I try to install Consul HA to configure my Vault HA on OpenShift platform. I am first using Consul Helm chart to install it and I can successfully install it using some SCC for my client and server serviceAccounts. Later on, I wanted to deploy consul with ACL init through this helm but I am facing an error.
First installing consul with helm :
helm upgrade -i consul-ha --namespace vault consul/ --set ui.enabled=true --set global.acls.manageSystemACLs=true
Then my pods quickly go into error :
oc get pods
NAME READY STATUS RESTARTS AGE
consul-ha-consul-622vr 0/1 Init:0/1 0 43s
consul-ha-consul-kxj4n 0/1 Init:0/1 0 43s
consul-ha-consul-server-0 0/1 Running 0 43s
consul-ha-consul-server-1 0/1 ContainerCreating 0 43s
consul-ha-consul-server-2 0/1 Pending 0 43s
consul-ha-consul-server-acl-init-8jf44 0/1 Error 0 33s
consul-ha-consul-server-acl-init-cleanup-dg5dk 0/1 ContainerCreating 0 14s
consul-ha-consul-server-acl-init-cleanup-xfq4m 0/1 Error 0 42s
consul-ha-consul-server-acl-init-l86r6 0/1 Error 0 43s
consul-ha-consul-wz4mf 0/1 Init:0/1 0 43s
I get this error on describing acl-init pod :
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned vault/consul-ha-consul-server-acl-init-hrsk2 to compute-1
Warning Failed 2m12s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:12Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 2m3s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:22Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:22Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 114s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:31Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1372777/ns/ipc: No such file or directory"
time="2020-10-05T07:46:31Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:46:31Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 103s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:42Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:42Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 94s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:51Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:51Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 81s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:04Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1376195/ns/ipc: No such file or directory"
time="2020-10-05T07:47:04Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:04Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 73s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:12Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1377778/ns/ipc: No such file or directory"
time="2020-10-05T07:47:12Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Normal SandboxChanged 62s (x8 over 2m12s) kubelet, compute-1 Pod sandbox changed, it will be killed and re-created.
Warning Failed 62s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:23Z" level=warning msg="signal: killed"
time="2020-10-05T07:47:23Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Normal Pulled 56s (x9 over 2m19s) kubelet, compute-1 Container image "hashicorp/consul-k8s:0.18.1" already present on machine
I can't figure out what's going on. Any idea on this ?