arminbiklari
Reputation: 53
Containerd error loading seccomp filter into kernel in kubernetes
Recently i get this error on one of the Kubernetes worker and on bitnami pods (redis, rabbitmq, mongodb) where the seccomp profile is defined.
(combined from similar events): Liveness probe errored: rpc error: code = Unknown desc = failed to exec in container: failed to start exec "5d1b455a1607ba76e2f1776836f3cd8bd094fc9ffe66cbaac3d16d6a921d9489": OCI runtime exec failed: exec failed: unable to start container process: unable to init seccomp: error loading seccomp filter into kernel: error loading seccomp filter: errno 524: unknown
I tried:
- Restart containers
- Restart containerd and kubelet
and does't work. I find a solution that i have to increase net.core.bpf_jit_limit but i am not sure what the effects are. currently net.core.bpf_jit_limit is set to 528482304.
the OS is ubuntu and containerd version is 1.5.7, kubernetes version is 1.27.5, and kernel version on all nodes is 5.15.0-105-generic
Upvotes: 1
Views: 830
Answers (0)
Related Questions
- Why I have to specify - sh - -c - command instead of just - command in k8s livenessProbe exec command (and potentially elsewhere)
- GKE error during container init cpu.weight: no such file or directory: unknown
- /sys/fs/cgroup/cpuset.cpus Not Found After Enabling Privileged Mode In Kubernetes
- Kubernetes windows worker node addition: "failed to create containerd task: hcsshim::CreateComputeSystem kube-proxy: The directory name is invalid"
- Liveness probe failed: OCI runtime exec failed
- Kubernetes containerd failed to pull images from private registry
- Mounting Kubernetes config map as single file returns error: "caused: mount through procfd: not a directory: unknown"
- Liveness Probe through C# code giving error
- tls: server selected unsupported protocol version 301