  aadisable1:
    path: /sys/module/apparmor/parameters/enabled
    source: /dev/null
    type: disk
  aadisable2:
    path: /dev/kmsg
    source: /dev/kmsg
    type: disk

Instead of what is in the docs:

  aadisable:
    path: /sys/module/nf_conntrack/parameters/hashsize
    source: /sys/module/nf_conntrack/parameters/hashsize
    type: disk
  aadisable2:
    path: /dev/kmsg
    source: /dev/kmsg
    type: unix-char
  aadisable3:
    path: /sys/fs/bpf
    source: /sys/fs/bpf
    type: disk
  aadisable4:
    path: /proc/sys/net/netfilter/nf_conntrack_max
    source: /proc/sys/net/netfilter/nf_conntrack_max
    type: disk

Changing this has resolved the issue. I guess it's changed over time. Thanks for the help.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.