kvm: fix minikube on Fedora/RHEL with SELinux #21550
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since kubernetes#20852 minikube is broken on Fedora/RHEL. We add console.log (~/.minikube/machines/NAME/console.log) for dumping the console logs during startup. Libvirt is blocked by selinux policy: $ sudo ausearch -m AVC --start today ... ---- time->Sat Sep 13 22:14:10 2025 type=AVC msg=audit(1757790850.921:4801): avc: denied { open } for pid=215452 comm="virtlogd" path="/home/nsoffer/.minikube/machines/minikube/console.log" dev="vda3" ino=197349579 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ---- Having better logs in the kvm driver can be helpful but it cannot break basic functionality. Remove the code to create the log file and dump the logs. This is a manual revert of commit 2b81ce2. We cannot do a clean revert since all commits in kubernetes#20852 were squashed during merge. Tested using: $ make out/docker-machine-driver-kvm2 $ cp out/docker-machine-driver-kvm2 ~/.minikube/bin/ $ out/minikube start --driver kvm 😄 minikube v1.37.0 on Fedora 42 (kvm/amd64) ✨ Using the kvm2 driver based on user configuration 👍 Starting "minikube" primary control-plane node in "minikube" cluster 🔥 Creating kvm2 VM (CPUs=2, Memory=6144MB, Disk=20000MB) ... 🐳 Preparing Kubernetes v1.34.0 on Docker 28.4.0 ... 🔗 Configuring bridge CNI (Container Networking Interface) ... 🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🌟 Enabled addons: storage-provisioner, default-storageclass ❗ /usr/local/bin/kubectl is version 1.32.1, which may have incompatibilities with Kubernetes 1.34.0. ▪ Want kubectl v1.34.0? Try 'minikube kubectl -- get pods -A' 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: nirs The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cc @prezha |
|
/retest |
|
/ok-to-test |
|
@nirs: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
KVM tests look suspiciously awful ! https://storage.googleapis.com/minikube-builds/logs/21550/41420/KVM_Linux.html |
|
/retest-this-please |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
We need to fix the CI first, it fails for master: #21554 |
|
@nirs do you mind pasting output on fedoera and then verify Link to the aux binary of this PR https://storage.googleapis.com/minikube-builds/21550/docker-machine-driver-kvm2 |
obnoxxx
reviewed
Sep 16, 2025
I did this: This does not match the commit of this change: So we have an issue with the build. Maybe we rebase the commit before building? We should build the actual commit in the PR. |
|
Testing local build: Starting vm: |
Driver from this PR build$ ~/.minikube/bin/docker-machine-driver-kvm2 version
version: v1.37.0
commit: 9645d82b4d9ac69c7eed1420686bbdb2e6fe6da3Minikube 1.37.0$ minikube version
minikube version: v1.37.0
commit: 65318f4cfff9c12cc87ec9eb8f4cdd57b25047f3
$ minikube start -d kvm
😄 minikube v1.37.0 on Fedora 42 (kvm/amd64)
✨ Using the kvm2 driver based on user configuration
👍 Starting "minikube" primary control-plane node in "minikube" cluster
🔥 Creating kvm2 VM (CPUs=2, Memory=6144MB, Disk=20000MB) ...
🐳 Preparing Kubernetes v1.34.0 on Docker 28.4.0 ...
🔗 Configuring bridge CNI (Container Networking Interface) ...
🔎 Verifying Kubernetes components...
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟 Enabled addons: default-storageclass, storage-provisioner
❗ /usr/local/bin/kubectl is version 1.32.1, which may have incompatibilities with Kubernetes 1.34.0.
▪ Want kubectl v1.34.0? Try 'minikube kubectl -- get pods -A'
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by defaultMinikube from this PR$ out/minikube version
minikube version: v1.37.0
commit: 0aba0a8e31d541259ffdeb45c9650281430067b8
$ out/minikube start -d kvm
😄 minikube v1.37.0 on Fedora 42 (kvm/amd64)
✨ Using the kvm2 driver based on user configuration
👍 Starting "minikube" primary control-plane node in "minikube" cluster
🔥 Creating kvm2 VM (CPUs=2, Memory=6144MB, Disk=20000MB) ...
🐳 Preparing Kubernetes v1.34.0 on Docker 28.4.0 ...
🔗 Configuring bridge CNI (Container Networking Interface) ...
🔎 Verifying Kubernetes components...
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟 Enabled addons: default-storageclass, storage-provisioner
❗ /usr/local/bin/kubectl is version 1.32.1, which may have incompatibilities with Kubernetes 1.34.0.
▪ Want kubectl v1.34.0? Try 'minikube kubectl -- get pods -A'
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default |
|
/retest-this-please |
This comment has been minimized.
This comment has been minimized.
|
/retest-this-please |
|
kvm2 driver with docker runtime Times for minikube start: 45.7s 45.5s 45.5s 45.8s 42.7s Times for minikube ingress: 15.8s 16.4s 19.3s 16.3s 15.8s docker driver with docker runtime Times for minikube start: 23.3s 22.4s 23.9s 22.9s 22.5s Times for minikube ingress: 13.7s 12.7s 12.7s 10.7s 13.7s docker driver with containerd runtime Times for minikube start: 21.2s 19.9s 20.0s 19.0s 20.0s Times for minikube (PR 21550) ingress: 23.2s 39.2s 24.2s 23.2s 24.2s |
This comment has been minimized.
This comment has been minimized.
|
/lgtm |
|
Here are the number of top 10 failed tests in each environments with lowest flake rate.
Besides the following environments also have failed tests:
To see the flake rates of all tests by environment, click here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since #20852 minikube is broken on Fedora/RHEL. We add console.log (~/.minikube/machines/NAME/console.log) for dumping the console logs during startup. Libvirt is blocked by selinux policy:
Having better logs in the kvm driver can be helpful but it cannot break basic functionality. Remove the code to create the log file and dump the logs.
This is a manual revert of commit
2b81ce2. We cannot do a clean revert since all commits in #20852 were squashed during merge.
Tested using:
Tested on Fedora 42:
Fixes #21548
Fedora bug https://bugzilla.redhat.com/2394975