Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker:dind image fails with some NAT issue while starting the docker deamon #486

Open
sujit-kulkarni opened this issue Mar 7, 2024 · 3 comments
Open

docker:dind image fails with some NAT issue while starting the docker deamon #486

sujit-kulkarni opened this issue Mar 7, 2024 · 3 comments

Comments

@sujit-kulkarni
Copy link

we are trying to use docker in docker for our usecase using the official docker:dind image.
But when the dockerd-entrypoint.sh is executed to run the docker deamon inside the container created from dind it fails with the below error:
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DOCKER: iptables v1.8.10 (nf_tables): TABLE_ADD failed (Not supported): table nat
(exit status 4)

could you please help me with the resolution.

Thanks,
@tianon tianon transferred this issue from docker-library/official-images Mar 7, 2024
@tianon
Copy link
Member

tianon commented Mar 7, 2024

This is likely a missing kernel module (or a kernel compiled without support for nat).

@lknite
Copy link

lknite commented Mar 11, 2024
edited

I think I may be running into this as well. I used to be able to load up the docker image via a Jenkins / kubernetes build on the fly, but its failing with a TLS error when attempting docker login, not able to resolve the TLS failed verification after probably 30 attempts to provide a ca-bundle, ... eventually I tried to disable by setting DOCKER_TLS_CERTDIR='', which I attempted after taking a look at the dockerd-entrypoint.sh .

The error I'm seeing is this:

# DOCKER_TLS_CERTDIR='' && /usr/local/bin/dockerd-entrypoint.sh 
cat: can't open '/proc/net/ip6_tables_names': No such file or directory
cat: can't open '/proc/net/arp_tables_names': No such file or directory
ip: can't find device 'nf_tables'
nf_tables             327680 3137 nft_chain_nat,nft_compat,nft_counter
nfnetlink              20480  4 ip_set,nf_conntrack_netlink,nft_compat,nf_tables
libcrc32c              16384  5 libceph,nf_nat,nf_conntrack,nf_tables,xfs
modprobe: can't change directory to '/lib/modules': No such file or directory
ip: can't find device 'ip_tables'
ip_tables              32768  2 iptable_nat,iptable_filter
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.10 (nf_tables)
mount: permission denied (are you root?)
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mount: permission denied (are you root?)

Tried with docker:dind & docker:latest , not really sure which I need to be using.

          - name: docker
            image: docker:latest
            env:
            - name: DOCKER_TLS_CERTDIR
              value: ""
            tty: true
            securityContext:
              privileged: true

@tianon
Copy link
Member

tianon commented Mar 11, 2024

That sounds like it's not actually running with privileged mode enabled 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tianon @sujit-kulkarni @lknite