-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
virtualbox: change default host-only-cidr
#12811
virtualbox: change default host-only-cidr
#12811
Conversation
Welcome @nbusseneau! |
Hi @nbusseneau. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can one of the admins verify this patch? |
fdc3ec8
to
c2385eb
Compare
Output of # ./out/minikube start --driver=virtualbox
😄 minikube v1.23.2 on Ubuntu 18.04
✨ Using the virtualbox driver based on user configuration
💿 Downloading VM boot image ...
> minikube-v1.23.1-1633115168...: 65 B / 65 B [----------] 100.00% ? p/s 0s
> minikube-v1.23.1-1633115168...: 225.55 MiB / 225.55 MiB 100.00% 5.30 MiB
👍 Starting control plane node minikube in cluster minikube
🔥 Creating virtualbox VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
🐳 Preparing Kubernetes v1.22.2 on Docker 20.10.8 ...
▪ Generating certificates and keys ...
▪ Booting up control plane ...
▪ Configuring RBAC rules ...
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🔎 Verifying Kubernetes components...
🌟 Enabled addons: storage-provisioner, default-storageclass
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default Behaviour is now identical to passing @ reviewers: I'm a bit confused as I ran the commands as instructed in https://github.com/kubernetes/community/blob/b9266ed1a2365d4f83b559c521a2b6ee73bbe20f/contributors/guide/pull-requests.md#run-local-verifications, however only # make verify
make: *** No rule to make target 'verify'. Stop.
# make test
MINIKUBE_LDFLAGS="-X k8s.io/minikube/pkg/version.version=v1.23.2 -X k8s.io/minikube/pkg/version.isoVersion=v1.23.1-1633115168-12081 -X k8s.io/minikube/pkg/version.gitCommitID="c2385ebfbc10f1eff07769f76422b1c99c4786c1" -X k8s.io/minikube/pkg/version.storageProvisionerVersion=v5" ./test.sh
= make lint =============================================================
ok
= go mod ================================================================
ok
= boilerplate ===========================================================
ok
= schema_check ==========================================================
ok
= go test ===============================================================
ok k8s.io/minikube/cmd/minikube/cmd 0.246s coverage: 19.1% of statements
ok k8s.io/minikube/cmd/minikube/cmd/config 0.106s coverage: 21.0% of statements
ok k8s.io/minikube/pkg/addons 0.113s coverage: 25.2% of statements
ok k8s.io/minikube/pkg/drivers 0.018s coverage: 18.9% of statements
ok k8s.io/minikube/pkg/drivers/hyperkit 0.034s coverage: 77.3% of statements
ok k8s.io/minikube/pkg/drivers/kic/oci 6.096s coverage: 20.0% of statements
ok k8s.io/minikube/pkg/drivers/kvm 0.019s coverage: 4.1% of statements
ok k8s.io/minikube/pkg/minikube/assets 0.081s coverage: 20.5% of statements
ok k8s.io/minikube/pkg/minikube/audit 0.023s coverage: 72.8% of statements
ok k8s.io/minikube/pkg/minikube/bootstrapper 0.798s coverage: 48.1% of statements
ok k8s.io/minikube/pkg/minikube/bootstrapper/bsutil 0.108s coverage: 61.6% of statements
ok k8s.io/minikube/pkg/minikube/bootstrapper/bsutil/ktmpl 0.052s coverage: 100.0% of statements
ok k8s.io/minikube/pkg/minikube/bootstrapper/images 0.016s coverage: 97.2% of statements
ok k8s.io/minikube/pkg/minikube/cluster 0.104s coverage: 13.3% of statements
ok k8s.io/minikube/pkg/minikube/command 0.103s coverage: 12.4% of statements
ok k8s.io/minikube/pkg/minikube/config 0.076s coverage: 71.9% of statements
ok k8s.io/minikube/pkg/minikube/cruntime 0.073s coverage: 28.8% of statements
ok k8s.io/minikube/pkg/minikube/docker 0.087s coverage: 20.8% of statements
ok k8s.io/minikube/pkg/minikube/download 1.045s coverage: 25.3% of statements
ok k8s.io/minikube/pkg/minikube/driver 0.016s coverage: 49.0% of statements
ok k8s.io/minikube/pkg/minikube/driver/auxdriver 0.041s coverage: 19.0% of statements
ok k8s.io/minikube/pkg/minikube/extract 0.035s coverage: 59.5% of statements
ok k8s.io/minikube/pkg/minikube/image 0.019s coverage: 5.1% of statements
ok k8s.io/minikube/pkg/minikube/kubeconfig 0.028s coverage: 81.5% of statements
ok k8s.io/minikube/pkg/minikube/localpath 0.015s coverage: 47.4% of statements
ok k8s.io/minikube/pkg/minikube/logs 0.078s coverage: 0.8% of statements
ok k8s.io/minikube/pkg/minikube/machine 0.138s coverage: 20.4% of statements
ok k8s.io/minikube/pkg/minikube/mustload 0.074s coverage: 10.5% of statements
ok k8s.io/minikube/pkg/minikube/notify 0.098s coverage: 83.3% of statements
ok k8s.io/minikube/pkg/minikube/out 0.097s coverage: 66.4% of statements
ok k8s.io/minikube/pkg/minikube/out/register 0.028s coverage: 55.4% of statements
ok k8s.io/minikube/pkg/minikube/perf 4.026s coverage: 21.2% of statements
ok k8s.io/minikube/pkg/minikube/proxy 0.101s coverage: 68.7% of statements
ok k8s.io/minikube/pkg/minikube/reason 0.011s coverage: 70.0% of statements
ok k8s.io/minikube/pkg/minikube/registry 0.014s coverage: 77.0% of statements
ok k8s.io/minikube/pkg/minikube/registry/drvs/docker 0.066s coverage: 20.2% of statements
ok k8s.io/minikube/pkg/minikube/service 0.033s coverage: 84.2% of statements
ok k8s.io/minikube/pkg/minikube/shell 0.026s coverage: 94.4% of statements
ok k8s.io/minikube/pkg/minikube/storageclass 0.021s coverage: 100.0% of statements
ok k8s.io/minikube/pkg/minikube/style 0.015s coverage: 100.0% of statements
ok k8s.io/minikube/pkg/minikube/sysinit 0.045s coverage: 4.5% of statements
ok k8s.io/minikube/pkg/minikube/translate 0.052s coverage: 45.5% of statements
ok k8s.io/minikube/pkg/minikube/tunnel 1.452s coverage: 63.8% of statements
ok k8s.io/minikube/pkg/util 0.543s coverage: 75.7% of statements
ok k8s.io/minikube/pkg/util/lock 0.003s coverage: 22.2% of statements
ok k8s.io/minikube/pkg/util/retry 0.002s coverage: 0.0% of statements
ok
# make test-integration
make: *** No rule to make target 'test-integration'. Stop. So I instead ran |
/ok-to-test |
kvm2 driver with docker runtime
Times for minikube start: 49.2s 46.8s 47.8s 48.1s 48.4s Times for minikube ingress: 32.3s 32.8s 31.3s 32.3s 32.2s docker driver with docker runtime
Times for minikube (PR 12811) start: 21.0s 21.2s 22.5s 22.2s 21.3s Times for minikube ingress: 27.9s 27.9s 34.4s 28.5s 36.4s docker driver with containerd runtime
Times for minikube start: 26.6s 43.2s 29.5s 43.9s 43.7s Times for minikube ingress: 34.9s 33.9s 33.9s 33.9s 36.9s |
These are the flake rates of all failed tests.
To see the flake rates of all tests by environment, click here. |
Question: do you want me to add a note in the I suppose this would avoid some users reporting issues in here thinking it has to do with Minikube when it is not the case. |
Hi @nbusseneau, how does this change work with older versions of VirtualBox? ie. Will this break working with older versions or will it still work fine? |
I can confirm this change works with Virtualbox 6.1.8, which I think is sufficiently old. |
This would be great yeah. Extra documentation is always a good idea. |
We change the default `--host-only-cidr` to `192.168.59.1/24` in order to be compatible with the new default host-only networking restrictions implemented in VirtualBox 6.1.28. This fixes access denied errors on `minikube start` when using VirtualBox >= 6.1.28: ``` VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available) VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp ``` More details: VirtualBox 6.1.28 introduced new restrictions on host-only networking: https://www.virtualbox.org/wiki/Changelog-6.1#v28 Manual: https://www.virtualbox.org/manual/ch06.html#network_hostonly > On Linux, Mac OS X and Solaris Oracle VM VirtualBox will only allow IP > addresses in 192.68.56.0/21 range to be assigned to host-only > adapters. For IPv6 only link-local addresses are allowed. If other > ranges are desired, they can be enabled by creating > /etc/vbox/networks.conf and specifying allowed ranges there. For > example, to allow 10.0.0.0/8 and 192.168.0.0/16 IPv4 ranges as well as > 2001::/64 range put the following lines into /etc/vbox/networks.conf: > > * 10.0.0.0/8 192.168.0.0/16 > * 2001::/64 > > Lines starting with the hash # are ignored. Next example allows any > addresses, effectively disabling range control: > > * 0.0.0.0/0 ::/0 These new restrictions manifest in the form of the following issue on `minikube start` due to the default `--host-only-cidr` used by the VirtualBox driver being `192.168.99.1/24`: ```console 😄 minikube v1.23.2 on Ubuntu 18.04 ✨ Using the virtualbox driver based on user configuration 👍 Starting control plane node minikube in cluster minikube 🔥 Creating virtualbox VM (CPUs=2, Memory=6000MB, Disk=20000MB) ... 🔥 Deleting "minikube" in virtualbox ... 🤦 StartHost failed, but will try again: creating host: create: creating: Error setting up host only network on machine start: /usr/bin/VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.99.1 --netmask 255.255.255.0 failed: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available) VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp 🔥 Creating virtualbox VM (CPUs=2, Memory=6000MB, Disk=20000MB) ... 😿 Failed to start virtualbox VM. Running "minikube delete" may fix it: creating host: create: creating: Error setting up host only network on machine start: /usr/bin/VBoxManage hostonlyif ipconfig vboxnet1 --ip 192.168.99.1 --netmask 255.255.255.0 failed: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available) VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp ❌ Exiting due to GUEST_PROVISION: Failed to start host: creating host: create: creating: Error setting up host only network on machine start: /usr/bin/VBoxManage hostonlyif ipconfig vboxnet1 --ip 192.168.99.1 --netmask 255.255.255.0 failed: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available) VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp ╭───────────────────────────────────────────────────────────────────────────────────────────╮ │ │ │ 😿 If the above advice does not help, please let us know: │ │ 👉 https://github.com/kubernetes/minikube/issues/new/choose │ │ │ │ Please run `minikube logs --file=logs.txt` and attach logs.txt to the GitHub issue. │ │ │ ╰───────────────────────────────────────────────────────────────────────────────────────────╯ ``` While the above is the primary error, other errors will be reported if the adapter already exists (this happens when the adapter was created before updating to VirtualBox 6.1.28, on a version of VirtualBox without the new restrictions). Some examples: ``` ❌ Exiting due to IF_VBOX_NOT_VISIBLE: Failed to start host: creating host: create: creating: Error setting up host only network on machine start: The host-only adapter we just created is not visible. This is a well known VirtualBox bug. You might want to uninstall it and reinstall at least version 5.0.12 that is is supposed to fix this issue ``` ``` ❌ minikube is unable to connect to the VM: dial tcp 192.168.99.112:22: i/o timeout This is likely due to one of two reasons: - VPN or firewall interference - virtualbox network configuration issue Suggested workarounds: - Disable your local VPN or firewall software - Configure your local VPN or firewall to allow access to 192.168.99.112 - Restart or reinstall virtualbox - Use an alternative --vm-driver - Use --force to override this connectivity check ❌ Exiting due to GUEST_PROVISION: Failed to validate network: dial tcp 192.168.99.112:22: i/o timeout ``` When switching to a valid CIDR, `minikube start` works as usual: ```console 😄 minikube v1.23.2 on Ubuntu 18.04 ✨ Using the virtualbox driver based on user configuration 👍 Starting control plane node minikube in cluster minikube 🔥 Creating virtualbox VM (CPUs=2, Memory=6000MB, Disk=20000MB) ... 🐳 Preparing Kubernetes v1.22.2 on Docker 20.10.8 ... ▪ Generating certificates and keys ... ▪ Booting up control plane ... ▪ Configuring RBAC rules ... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🔎 Verifying Kubernetes components... 🌟 Enabled addons: storage-provisioner, default-storageclass 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default ``` Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
c2385eb
to
02a43c5
Compare
This should have no impact on older VirtualBox versions as we only change the default CIDR used by Minikube so that it is compatible with new restrictions in 6.1.28, and there were no such restrictions in prior versions. So there is no "restriction conflict" and no need to handle a different default value per VirtualBox version, in case that was your question ^^ I can confirm at least that my local build of Minikube with the PR changes using this new CIDR by default works fine after downgrading to VirtualBox 6.0.24.
Added, PTAL :) |
Question: are the CI issues expected? Did the CIDR change mess up some kind of test expectation which I'd missed? |
kvm2 driver with docker runtime
Times for minikube ingress: 30.3s 30.8s 30.7s 30.8s 31.8s Times for minikube start: 49.8s 47.0s 47.7s 46.3s 46.2s docker driver with docker runtime
Times for minikube start: 21.8s 22.2s 22.0s 22.1s 21.1s Times for minikube ingress: 35.9s 26.4s 34.4s 35.9s 34.9s docker driver with containerd runtime
Times for minikube (PR 12811) start: 43.5s 42.9s 44.3s 43.6s 43.7s Times for minikube ingress: 34.9s 75.9s 32.9s 36.9s 29.4s |
These are the flake rates of all failed tests.
To see the flake rates of all tests by environment, click here. |
Yeah, the CI failures are test flakes, not due to this change at all. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nbusseneau, sharifelgamal The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
We change the default
--host-only-cidr
to192.168.59.1/24
in order to be compatible with the new default host-only networking restrictions implemented in VirtualBox 6.1.28.This fixes access denied errors on
minikube start
when using VirtualBox >= 6.1.28:More details:
VirtualBox 6.1.28 introduced new restrictions on host-only networking: https://www.virtualbox.org/wiki/Changelog-6.1#v28
Manual: https://www.virtualbox.org/manual/ch06.html#network_hostonly
These new restrictions manifest in the form of the following issue on
minikube start
due to the default--host-only-cidr
used by the VirtualBox driver being192.168.99.1/24
:While the above is the primary error, other errors will be reported if the adapter already exists (this happens when the adapter was created before updating to VirtualBox 6.1.28, on a version of VirtualBox without the new restrictions). Some examples:
❌ Exiting due to IF_VBOX_NOT_VISIBLE: Failed to start host: creating host: create: creating: Error setting up host only network on machine start: The host-only adapter we just created is not visible. This is a well known VirtualBox bug. You might want to uninstall it and reinstall at least version 5.0.12 that is is supposed to fix this issue
When switching to a valid CIDR,
minikube start
works as usual:fixes #12765