Minikube: ipset not enabled in new coreos iso kernel

Created on 7 Jan 2017 · 2Comments · Source: kubernetes/minikube

Minikube version: v0.14.0
Minikube iso: https://storage.googleapis.com/minikube/iso/minikube-v1.0.1.iso

What happened:
Using Calico and other CNI plugins that make use of the 'ipset' utility do not function as it is not enabled in the kernel.

What you expected to happen:
For the service IP range to work, and rainbows to magically appear.

How to reproduce it (as minimally and precisely as possible):

minikube start --network-plugin=cni --kubernetes-version v1.5.1 --iso-url=https://storage.googleapis.com/minikube/iso/minikube-v1.0.1.iso
#wait a bit
kubectl create -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/calico.yaml
#wait for pods to be up
kubectl run -i -t busybox --image=busybox --restart=Never

then from inside that pod run: nslookup kubernetes which will fail.

Anything else do we need to know:
Relevant logs from the Calico-node container:

2017-01-06 23:43:38,567 [INFO][3430/8] calico.felix.refcount 115: Object k8s_ns.kube-system startup completed
2017-01-06 23:43:38,567 [INFO][3430/8] calico.felix.refcount 198: Object k8s_ns.kube-system is LIVE, notifying referrers
2017-01-06 23:43:38,568 [INFO][3430/8] calico.felix.refcount 115: Object default/k8s-policy-no-match startup completed
2017-01-06 23:43:38,568 [INFO][3430/8] calico.felix.refcount 198: Object default/k8s-policy-no-match is LIVE, notifying referrers
2017-01-06 23:43:38,568 [ERROR][3430/7] calico.felix.ipsets 467: Failed to check if ipset exists
Traceback (most recent call last):
  File "site-packages/calico/felix/ipsets.py", line 461, in exists
  File "site-packages/calico/felix/futils.py", line 355, in check_call
FailedSystemCall: Failed system call (retcode : 1, args : ('ipset', 'list', 'felix-all-ipam-pools-tmp'))
  stdout  : 
  stderr  : ipset v6.29: Kernel error received: Invalid argument

  input  : None

2017-01-06 23:43:38,569 [ERROR][3430/7] calico.felix.actor 395: _finish_msg_batch failed.
Traceback (most recent call last):
  File "site-packages/calico/felix/actor.py", line 382, in _step
  File "site-packages/calico/felix/masq.py", line 86, in _finish_msg_batch
  File "site-packages/calico/felix/ipsets.py", line 511, in replace_members
  File "site-packages/calico/felix/ipsets.py", line 461, in exists
  File "site-packages/calico/felix/futils.py", line 355, in check_call
FailedSystemCall: Failed system call (retcode : 1, args : ('ipset', 'list', 'felix-all-ipam-pools-tmp'))
  stdout  : 
  stderr  : ipset v6.29: Kernel error received: Invalid argument

  input  : None

TrackedAsyncResult ('<disabled>', '<disabled>', 'MasqueradeManager(IPv4)', 'on_ipam_pool_updated') was leaked with exception FailedSystemCall('ipset', 'list', 'felix-all-ipam-pools-tmp').  Dying.
2017-01-06 23:43:38.571 [ERROR][3420] felix.go 476: Failed to read from front-end socket error=EOF
2017-01-06 23:43:38.571 [WARNING][3420] felix.go 304: Driver process stopped error=exit status 1
2017-01-06 23:43:38.571 [WARNING][3420] felix.go 321: Felix is shutting down reason=Failed to read from front-end socket
2017-01-06 23:43:38.571 [INFO][3420] felix.go 335: Driver still running, trying to shut it down...
2017-01-06 23:43:38.571 [INFO][3420] felix.go 347: Driver shut down after SIGTERM
2017-01-06 23:43:38.571 [INFO][3420] felix.go 361: Shutdown wasn't cause by signal, pausing to avoid tight restart loop
2017-01-06 23:43:40.571 [INFO][3420] felix.go 364: Pause complete, exiting.
2017-01-06 23:43:40.673 [INFO][3466] logutils.go 78: Early screen log level set to info

Source