New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ICMP not working on Kubernetes even if sysctl -w net.ipv4.ping_group_range="0 2147483647" #697
Comments
I'm seeing the same behavior. I toyed around with passing I've search existing issues (#633, #182, #105) and I'm wondering if I'm missing something, |
The issue is here https://github.com/TwiN/gatus/blob/master/client/client.go#L246
This will set privileged to true on linux and need to use the privileged ping instead of the unprivileged one. See https://github.com/prometheus-community/pro-bing/blob/ac3b40f1f0a7438a429e9bf6f2bc2a94ba286e39/ping.go#L430 Linux and darwin both support NonPrivileged ping (https://pkg.go.dev/golang.org/x/net/icmp?utm_source=godoc#example-PacketConn-NonPrivilegedPing) so I would expect it to be safe to only filter for windows. The change was made here: c423afb for issue #132 but darwin supports non-privileged pings so the windows only condition should be okay. |
Feel free to make a PR if you think that'll fix it! |
I created #748 in an attempt to address it, but I would appreciate if somebody (either @jerome-karabenli, @kevin7s-io, @h3mmy, @heathcliff26 or anybody reading this) could test it on their end and report back on whether #748 fixed it. I've just built a container image; if you'd like to try it, pull Note that the image in question is only built for |
Works on Windows, but not on my Kubernetes cluster, even with the following configuration on the pods
influxdata/influxdata-docker#550 and influxdata/influxdata-docker#547 seems to have some information on what needs to be done to fix this. Looking at containerd/containerd#6924, perhaps this will be fixed automagically too for Kubernetes 🤔 |
I have tested it with podman and the I also tested running So i guess the fix works, but still needs to have some privileges set. |
Describe the bug
Ping not working even if sysctl -w net.ipv4.ping_group_range="0 2147483647" is configured.
net.ipv4.ping_group_range is set in initContainer which have privileged role an run as root.
I tried to mount an alpine container in same pod where gatus is. I can successfully use ping in this alpine container which have same securitycontext as gatus container, is running a non root user, on uid and guid 65534 (nobody)
I tried to ping google.com
Used config in config.yaml
endpoints:
enabled: true
url: "icmp://google.com"
interval: 60s
conditions:
client:
timeout: 30s
What do you see?
Endpoint is returning not ok
What do you expect to see?
Ping success
List the steps that must be taken to reproduce this issue
Use icmp on endpoint running in Kubernetes using this endpoints config
endpoints:
enabled: true
url: "icmp://google.com"
interval: 60s
conditions:
client:
timeout: 30s
Use initContainer with root privlege using alpine image and execute this command:
sysctl -w net.ipv4.ping_group_range="0 2147483647"
Version
twinproduction/gatus:v5.7.0
Additional information
No response
The text was updated successfully, but these errors were encountered: