Contour: Unable to deploy contour in a raspberry cluster

Created on 18 Oct 2020  路  11Comments  路  Source: projectcontour/contour

What steps did you take and what happened:
Following the default example from the website to deploy in a cluster

> kubectl apply -f https://projectcontour.io/quickstart/contour.yaml

What did you expect to happen:
Get contour deployed and all pods as Ready and Running

> kubectl get pods -n projectcontour -o wide

NAME                           READY   STATUS              RESTARTS   AGE   IP           NODE   NOMINATED NODE   READINESS GATES
contour-98d599f9f-47s99        0/1     ContainerCreating   0          42m   <none>       fc3    <none>           <none>
contour-98d599f9f-6bq9t        0/1     ContainerCreating   0          42m   <none>       fc4    <none>           <none>
contour-certgen-v1.9.0-vh26m   0/1     Error               0          42m   10.17.3.24   fc4    <none>           <none>
contour-certgen-v1.9.0-xv24n   0/1     Error               0          42m   10.17.1.51   fc2    <none>           <none>
envoy-b27cj                    0/2     Init:0/1            0          42m   <none>       fc3    <none>           <none>
envoy-bhc86                    0/2     Init:0/1            0          42m   <none>       fc1    <none>           <none>
envoy-w2hcv                    0/2     Init:0/1            0          42m   <none>       fc2    <none>           <none>
envoy-wwb29                    0/2     Init:0/1            0          42m   <none>       fc4    <none>           <none>

Anything else you would like to add:
Here's the fully description of all pods for contour

> kubectl describe pods -n projectcontour

Name:           contour-98d599f9f-47s99
Namespace:      projectcontour
Priority:       0
Node:           fc3/10.0.0.2
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=contour
                pod-template-hash=98d599f9f
Annotations:    prometheus.io/port: 8000
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/contour-98d599f9f
Containers:
  contour:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Ports:         8001/TCP, 8000/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      contour
    Args:
      serve
      --incluster
      --xds-address=0.0.0.0
      --xds-port=8001
      --envoy-service-http-port=80
      --envoy-service-https-port=443
      --contour-cafile=/certs/ca.crt
      --contour-cert-file=/certs/tls.crt
      --contour-key-file=/certs/tls.key
      --config-path=/config/contour.yaml
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8000/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
    Readiness:      tcp-socket :8001 delay=15s timeout=1s period=10s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      POD_NAME:           contour-98d599f9f-47s99 (v1:metadata.name)
    Mounts:
      /certs from contourcert (ro)
      /config from contour-config (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from contour-token-prnhw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  contourcert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contourcert
    Optional:    false
  contour-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      contour
    Optional:  false
  contour-token-prnhw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contour-token-prnhw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    43m                   default-scheduler  Successfully assigned projectcontour/contour-98d599f9f-47s99 to fc3
  Warning  FailedMount  21m (x3 over 41m)     kubelet, fc3       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contour-config contour-token-prnhw contourcert]: timed out waiting for the condition
  Warning  FailedMount  12m (x23 over 43m)    kubelet, fc3       MountVolume.SetUp failed for volume "contourcert" : secret "contourcert" not found
  Warning  FailedMount  7m32s (x4 over 36m)   kubelet, fc3       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contour-token-prnhw contourcert contour-config]: timed out waiting for the condition
  Warning  FailedMount  2m56s (x11 over 39m)  kubelet, fc3       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contourcert contour-config contour-token-prnhw]: timed out waiting for the condition


Name:           contour-98d599f9f-6bq9t
Namespace:      projectcontour
Priority:       0
Node:           fc4/10.0.0.3
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=contour
                pod-template-hash=98d599f9f
Annotations:    prometheus.io/port: 8000
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/contour-98d599f9f
Containers:
  contour:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Ports:         8001/TCP, 8000/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      contour
    Args:
      serve
      --incluster
      --xds-address=0.0.0.0
      --xds-port=8001
      --envoy-service-http-port=80
      --envoy-service-https-port=443
      --contour-cafile=/certs/ca.crt
      --contour-cert-file=/certs/tls.crt
      --contour-key-file=/certs/tls.key
      --config-path=/config/contour.yaml
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8000/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
    Readiness:      tcp-socket :8001 delay=15s timeout=1s period=10s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      POD_NAME:           contour-98d599f9f-6bq9t (v1:metadata.name)
    Mounts:
      /certs from contourcert (ro)
      /config from contour-config (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from contour-token-prnhw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  contourcert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contourcert
    Optional:    false
  contour-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      contour
    Optional:  false
  contour-token-prnhw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contour-token-prnhw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    43m                  default-scheduler  Successfully assigned projectcontour/contour-98d599f9f-6bq9t to fc4
  Warning  FailedMount  21m (x5 over 41m)    kubelet, fc4       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contourcert contour-config contour-token-prnhw]: timed out waiting for the condition
  Warning  FailedMount  12m (x23 over 43m)   kubelet, fc4       MountVolume.SetUp failed for volume "contourcert" : secret "contourcert" not found
  Warning  FailedMount  7m32s (x3 over 34m)  kubelet, fc4       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contour-config contour-token-prnhw contourcert]: timed out waiting for the condition
  Warning  FailedMount  2m59s (x6 over 36m)  kubelet, fc4       Unable to attach or mount volumes: unmounted volumes=[contourcert], unattached volumes=[contour-token-prnhw contourcert contour-config]: timed out waiting for the condition


Name:         contour-certgen-v1.9.0-vh26m
Namespace:    projectcontour
Priority:     0
Node:         fc4/10.0.0.3
Start Time:   Sun, 18 Oct 2020 12:43:18 +0200
Labels:       app=contour-certgen
              controller-uid=b03c6999-f2dc-4f9a-b224-0621f7fc767f
              job-name=contour-certgen-v1.9.0
Annotations:  <none>
Status:       Failed
IP:           10.17.3.24
IPs:
  IP:           10.17.3.24
Controlled By:  Job/contour-certgen-v1.9.0
Containers:
  contour:
    Container ID:  docker://b8c3657350b67762fd9cb1f7e08280d0bfd5d8eeddb32da82568051f69eb59c5
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:      docker-pullable://projectcontour/contour@sha256:abbc4b4343f4741fb790bce58c7667b83e9a093548fa05940535934a99ca4769
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
      certgen
      --kube
      --incluster
      --overwrite
      --secrets-format=compact
      --namespace=$(CONTOUR_NAMESPACE)
    State:          Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Sun, 18 Oct 2020 12:43:29 +0200
      Finished:     Sun, 18 Oct 2020 12:43:29 +0200
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from contour-certgen-token-d5vmw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  contour-certgen-token-d5vmw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contour-certgen-token-d5vmw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  43m   default-scheduler  Successfully assigned projectcontour/contour-certgen-v1.9.0-vh26m to fc4
  Normal  Pulling    43m   kubelet, fc4       Pulling image "docker.io/projectcontour/contour:v1.9.0"
  Normal  Pulled     43m   kubelet, fc4       Successfully pulled image "docker.io/projectcontour/contour:v1.9.0"
  Normal  Created    43m   kubelet, fc4       Created container contour
  Normal  Started    43m   kubelet, fc4       Started container contour


Name:         contour-certgen-v1.9.0-xv24n
Namespace:    projectcontour
Priority:     0
Node:         fc2/10.0.0.4
Start Time:   Sun, 18 Oct 2020 12:43:30 +0200
Labels:       app=contour-certgen
              controller-uid=b03c6999-f2dc-4f9a-b224-0621f7fc767f
              job-name=contour-certgen-v1.9.0
Annotations:  <none>
Status:       Failed
IP:           10.17.1.51
IPs:
  IP:           10.17.1.51
Controlled By:  Job/contour-certgen-v1.9.0
Containers:
  contour:
    Container ID:  docker://c19741d9f51945c3b6018daab3fe915edb7a3d2170117969762a73167e1b18e3
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:      docker-pullable://projectcontour/contour@sha256:abbc4b4343f4741fb790bce58c7667b83e9a093548fa05940535934a99ca4769
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
      certgen
      --kube
      --incluster
      --overwrite
      --secrets-format=compact
      --namespace=$(CONTOUR_NAMESPACE)
    State:          Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Sun, 18 Oct 2020 12:43:40 +0200
      Finished:     Sun, 18 Oct 2020 12:43:40 +0200
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from contour-certgen-token-d5vmw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  contour-certgen-token-d5vmw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  contour-certgen-token-d5vmw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  43m   default-scheduler  Successfully assigned projectcontour/contour-certgen-v1.9.0-xv24n to fc2
  Normal  Pulling    43m   kubelet, fc2       Pulling image "docker.io/projectcontour/contour:v1.9.0"
  Normal  Pulled     43m   kubelet, fc2       Successfully pulled image "docker.io/projectcontour/contour:v1.9.0"
  Normal  Created    43m   kubelet, fc2       Created container contour
  Normal  Started    43m   kubelet, fc2       Started container contour


Name:           envoy-b27cj
Namespace:      projectcontour
Priority:       0
Node:           fc3/10.0.0.2
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=envoy
                controller-revision-hash=5cd7b76f74
                pod-template-generation=1
Annotations:    prometheus.io/path: /stats/prometheus
                prometheus.io/port: 8002
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  DaemonSet/envoy
Init Containers:
  envoy-initconfig:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
    Args:
      bootstrap
      /config/envoy.json
      --xds-address=contour
      --xds-port=8001
      --resources-dir=/config/resources
      --envoy-cafile=/certs/ca.crt
      --envoy-cert-file=/certs/tls.crt
      --envoy-key-file=/certs/tls.key
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /certs from envoycert (ro)
      /config from envoy-config (rw)
Containers:
  shutdown-manager:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/contour
    Args:
      envoy
      shutdown-manager
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8090/healthz delay=3s timeout=1s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:         <none>
  envoy:
    Container ID:
    Image:         docker.io/envoyproxy/envoy:v1.15.1
    Image ID:
    Ports:         80/TCP, 443/TCP
    Host Ports:    80/TCP, 443/TCP
    Command:
      envoy
    Args:
      -c
      /config/envoy.json
      --service-cluster $(CONTOUR_NAMESPACE)
      --service-node $(ENVOY_POD_NAME)
      --log-level info
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Readiness:      http-get http://:8002/ready delay=3s timeout=1s period=4s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      ENVOY_POD_NAME:     envoy-b27cj (v1:metadata.name)
    Mounts:
      /certs from envoycert (rw)
      /config from envoy-config (rw)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  envoy-config:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  envoycert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  envoycert
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/disk-pressure:NoSchedule
                 node.kubernetes.io/memory-pressure:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute
                 node.kubernetes.io/pid-pressure:NoSchedule
                 node.kubernetes.io/unreachable:NoExecute
                 node.kubernetes.io/unschedulable:NoSchedule
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    43m                  default-scheduler  Successfully assigned projectcontour/envoy-b27cj to fc3
  Warning  FailedMount  21m (x8 over 41m)    kubelet, fc3       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoy-config envoycert]: timed out waiting for the condition
  Warning  FailedMount  12m (x23 over 43m)   kubelet, fc3       MountVolume.SetUp failed for volume "envoycert" : secret "envoycert" not found
  Warning  FailedMount  2m55s (x4 over 30m)  kubelet, fc3       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoycert envoy-config]: timed out waiting for the condition


Name:           envoy-bhc86
Namespace:      projectcontour
Priority:       0
Node:           fc1/10.0.0.1
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=envoy
                controller-revision-hash=5cd7b76f74
                pod-template-generation=1
Annotations:    prometheus.io/path: /stats/prometheus
                prometheus.io/port: 8002
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  DaemonSet/envoy
Init Containers:
  envoy-initconfig:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
    Args:
      bootstrap
      /config/envoy.json
      --xds-address=contour
      --xds-port=8001
      --resources-dir=/config/resources
      --envoy-cafile=/certs/ca.crt
      --envoy-cert-file=/certs/tls.crt
      --envoy-key-file=/certs/tls.key
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /certs from envoycert (ro)
      /config from envoy-config (rw)
Containers:
  shutdown-manager:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/contour
    Args:
      envoy
      shutdown-manager
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8090/healthz delay=3s timeout=1s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:         <none>
  envoy:
    Container ID:
    Image:         docker.io/envoyproxy/envoy:v1.15.1
    Image ID:
    Ports:         80/TCP, 443/TCP
    Host Ports:    80/TCP, 443/TCP
    Command:
      envoy
    Args:
      -c
      /config/envoy.json
      --service-cluster $(CONTOUR_NAMESPACE)
      --service-node $(ENVOY_POD_NAME)
      --log-level info
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Readiness:      http-get http://:8002/ready delay=3s timeout=1s period=4s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      ENVOY_POD_NAME:     envoy-bhc86 (v1:metadata.name)
    Mounts:
      /certs from envoycert (rw)
      /config from envoy-config (rw)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  envoy-config:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  envoycert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  envoycert
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/disk-pressure:NoSchedule
                 node.kubernetes.io/memory-pressure:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute
                 node.kubernetes.io/pid-pressure:NoSchedule
                 node.kubernetes.io/unreachable:NoExecute
                 node.kubernetes.io/unschedulable:NoSchedule
Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    43m                   default-scheduler  Successfully assigned projectcontour/envoy-bhc86 to fc1
  Warning  FailedMount  20m (x2 over 25m)     kubelet, fc1       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoycert envoy-config]: timed out waiting for the condition
  Warning  FailedMount  12m (x23 over 43m)    kubelet, fc1       MountVolume.SetUp failed for volume "envoycert" : secret "envoycert" not found
  Warning  FailedMount  2m51s (x16 over 41m)  kubelet, fc1       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoy-config envoycert]: timed out waiting for the condition


Name:           envoy-w2hcv
Namespace:      projectcontour
Priority:       0
Node:           fc2/10.0.0.4
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=envoy
                controller-revision-hash=5cd7b76f74
                pod-template-generation=1
Annotations:    prometheus.io/path: /stats/prometheus
                prometheus.io/port: 8002
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  DaemonSet/envoy
Init Containers:
  envoy-initconfig:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
    Args:
      bootstrap
      /config/envoy.json
      --xds-address=contour
      --xds-port=8001
      --resources-dir=/config/resources
      --envoy-cafile=/certs/ca.crt
      --envoy-cert-file=/certs/tls.crt
      --envoy-key-file=/certs/tls.key
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /certs from envoycert (ro)
      /config from envoy-config (rw)
Containers:
  shutdown-manager:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/contour
    Args:
      envoy
      shutdown-manager
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8090/healthz delay=3s timeout=1s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:         <none>
  envoy:
    Container ID:
    Image:         docker.io/envoyproxy/envoy:v1.15.1
    Image ID:
    Ports:         80/TCP, 443/TCP
    Host Ports:    80/TCP, 443/TCP
    Command:
      envoy
    Args:
      -c
      /config/envoy.json
      --service-cluster $(CONTOUR_NAMESPACE)
      --service-node $(ENVOY_POD_NAME)
      --log-level info
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Readiness:      http-get http://:8002/ready delay=3s timeout=1s period=4s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      ENVOY_POD_NAME:     envoy-w2hcv (v1:metadata.name)
    Mounts:
      /certs from envoycert (rw)
      /config from envoy-config (rw)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  envoy-config:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  envoycert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  envoycert
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/disk-pressure:NoSchedule
                 node.kubernetes.io/memory-pressure:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute
                 node.kubernetes.io/pid-pressure:NoSchedule
                 node.kubernetes.io/unreachable:NoExecute
                 node.kubernetes.io/unschedulable:NoSchedule
Events:
  Type     Reason       Age                 From               Message
  ----     ------       ----                ----               -------
  Normal   Scheduled    43m                 default-scheduler  Successfully assigned projectcontour/envoy-w2hcv to fc2
  Warning  FailedMount  27m (x3 over 39m)   kubelet, fc2       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoycert envoy-config]: timed out waiting for the condition
  Warning  FailedMount  12m (x23 over 43m)  kubelet, fc2       MountVolume.SetUp failed for volume "envoycert" : secret "envoycert" not found
  Warning  FailedMount  3m (x14 over 41m)   kubelet, fc2       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoy-config envoycert]: timed out waiting for the condition


Name:           envoy-wwb29
Namespace:      projectcontour
Priority:       0
Node:           fc4/10.0.0.3
Start Time:     Sun, 18 Oct 2020 12:43:18 +0200
Labels:         app=envoy
                controller-revision-hash=5cd7b76f74
                pod-template-generation=1
Annotations:    prometheus.io/path: /stats/prometheus
                prometheus.io/port: 8002
                prometheus.io/scrape: true
Status:         Pending
IP:
IPs:            <none>
Controlled By:  DaemonSet/envoy
Init Containers:
  envoy-initconfig:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      contour
    Args:
      bootstrap
      /config/envoy.json
      --xds-address=contour
      --xds-port=8001
      --resources-dir=/config/resources
      --envoy-cafile=/certs/ca.crt
      --envoy-cert-file=/certs/tls.crt
      --envoy-key-file=/certs/tls.key
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
    Mounts:
      /certs from envoycert (ro)
      /config from envoy-config (rw)
Containers:
  shutdown-manager:
    Container ID:
    Image:         docker.io/projectcontour/contour:v1.9.0
    Image ID:
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/contour
    Args:
      envoy
      shutdown-manager
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Liveness:       http-get http://:8090/healthz delay=3s timeout=1s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:         <none>
  envoy:
    Container ID:
    Image:         docker.io/envoyproxy/envoy:v1.15.1
    Image ID:
    Ports:         80/TCP, 443/TCP
    Host Ports:    80/TCP, 443/TCP
    Command:
      envoy
    Args:
      -c
      /config/envoy.json
      --service-cluster $(CONTOUR_NAMESPACE)
      --service-node $(ENVOY_POD_NAME)
      --log-level info
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Readiness:      http-get http://:8002/ready delay=3s timeout=1s period=4s #success=1 #failure=3
    Environment:
      CONTOUR_NAMESPACE:  projectcontour (v1:metadata.namespace)
      ENVOY_POD_NAME:     envoy-wwb29 (v1:metadata.name)
    Mounts:
      /certs from envoycert (rw)
      /config from envoy-config (rw)
Conditions:
  Type              Status
  Initialized       False
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  envoy-config:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  envoycert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  envoycert
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/disk-pressure:NoSchedule
                 node.kubernetes.io/memory-pressure:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute
                 node.kubernetes.io/pid-pressure:NoSchedule
                 node.kubernetes.io/unreachable:NoExecute
                 node.kubernetes.io/unschedulable:NoSchedule
Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    43m                   default-scheduler  Successfully assigned projectcontour/envoy-wwb29 to fc4
  Warning  FailedMount  12m (x23 over 43m)    kubelet, fc4       MountVolume.SetUp failed for volume "envoycert" : secret "envoycert" not found
  Warning  FailedMount  7m27s (x13 over 39m)  kubelet, fc4       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoy-config envoycert]: timed out waiting for the condition
  Warning  FailedMount  2m56s (x4 over 41m)   kubelet, fc4       Unable to attach or mount volumes: unmounted volumes=[envoycert], unattached volumes=[envoycert envoy-config]: timed out waiting for the condition

Environment:

  • Contour version:
    v1.9.0
  • Kubernetes version: (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:52:00Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/arm"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/arm"}
  • Kubernetes installer & version:
  • Cloud provider or hardware configuration:
> sudo lshw -short
H/W path          Device        Class      Description
======================================================
                                system     Raspberry Pi 4 Model B Rev 1.1
/0                              bus        Motherboard
/0/1                            processor  cpu
/0/2                            processor  cpu
/0/3                            processor  cpu
/0/4                            processor  cpu
/0/5                            memory     3827MiB System memory
/0/0                            bridge     Broadcom Limited
/0/0/0                          bus        VL805 USB 3.0 Host Controller
/0/0/0/0          usb1          bus        xHCI Host Controller
/0/0/0/0/1                      bus        USB2.0 Hub
/0/0/0/1          usb2          bus        xHCI Host Controller
/0/0/0/1/1        scsi0         storage    SABRENT
/0/0/0/1/1/0.0.0  /dev/sda      volume     223GiB EXT4 volume
/1                eth0          network    Ethernet interface
/2                veth18c6832f  network    Ethernet interface
/3                vetha7e4b18b  network    Ethernet interface
/4                flannel.1     network    Ethernet interface
/5                wlan0         network    Wireless interface
/6                docker0       network    Ethernet interface
/7                cni0          network    Ethernet interface
  • OS (e.g. from /etc/os-release):
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
kinbug lifecyclneeds-triage

All 11 comments

Duplicate of #2868

Thanks for the detailed bug report @fals! We are currently working on adding an ARM build (see #3031), and that should be available in the next Contour release. If you are able to validate that PR in your test environment, we would love the feedback.

thanks!

@fals FYI the above referenced PR has merged, so projectcontour/contour:main is now multi-arch and includes linux/arm64. It'd be awesome if you could test it out! Assuming all's well, Contour 1.10 will include multi-arch support.

Hey @skriss, I'm more than happy to test it out. Where can I find the new deployment file? Should I just change the existing one for v1.9.0?

Hey @skriss, I'm more than happy to test it out. Where can I find the new deployment file? Should I just change the existing one for v1.9.0?

https://github.com/projectcontour/contour/blob/main/examples/render/contour.yaml should do the trick, it'll point to the main contour image and also has been updated to Envoy 1.16, which as I understand now ships multi-arch support as well.

@skriss I've tried the deployment you mentioned, I have a similar failure. Should I change the image from docker.io/projectcontour/contour:main to docker.io/projectcontour/contour:arm64 in the deployment?

No, it should work without any change to the tag. The first thing I'd do is set the image pull policies to Always to ensure you're not getting a cached image -- there are a few:

Also, just to confirm, arm64 is the right architecture for your environment, right?

@skriss if I run the following command in my master node that is a raspberry Pi 4B, I have as result:

> kubectl describe node fc1 | grep -i architecture
  Architecture:               arm

@skriss just confirmed, I deployed the classic kuard image, I can only run the arm not arm64

kubectl run kuard --image=gcr.io/kuar-demo/kuard-arm:1 only this one works

Ah, gotcha. So, we could add arm to the list of archs we build Contour for, but the problem is that Envoy is only built for amd64 and arm64 (see the 1.16 image). So you'd be able to run Contour on your cluster, but not Envoy, which wouldn't be very useful.

@skriss I'm going setup as arm64 and I come back to you when it is done.

I just setup my RPI4 with ESXi. Then deployed an Ubuntu 20.04 VM which I then joined to my existing kubeadm cluster. After that I deployed Contour/Envoy on the arm ESXi node by using nodeSelectors targeting kubernetes.io/arch: arm64 and everything worked! =)

NAME                       READY   STATUS    RESTARTS   AGE    IP               NODE      NOMINATED NODE   READINESS GATES
contour-6d98688f47-9rn2p   1/1     Running   0          13m    192.168.73.130   armvm01   <none>           <none>
envoy-bbg2p                2/2     Running   0          3m4s   192.168.73.134   armvm01   <none>           <none>

Was this page helpful?
0 / 5 - 0 ratings

Related issues

seemiller picture seemiller  路  4Comments

annismckenzie picture annismckenzie  路  3Comments

phylake picture phylake  路  7Comments

jonasrosland picture jonasrosland  路  6Comments

stevesloka picture stevesloka  路  6Comments