k3s doesn't work on Chrome OS Crostini

[wpwoodjr]

Describe the bug k3s fails on Crostini

To Reproduce Install k3s and attempt to start Kubernetes cluster

Expected behavior Kubernetes cluster starts

Actual behavior Cluster fails to start

Additional context Speaking with Darren Sheperd at Kubecon, he said that k3s would need some changes to work in Crostini, if it was even possible. I'm opening this issue as a reminder to please look into it.

[staticfrost]

Really want this to work on my Pixelbook please.

[floriankoch]

It seems like the vxlan moduke is missing in the Crostini kernel

[localredhead]

Another pixelbook user here that needs this.

[kkarthik23]

Doen't work on my chromebook as well

k3s service starts but i get no node would be great if someone can add chromebook support when possible

Thanks

[keyonjie]

I am seeing the same issue. The logs show that we are lack of OVERLAY_FS and BRIDGE_NETFILTER support. Similar issue for minikube here: https://github.com/kubernetes/minikube/issues/6411

[kkimdev]

related:

• https://richrose.dev/posts/chromeos/productivity/chromeos-minikube/
• https://github.com/kubernetes-sigs/kind/issues/763#issuecomment-1219133506

[e-minguez]

Based on https://twitter.com/ibuildthecloud/status/1571718481133064193 & https://twitter.com/ibuildthecloud/status/1571736993725566976

I just tried as:

apt install -y fuse3
curl -sfL https://get.k3s.io | sh -s - --snapshotter fuse-overlayfs --kubelet-arg 'feature-gates=KubeletInUserNamespace=true' --kube-proxy-arg 'proxy-mode=ipvs' --write-kubeconfig-mode 0644

And it seems to work just fine:

eminguez@k3s:~$ k get po -A
NAMESPACE              NAME                                        READY   STATUS      RESTARTS      AGE
kube-system            helm-install-traefik-crd-w949j              0/1     Completed   0             111m
kube-system            helm-install-traefik-tqxt9                  0/1     Completed   2             111m
kube-system            metrics-server-668d979685-x9lc4             1/1     Running     0             111m
kubernetes-dashboard   dashboard-metrics-scraper-8c47d4b5d-h9n4d   1/1     Running     0             106m
kube-system            local-path-provisioner-7b7dc8d6f5-h48x4     1/1     Running     0             111m
kube-system            coredns-b96499967-bz897                     1/1     Running     0             111m
kube-system            traefik-7cd4fcff68-s5x8b                    1/1     Running     0             109m
kube-system            svclb-traefik-1b183594-vwsw8                2/2     Running     0             109m
kubernetes-dashboard   kubernetes-dashboard-67bd8fc546-6w5s4       1/1     Running     1 (13m ago)   106m
default                hello-world-nginx-66c656756f-rxx6r          1/1     Running     0             5m58s
default                hello-world-nginx-66c656756f-s9xrq          1/1     Running     0             5m58s
default                hello-world-nginx-66c656756f-222dw          1/1     Running     0             5m58s
eminguez@k3s:~$ k get ingress
NAME          CLASS    HOSTS   ADDRESS          PORTS   AGE
hello-world   <none>   *       100.115.92.198   80      6m
eminguez@k3s:~$ curl http://100.115.92.198
<html>
<head>
  <title>Hello World!</title>
</head>
<body>Hello World!</body>
</html>

[ibuildthecloud]

It doesn't fully work because iptables bridge filtering is not supported by the kernel. This will manifest itself easily by the fact that DNS is broken inside pods. Inside a pod just run "ping www.google.com" and you'll see the DNS fails to resolve. This is because the request going to 10.43.0.10 (for coredns) is not getting processed by the kube proxy iptables rules.

[ibuildthecloud]

Possibly there is an approach to use nftables instead of iptables. I haven't investigated that.

[brandond]

Not planning on adding ChromeOS support at this time.