KubeSolo fails on read-only rootfs (Industrial OS / IOT2050): cannot replace /usr/local/bin/runc

[benoitschipper]

Introduction

Hey All,

I am working on an IOT development setup and we currently use Docker in combination with Portainer, but we want to make the switch to Kubesolo. At the moment I have a pre-setup Industrial OS setup https://github.com/DGAM-PR/meta-iot2050-DGAM-PR/tree/dgam-pr here, and with this config (added kubesolo via bitbake for adding kubesolo during the compilation of the OS Image) I have kubesolo working from within the OS upon startup. However, I seem to be running into a read-only file system issue where kubesolo tries to write/symlink /usr/local/bin/runc.

Environment

• Device: Siemens IOT2050
• OS: Siemens Industrial OS (Debian-based, read-only root filesystem)
• Rootfs: / and /usr are read-only; /var and /home are writable.
• KubeSolo version: commit 20dc8b0 (build-date=2025-11-02T22:05:21Z)

Command

kubesolo --portainer-edge-id="yourtown" --portainer-edge-key="locatie"

Observed Logs:

2025/11/18 09:24AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-02T22:05:21Z commit=20dc8b0 version=20dc8b0
2025/11/18 09:24AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
2025/11/18 09:24AM FTL ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:115 > failed to ensure embedded dependencies | error="failed to load containerd: failed to create symlink for runc: failed to remove existing target CNI config /usr/local/bin/runc: remove /usr/local/bin/runc: read-only file system"

Code-level context

From cmd/kubesolo/main.go:

log.Info().Str("component", "kubesolo").Msg("ensuring all embedded dependencies are available...")
if err := embedded.EnsureEmbeddedDependencies(s.embedded); err != nil {
    log.Fatal().Err(err).Msg("failed to ensure embedded dependencies")
}

bootstrap() sets s.embedded to include:

• RuncBinaryFile under the KubeSolo data path (e.g. /var/lib/kubesolo/containerd/runc)
• SystemCNIDir and other system-level paths

Based on the error message, EnsureEmbeddedDependencies attempts to:

• Create a symlink for runc at /usr/local/bin/runc pointing to the embedded runc.
• If something already exists at /usr/local/bin/runc, remove it first.
• On this OS the root filesystem is read-only, so removing /usr/local/bin/runc fails with read-only file system, causing KubeSolo to exit fatally.

runc present but on a different location

On my setup, I do have a runc.. jut not at /usr/local/bin/runc but at /usr/sbin/runc

root@iot2050: which runc
/usr/sbin/runc

Problem

On industrial / embedded distributions with read-only root filesystems:

• /usr/local/bin is not writable, by design.
• The system may already ship its own runc (or not), but user-level software usually cannot and should not modify /usr/local/bin.

This makes KubeSolo unusable out of the box on such systems, even though /var/lib/kubesolo and other data paths are writable.

Proposed behavior / ideas (perhaps you have a work arround)

It would be great if EnsureEmbeddedDependencies could:

• Detect a read-only filesystem at /usr/local/bin and:
  • Either skip managing /usr/local/bin/runc if a usable runc is already available on $PATH, or
  • Fall back to using the embedded runc path directly in the containerd config without requiring the global /usr/local/bin symlink.
• Alternatively, make the target path for the runc symlink configurable (e.g. via a flag/env), so on read-only systems we can keep everything under /var/lib/kubesolo or another writable mount.
• Make the */runc location variable with a flag if that is possible.

Seems Kubesolo has this /usr/local/bin write as a necessity, but I was unable to find a way to make that dependency variable and was not able to find this dependancy either needs to exist or requires write access.

Perhaps someone has a work around I can use.

I currently use bitbake/docker to build the OS and have to pre-install or setup anything that needs to be able to write to a by the IOT device mounted READ-ONLY file system. This also as I will need to reproduce this on potentially 1000's of devices.

Thanks in advance!

[ncresswell]

Excellent use case, and something we will look to accomodate, as its the exact intended setup of KubeSolo.

Engineering will follow up.

[stevensbkang]

@benoitschipper thanks so much for opening this issue!

Would you please confirm any of the following paths are also readonly?

DefaultSystemContainerdSock           = "/run/containerd/containerd.sock"
DefaultStandardCNIBinDir              = "/opt/cni/bin"
DefaultStandardCNIConfDir             = "/etc/cni/net.d"
DefaultContainerdConfigDir            = "/etc/containerd/config.d"
DefaultStandardRuncFile               = "/usr/local/bin/runc" # READONLY
DefaultStandardContainerdShimRuncFile = "/usr/local/bin/containerd-shim-runc-v2" #READONLY

[stevensbkang]

@benoitschipper I have a fix for this, so no more symlinks will be required for runc and containred-shim. Would you please try out this PR binary?

The steps below:

• Download the binary from the link above
• Stop the service - systemctl stop kubesolo
• Replace the kubesolo binary - mv kubesolo /usr/local/bin/kubesolo
• Start the service - systemctl start kubesolo

[benoitschipper]

@stevensbkang Thank you for getting back to me so quickly. I’ll rebuild the OS using the binary you provided during the BitBake/Yocto build setup so I can test it on the read-only filesystem on the IoT device. I’ll also gather and share the details you requested. If I run into anything else, I’ll collect as much information as I can and include that as well.

Please bear (🐻) with me, as it might be up to Monday (CET) before I can work on this again due to other ongoing projects. If I find some time earlier, I’ll get back to you sooner. 😃

[benoitschipper]

@stevensbkang

Seems I did get a step further, but unfortunately I ran into the next part where kubesolo tries to load cni plugins and tries to create a dir in a non-writeable location /opt/*

Full log:

root@iot2050-debian:~# kubesolo --portainer-edge-id="yourtown" --portainer-edge-key="location"
2025/11/24 08:14AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-19T22:44:08Z commit=b900216 version=b900216
2025/11/24 08:14AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
2025/11/24 08:14AM FTL ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:115 > failed to ensure embedded dependencies | error="failed to load cni plugins: failed to create directory /opt/cni/bin... mkdir /opt/cni: read-only file system"

root@iot2050-debian:~# cd /opt
root@iot2050-debian:/opt# ls

root@iot2050-debian:/opt# mkdir cni
mkdir: cannot create directory ‘cni’: Read-only file system

Here is the feedback on the previous question as well, on where I am able to write in regards to the dir's kubesolo might use:

DefaultSystemContainerdSock           = "/run/containerd/containerd.sock" #WRITEABLE
DefaultStandardCNIBinDir              = "/opt/cni/bin" #READONLY
DefaultStandardCNIConfDir             = "/etc/cni/net.d" #WRITEABLE
DefaultContainerdConfigDir            = "/etc/containerd/config.d" #WRITEABLE
DefaultStandardRuncFile               = "/usr/local/bin/runc" # READONLY
DefaultStandardContainerdShimRuncFile = "/usr/local/bin/containerd-shim-runc-v2" #READONLY

Hope this helps, sorry for the long wait. I took me sometime to figure out how to load a local .zip but got it working consistently on this branch: https://github.com/DGAM-PR/meta-iot2050-DGAM-PR/tree/kubesolo-fix

Hope to hear from you again soon 😄 , I have the feeling we are rather close.

Thanks again!

[stevensbkang]

@benoitschipper thanks so much for testing the PR binary out! I have pushed another commit to remove the /opt path, would you please give it a try for me? Same instructions as before! #74 (comment)

[stevensbkang]

Actually, it will fail because of local-path-provisioner requiring access to /opt. Can you please add this flag --no-local-storage to disable it first and test the PR binary for me?

[benoitschipper]

Thanks @stevensbkang. On it now, I'll get back to you, thanks for the prompt reply!

[benoitschipper]

I checked the one I already had on the system from yesterday and tried the following:

kubesolo --portainer-edge-id="mytown" --portainer-edge-key="location" --no-local-storage

../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-19T22:44:08Z commit=b900216 version=b900216
2025/11/25 06:53AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
2025/11/25 06:53AM FTL ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:115 > failed to ensure embedded dependencies | error="failed to load cni plugins: failed to create directory /opt/cni/bin... mkdir /opt/cni: read-only file system"

and to be sure:

kubesolo --no-local-storage

2025/11/25 06:53AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-19T22:44:08Z commit=b900216 version=b900216
2025/11/25 06:53AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
2025/11/25 06:53AM FTL ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:115 > failed to ensure embedded dependencies | error="failed to load cni plugins: failed to create directory /opt/cni/bin... mkdir /opt/cni: read-only file system"

I wanted to make sure i am doing this right so double checking:

• You wanted me to check with the Binary you already pushed last week right, that I was able to test yesterday? That is what I just tested (results above).
• If not, the Binaries here, have they been rebuild? As it looks like the same binaries as before (looking at the SHAsum for example). Just want to make sure that if you want me to test a new binary I use the correct one ;)

Thanks again!

Benoit

[stevensbkang]

@benoitschipper Oh, sorry, I should have given you the link to the new build! Here it is https://github.com/portainer/kubesolo/actions/runs/19654377940

[benoitschipper]

Thanks, gotta rebuild and then put it on EMMC, so 🐻 with me 😄

...

[benoitschipper]

Partial (yet great) succes 😄 !

Seems like we are really close now! See the results below:

Command:

kubesolo --portainer-edge-id="sometown" --portainer-edge-key="location" --no-local-storage

Logs:

2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-25T00:51:45Z commit=5855d6c version=5855d6c
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
[  109.899893] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[  109.920168] Bridge firewalling registered
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:118 > generating relevant certificates... | component=kubesolo
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:122 > starting kubesolo services... this may take a few minutes... | component=kubesolo
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting containerd... | component=kubesolo
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:25 > starting containerd... | component=containerd config=/var/lib/kubesolo/containerd/config.toml
2025/11/25 08:29AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:55 > containerd started successfully... | component=containerd

INFO[2025-11-25T08:29:55.248034410Z] starting containerd                           revision= version=2.0.5+unknown
INFO[2025-11-25T08:29:55.283041205Z] loading plugin                                id=io.containerd.warning.v1.deprecations type=io.containerd.warning.v1
INFO[2025-11-25T08:29:55.283270875Z] loading plugin                                id=io.containerd.content.v1.content type=io.containerd.content.v1
INFO[2025-11-25T08:29:55.283503340Z] loading plugin                                id=io.containerd.snapshotter.v1.overlayfs type=io.containerd.snapshotter.v1
INFO[2025-11-25T08:29:55.285418880Z] loading plugin                                id=io.containerd.event.v1.exchange type=io.containerd.event.v1
INFO[2025-11-25T08:29:55.287554145Z] loading plugin                                id=io.containerd.metadata.v1.bolt type=io.containerd.metadata.v1
INFO[2025-11-25T08:29:55.288079505Z] metadata content store policy set             policy=shared
INFO[2025-11-25T08:29:55.298370520Z] loading plugin                                id=io.containerd.gc.v1.scheduler type=io.containerd.gc.v1
INFO[2025-11-25T08:29:55.298901545Z] loading plugin                                id=io.containerd.differ.v1.walking type=io.containerd.differ.v1
INFO[2025-11-25T08:29:55.299017055Z] loading plugin                                id=io.containerd.lease.v1.manager type=io.containerd.lease.v1
INFO[2025-11-25T08:29:55.299117590Z] loading plugin                                id=io.containerd.service.v1.containers-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299252995Z] loading plugin                                id=io.containerd.service.v1.content-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299339820Z] loading plugin                                id=io.containerd.service.v1.diff-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299428700Z] loading plugin                                id=io.containerd.service.v1.images-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299532140Z] loading plugin                                id=io.containerd.service.v1.introspection-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299637995Z] loading plugin                                id=io.containerd.service.v1.namespaces-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299730770Z] loading plugin                                id=io.containerd.service.v1.snapshots-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.299805685Z] loading plugin                                id=io.containerd.shim.v1.manager type=io.containerd.shim.v1
INFO[2025-11-25T08:29:55.299977695Z] loading plugin                                id=io.containerd.runtime.v2.task type=io.containerd.runtime.v2
INFO[2025-11-25T08:29:55.301003645Z] loading plugin                                id=io.containerd.service.v1.tasks-service type=io.containerd.service.v1
INFO[2025-11-25T08:29:55.301191880Z] loading plugin                                id=io.containerd.grpc.v1.containers type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.301291510Z] loading plugin                                id=io.containerd.grpc.v1.content type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.301389810Z] loading plugin                                id=io.containerd.grpc.v1.diff type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.301505910Z] loading plugin                                id=io.containerd.grpc.v1.events type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.301593485Z] loading plugin                                id=io.containerd.grpc.v1.images type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.636400285Z] loading plugin                                id=io.containerd.grpc.v1.introspection type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.636558600Z] loading plugin                                id=io.containerd.grpc.v1.leases type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.636712985Z] loading plugin                                id=io.containerd.grpc.v1.namespaces type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.636805175Z] loading plugin                                id=io.containerd.sandbox.store.v1.local type=io.containerd.sandbox.store.v1
INFO[2025-11-25T08:29:55.636889175Z] loading plugin                                id=io.containerd.cri.v1.images type=io.containerd.cri.v1
INFO[2025-11-25T08:29:55.637728180Z] Get image filesystem path "/var/lib/kubesolo/containerd/root/io.containerd.snapshotter.v1.overlayfs" for snapshotter "overlayfs"
INFO[2025-11-25T08:29:55.637850715Z] Start snapshots syncer
INFO[2025-11-25T08:29:55.637960145Z] loading plugin                                id=io.containerd.cri.v1.runtime type=io.containerd.cri.v1
INFO[2025-11-25T08:29:55.639916775Z] starting cri plugin                           config="{\"containerd\":{\"defaultRuntimeName\":\"runc\",\"runtimes\":{\"runc\":{\"runtimeType\":\"io.containerd.runc.v2\",\"runtimePath\":\"/var/lib/kubesolo/containerd/containerd-shim-runc-v2\",\"PodAnnotations\":[],\"ContainerAnnotations\":[],\"options\":{\"BinaryName\":\"/var/lib/kubesolo/containerd/runc\",\"CriuImagePath\":\"\",\"CriuWorkPath\":\"\",\"IoGid\":0,\"IoUid\":0,\"NoNewKeyring\":false,\"Root\":\"\",\"ShimCgroup\":\"\"},\"privileged_without_host_devices\":false,\"privileged_without_host_devices_all_devices_allowed\":false,\"baseRuntimeSpec\":\"\",\"cniConfDir\":\"\",\"cniMaxConfNum\":0,\"snapshotter\":\"\",\"sandboxer\":\"podsandbox\",\"io_type\":\"\"}},\"ignoreBlockIONotEnabledErrors\":false,\"ignoreRdtNotEnabledErrors\":false},\"cni\":{\"binDir\":\"/var/lib/kubesolo/containerd/cni/plugins\",\"confDir\":\"/etc/cni/net.d\",\"maxConfNum\":1,\"setupSerially\":false,\"confTemplate\":\"\",\"ipPref\":\"\",\"useInternalLoopback\":false},\"enableSelinux\":false,\"selinuxCategoryRange\":1024,\"maxContainerLogSize\":16384,\"disableApparmor\":false,\"restrictOOMScoreAdj\":false,\"disableProcMount\":false,\"unsetSeccompProfile\":\"\",\"tolerateMissingHugetlbController\":true,\"disableHugetlbController\":true,\"device_ownership_from_security_context\":false,\"ignoreImageDefinedVolumes\":false,\"netnsMountsUnderStateDir\":false,\"enableUnprivilegedPorts\":true,\"enableUnprivilegedICMP\":true,\"enableCDI\":true,\"cdiSpecDirs\":[\"/etc/cdi\",\"/var/run/cdi\"],\"drainExecSyncIOTimeout\":\"0s\",\"ignoreDeprecationWarnings\":[],\"containerdRootDir\":\"/var/lib/kubesolo/containerd/root\",\"containerdEndpoint\":\"/var/lib/kubesolo/containerd/containerd.sock\",\"rootDir\":\"/var/lib/kubesolo/containerd/root/io.containerd.grpc.v1.cri\",\"stateDir\":\"/var/lib/kubesolo/containerd/state/io.containerd.grpc.v1.cri\"}"
INFO[2025-11-25T08:29:55.640362605Z] loading plugin                                id=io.containerd.podsandbox.controller.v1.podsandbox type=io.containerd.podsandbox.controller.v1
INFO[2025-11-25T08:29:55.646387780Z] loading plugin                                id=io.containerd.sandbox.controller.v1.shim type=io.containerd.sandbox.controller.v1
INFO[2025-11-25T08:29:55.647325815Z] loading plugin                                id=io.containerd.grpc.v1.sandbox-controllers type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.647508305Z] loading plugin                                id=io.containerd.grpc.v1.sandboxes type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.986345570Z] loading plugin                                id=io.containerd.grpc.v1.snapshots type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.986537355Z] loading plugin                                id=io.containerd.grpc.v1.tasks type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.986637020Z] loading plugin                                id=io.containerd.grpc.v1.version type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.986711120Z] loading plugin                                id=io.containerd.grpc.v1.healthcheck type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.986796900Z] loading plugin                                id=io.containerd.grpc.v1.cri type=io.containerd.grpc.v1
INFO[2025-11-25T08:29:55.987079400Z] Connect containerd service
INFO[2025-11-25T08:29:55.987387175Z] NRI service not found, NRI support disabled
INFO[2025-11-25T08:29:56.007068605Z] Start subscribing containerd event
INFO[2025-11-25T08:29:56.007460830Z] Start recovering state
INFO[2025-11-25T08:29:56.008135830Z] Start event monitor
INFO[2025-11-25T08:29:56.008208925Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock.ttrpc
INFO[2025-11-25T08:29:56.008266370Z] Start cni network conf syncer for default
INFO[2025-11-25T08:29:56.008543020Z] Start streaming server
INFO[2025-11-25T08:29:56.008689870Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock
INFO[2025-11-25T08:29:56.008857820Z] containerd successfully booted in 0.788741s
INFO[2025-11-25T08:29:58.880199160Z] ImageCreate event name:"docker.io/coredns/coredns:1.12.2"
INFO[2025-11-25T08:29:58.902564050Z] ImageCreate event name:"sha256:481b7150644c6a176234d7f3d8fbbb9f612dbb223d1cd8aec8b00809037949a5" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:29:58.907136185Z] ImageUpdate event name:"docker.io/coredns/coredns:1.12.2" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:29:59.058537740Z] ImageCreate event name:"docker.io/portainer/pause:latest"
INFO[2025-11-25T08:29:59.074547670Z] ImageCreate event name:"sha256:0486683f64fa831dcc18ffb5ebb61f24ea2fdf3c36d41ddc3c763fa9f4454ae4" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:29:59.076906915Z] ImageUpdate event name:"docker.io/portainer/pause:latest" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:30:01.302325720Z] ImageCreate event name:"docker.io/rancher/local-path-provisioner:v0.0.31"
INFO[2025-11-25T08:30:01.318442140Z] ImageCreate event name:"sha256:b41714cf6249634852799cf17377f98e07dace3e242c68d0f62797e452bbd032" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:30:01.321475540Z] ImageUpdate event name:"docker.io/rancher/local-path-provisioner:v0.0.31" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:30:06.737214250Z] ImageCreate event name:"docker.io/portainer/agent:2.32.0"

2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > containerd is ready... | component=kubesolo
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting kine... | component=kubesolo
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:21 > starting kine process (sqlite storage)... | component=kine database=/var/lib/kubesolo/kine/db

INFO[2025-11-25T08:30:06.754486835Z] ImageCreate event name:"sha256:a1583bd72bdd7265607f24ba619b4c96dda96e67d6f2feeadd644aad2b1cc239" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:30:06.758371030Z] ImageUpdate event name:"docker.io/portainer/agent:2.32.0" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:30:06.827120530Z] Configuring sqlite3 database connection pooling: maxIdleConns=3, maxOpenConns=5, connMaxLifetime=1m0s
INFO[2025-11-25T08:30:06.827369695Z] Configuring database table schema and indexes, this may take a moment...
INFO[2025-11-25T08:30:06.880316060Z] Database tables and indexes are up to date
INFO[2025-11-25T08:30:06.901355990Z] Kine available at http://127.0.0.1:2379

2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:41 > kine server started successfully... | component=kine
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > kine is ready... | component=kubesolo
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting apiserver... | component=kubesolo
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:24 > starting API server... | component=apiserver

I1125 08:30:07.427588     757 plugins.go:83] "Registered admission plugin" plugin="KubeSoloNodeSetter"
I1125 08:30:07.428118     757 plugins.go:83] "Registered admission plugin" plugin="NamespaceLifecycle"
I1125 08:30:07.428176     757 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionWebhook"
I1125 08:30:07.428216     757 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionWebhook"
I1125 08:30:07.428252     757 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionPolicy"
I1125 08:30:07.428289     757 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionPolicy"
I1125 08:30:07.428325     757 plugins.go:83] "Registered admission plugin" plugin="AlwaysAdmit"
I1125 08:30:07.428361     757 plugins.go:83] "Registered admission plugin" plugin="AlwaysPullImages"
I1125 08:30:07.428398     757 plugins.go:83] "Registered admission plugin" plugin="LimitPodHardAntiAffinityTopology"
I1125 08:30:07.428436     757 plugins.go:83] "Registered admission plugin" plugin="DefaultTolerationSeconds"
I1125 08:30:07.428489     757 plugins.go:83] "Registered admission plugin" plugin="DefaultIngressClass"
I1125 08:30:07.428525     757 plugins.go:83] "Registered admission plugin" plugin="DenyServiceExternalIPs"
I1125 08:30:07.428560     757 plugins.go:83] "Registered admission plugin" plugin="AlwaysDeny"
I1125 08:30:07.428593     757 plugins.go:83] "Registered admission plugin" plugin="EventRateLimit"
I1125 08:30:07.428683     757 plugins.go:83] "Registered admission plugin" plugin="ExtendedResourceToleration"
I1125 08:30:07.428726     757 plugins.go:83] "Registered admission plugin" plugin="OwnerReferencesPermissionEnforcement"
I1125 08:30:07.428771     757 plugins.go:83] "Registered admission plugin" plugin="ImagePolicyWebhook"
I1125 08:30:07.428809     757 plugins.go:83] "Registered admission plugin" plugin="LimitRanger"
I1125 08:30:07.428845     757 plugins.go:83] "Registered admission plugin" plugin="NamespaceAutoProvision"
I1125 08:30:07.428879     757 plugins.go:83] "Registered admission plugin" plugin="NamespaceExists"
I1125 08:30:07.428914     757 plugins.go:83] "Registered admission plugin" plugin="NodeRestriction"
I1125 08:30:07.428950     757 plugins.go:83] "Registered admission plugin" plugin="TaintNodesByCondition"
I1125 08:30:07.428984     757 plugins.go:83] "Registered admission plugin" plugin="PodNodeSelector"
I1125 08:30:07.429025     757 plugins.go:83] "Registered admission plugin" plugin="PodTolerationRestriction"
I1125 08:30:07.429066     757 plugins.go:83] "Registered admission plugin" plugin="RuntimeClass"
I1125 08:30:07.429101     757 plugins.go:83] "Registered admission plugin" plugin="ResourceQuota"
I1125 08:30:07.429134     757 plugins.go:83] "Registered admission plugin" plugin="PodSecurity"
I1125 08:30:07.429172     757 plugins.go:83] "Registered admission plugin" plugin="Priority"
I1125 08:30:07.429206     757 plugins.go:83] "Registered admission plugin" plugin="ServiceAccount"
I1125 08:30:07.429243     757 plugins.go:83] "Registered admission plugin" plugin="DefaultStorageClass"
I1125 08:30:07.429298     757 plugins.go:83] "Registered admission plugin" plugin="PersistentVolumeClaimResize"
I1125 08:30:07.429335     757 plugins.go:83] "Registered admission plugin" plugin="StorageObjectInUseProtection"
I1125 08:30:07.429371     757 plugins.go:83] "Registered admission plugin" plugin="CertificateApproval"
I1125 08:30:07.429408     757 plugins.go:83] "Registered admission plugin" plugin="CertificateSigning"
I1125 08:30:07.429446     757 plugins.go:83] "Registered admission plugin" plugin="ClusterTrustBundleAttest"
I1125 08:30:07.429484     757 plugins.go:83] "Registered admission plugin" plugin="CertificateSubjectRestriction"
I1125 08:30:07.429518     757 plugins.go:83] "Registered admission plugin" plugin="PodTopologyLabels"

2025/11/25 08:30AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:34 > failed to configure API server flags: failed to get node IP address: could not find non-loopback private IP address... | component=apiserver
2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:96 > terminating the API server... | component=apiserver

INFO[2025-11-25T08:30:07.777789690Z] TTL events watch channel closed
INFO[2025-11-25T08:30:07.778023240Z] TTL events work queue has shut down

2025/11/25 08:30AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:241 > shutdown requested before apiserver was ready... | component=kubesolo

Error:

2025/11/25 08:30AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:34 > failed to configure API server flags: failed to get node IP address: could not find non-loopback private IP address... | component=apiserver

Here again without any of the parameters except --no-local-storage

Command:

kubesolo --no-local-storage

Logs:

2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-25T00:51:45Z commit=5855d6c version=5855d6c
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:118 > generating relevant certificates... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:122 > starting kubesolo services... this may take a few minutes... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting containerd... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:25 > starting containerd... | component=containerd config=/var/lib/kubesolo/containerd/config.toml
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:55 > containerd started successfully... | component=containerd
2025/11/25 08:47AM WRN ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/health.go:36 > containerd health check failed: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/lib/kubesolo/containerd/containerd.sock: connect: connection refused" | component=containerd

INFO[2025-11-25T08:47:42.402265800Z] starting containerd                           revision= version=2.0.5+unknown
INFO[2025-11-25T08:47:42.437826155Z] loading plugin                                id=io.containerd.warning.v1.deprecations type=io.containerd.warning.v1
INFO[2025-11-25T08:47:42.438070280Z] loading plugin                                id=io.containerd.content.v1.content type=io.containerd.content.v1
INFO[2025-11-25T08:47:42.439175960Z] loading plugin                                id=io.containerd.snapshotter.v1.overlayfs type=io.containerd.snapshotter.v1
INFO[2025-11-25T08:47:42.439977270Z] loading plugin                                id=io.containerd.event.v1.exchange type=io.containerd.event.v1
INFO[2025-11-25T08:47:42.440193690Z] loading plugin                                id=io.containerd.metadata.v1.bolt type=io.containerd.metadata.v1
INFO[2025-11-25T08:47:42.440309125Z] metadata content store policy set             policy=shared
INFO[2025-11-25T08:47:42.441499985Z] loading plugin                                id=io.containerd.gc.v1.scheduler type=io.containerd.gc.v1
INFO[2025-11-25T08:47:42.441923340Z] loading plugin                                id=io.containerd.differ.v1.walking type=io.containerd.differ.v1
INFO[2025-11-25T08:47:42.442029425Z] loading plugin                                id=io.containerd.lease.v1.manager type=io.containerd.lease.v1
INFO[2025-11-25T08:47:42.442132510Z] loading plugin                                id=io.containerd.service.v1.containers-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442233180Z] loading plugin                                id=io.containerd.service.v1.content-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442315170Z] loading plugin                                id=io.containerd.service.v1.diff-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442401845Z] loading plugin                                id=io.containerd.service.v1.images-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442494010Z] loading plugin                                id=io.containerd.service.v1.introspection-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442574925Z] loading plugin                                id=io.containerd.service.v1.namespaces-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442654480Z] loading plugin                                id=io.containerd.service.v1.snapshots-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.442725255Z] loading plugin                                id=io.containerd.shim.v1.manager type=io.containerd.shim.v1
INFO[2025-11-25T08:47:42.442811025Z] loading plugin                                id=io.containerd.runtime.v2.task type=io.containerd.runtime.v2
INFO[2025-11-25T08:47:42.443231975Z] loading plugin                                id=io.containerd.service.v1.tasks-service type=io.containerd.service.v1
INFO[2025-11-25T08:47:42.779424890Z] loading plugin                                id=io.containerd.grpc.v1.containers type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.779599610Z] loading plugin                                id=io.containerd.grpc.v1.content type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.779701565Z] loading plugin                                id=io.containerd.grpc.v1.diff type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.779783640Z] loading plugin                                id=io.containerd.grpc.v1.events type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.779863230Z] loading plugin                                id=io.containerd.grpc.v1.images type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.779952900Z] loading plugin                                id=io.containerd.grpc.v1.introspection type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.780031640Z] loading plugin                                id=io.containerd.grpc.v1.leases type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.780144630Z] loading plugin                                id=io.containerd.grpc.v1.namespaces type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:42.780241220Z] loading plugin                                id=io.containerd.sandbox.store.v1.local type=io.containerd.sandbox.store.v1
INFO[2025-11-25T08:47:42.780319630Z] loading plugin                                id=io.containerd.cri.v1.images type=io.containerd.cri.v1
INFO[2025-11-25T08:47:42.781193175Z] Get image filesystem path "/var/lib/kubesolo/containerd/root/io.containerd.snapshotter.v1.overlayfs" for snapshotter "overlayfs"
INFO[2025-11-25T08:47:42.781301835Z] Start snapshots syncer
INFO[2025-11-25T08:47:42.781415035Z] loading plugin                                id=io.containerd.cri.v1.runtime type=io.containerd.cri.v1
INFO[2025-11-25T08:47:42.783243950Z] starting cri plugin                           config="{\"containerd\":{\"defaultRuntimeName\":\"runc\",\"runtimes\":{\"runc\":{\"runtimeType\":\"io.containerd.runc.v2\",\"runtimePath\":\"/var/lib/kubesolo/containerd/containerd-shim-runc-v2\",\"PodAnnotations\":[],\"ContainerAnnotations\":[],\"options\":{\"BinaryName\":\"/var/lib/kubesolo/containerd/runc\",\"CriuImagePath\":\"\",\"CriuWorkPath\":\"\",\"IoGid\":0,\"IoUid\":0,\"NoNewKeyring\":false,\"Root\":\"\",\"ShimCgroup\":\"\"},\"privileged_without_host_devices\":false,\"privileged_without_host_devices_all_devices_allowed\":false,\"baseRuntimeSpec\":\"\",\"cniConfDir\":\"\",\"cniMaxConfNum\":0,\"snapshotter\":\"\",\"sandboxer\":\"podsandbox\",\"io_type\":\"\"}},\"ignoreBlockIONotEnabledErrors\":false,\"ignoreRdtNotEnabledErrors\":false},\"cni\":{\"binDir\":\"/var/lib/kubesolo/containerd/cni/plugins\",\"confDir\":\"/etc/cni/net.d\",\"maxConfNum\":1,\"setupSerially\":false,\"confTemplate\":\"\",\"ipPref\":\"\",\"useInternalLoopback\":false},\"enableSelinux\":false,\"selinuxCategoryRange\":1024,\"maxContainerLogSize\":16384,\"disableApparmor\":false,\"restrictOOMScoreAdj\":false,\"disableProcMount\":false,\"unsetSeccompProfile\":\"\",\"tolerateMissingHugetlbController\":true,\"disableHugetlbController\":true,\"device_ownership_from_security_context\":false,\"ignoreImageDefinedVolumes\":false,\"netnsMountsUnderStateDir\":false,\"enableUnprivilegedPorts\":true,\"enableUnprivilegedICMP\":true,\"enableCDI\":true,\"cdiSpecDirs\":[\"/etc/cdi\",\"/var/run/cdi\"],\"drainExecSyncIOTimeout\":\"0s\",\"ignoreDeprecationWarnings\":[],\"containerdRootDir\":\"/var/lib/kubesolo/containerd/root\",\"containerdEndpoint\":\"/var/lib/kubesolo/containerd/containerd.sock\",\"rootDir\":\"/var/lib/kubesolo/containerd/root/io.containerd.grpc.v1.cri\",\"stateDir\":\"/var/lib/kubesolo/containerd/state/io.containerd.grpc.v1.cri\"}"
INFO[2025-11-25T08:47:43.118048380Z] loading plugin                                id=io.containerd.podsandbox.controller.v1.podsandbox type=io.containerd.podsandbox.controller.v1
INFO[2025-11-25T08:47:43.118667620Z] loading plugin                                id=io.containerd.sandbox.controller.v1.shim type=io.containerd.sandbox.controller.v1
INFO[2025-11-25T08:47:43.118951195Z] loading plugin                                id=io.containerd.grpc.v1.sandbox-controllers type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119082335Z] loading plugin                                id=io.containerd.grpc.v1.sandboxes type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119174670Z] loading plugin                                id=io.containerd.grpc.v1.snapshots type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119271765Z] loading plugin                                id=io.containerd.grpc.v1.tasks type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119361275Z] loading plugin                                id=io.containerd.grpc.v1.version type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119445840Z] loading plugin                                id=io.containerd.grpc.v1.healthcheck type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119524130Z] loading plugin                                id=io.containerd.grpc.v1.cri type=io.containerd.grpc.v1
INFO[2025-11-25T08:47:43.119783065Z] Connect containerd service
INFO[2025-11-25T08:47:43.120021710Z] NRI service not found, NRI support disabled
INFO[2025-11-25T08:47:43.140719490Z] Start subscribing containerd event
INFO[2025-11-25T08:47:43.141127950Z] Start recovering state
INFO[2025-11-25T08:47:43.142109675Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock.ttrpc
INFO[2025-11-25T08:47:43.142606315Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock
WARN[2025-11-25T08:47:43.145165100Z] The image docker.io/portainer/pause:latest is not unpacked.
WARN[2025-11-25T08:47:43.145274860Z] The image docker.io/rancher/local-path-provisioner:v0.0.31 is not unpacked.
WARN[2025-11-25T08:47:43.146580610Z] The image sha256:0486683f64fa831dcc18ffb5ebb61f24ea2fdf3c36d41ddc3c763fa9f4454ae4 is not unpacked.
WARN[2025-11-25T08:47:43.145237215Z] The image sha256:b41714cf6249634852799cf17377f98e07dace3e242c68d0f62797e452bbd032 is not unpacked.
WARN[2025-11-25T08:47:43.146791130Z] The image docker.io/coredns/coredns:1.12.2 is not unpacked.
WARN[2025-11-25T08:47:43.149168810Z] The image docker.io/portainer/agent:2.32.0 is not unpacked.
WARN[2025-11-25T08:47:43.149387740Z] The image sha256:a1583bd72bdd7265607f24ba619b4c96dda96e67d6f2feeadd644aad2b1cc239 is not unpacked.
WARN[2025-11-25T08:47:43.150130920Z] The image sha256:481b7150644c6a176234d7f3d8fbbb9f612dbb223d1cd8aec8b00809037949a5 is not unpacked.
INFO[2025-11-25T08:47:43.168467095Z] Start event monitor
INFO[2025-11-25T08:47:43.168684490Z] Start cni network conf syncer for default
INFO[2025-11-25T08:47:43.168779455Z] Start streaming server
INFO[2025-11-25T08:47:43.168911250Z] containerd successfully booted in 0.770214s
INFO[2025-11-25T08:47:47.372793760Z] ImageUpdate event name:"docker.io/coredns/coredns:1.12.2" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:47:47.512144830Z] ImageUpdate event name:"docker.io/portainer/pause:latest" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T08:47:50.667449525Z] ImageUpdate event name:"docker.io/rancher/local-path-provisioner:v0.0.31" labels:{key:"io.cri-containerd.image" value:"managed"}

2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > containerd is ready... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting kine... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:21 > starting kine process (sqlite storage)... | component=kine database=/var/lib/kubesolo/kine/db

INFO[2025-11-25T08:47:50.683759055Z] Configuring sqlite3 database connection pooling: maxIdleConns=3, maxOpenConns=5, connMaxLifetime=1m0s
INFO[2025-11-25T08:47:50.684023700Z] Configuring database table schema and indexes, this may take a moment...
INFO[2025-11-25T08:47:50.684867855Z] Database tables and indexes are up to date
INFO[2025-11-25T08:47:50.691128455Z] Kine available at http://127.0.0.1:2379

2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:41 > kine server started successfully... | component=kine
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > kine is ready... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting apiserver... | component=kubesolo
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:24 > starting API server... | component=apiserver

I1125 08:47:50.692991     816 plugins.go:83] "Registered admission plugin" plugin="KubeSoloNodeSetter"
I1125 08:47:50.693353     816 plugins.go:83] "Registered admission plugin" plugin="NamespaceLifecycle"
I1125 08:47:50.693414     816 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionWebhook"
I1125 08:47:50.693455     816 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionWebhook"
I1125 08:47:50.693492     816 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionPolicy"
I1125 08:47:50.693529     816 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionPolicy"
I1125 08:47:50.693567     816 plugins.go:83] "Registered admission plugin" plugin="AlwaysAdmit"
I1125 08:47:50.693602     816 plugins.go:83] "Registered admission plugin" plugin="AlwaysPullImages"
I1125 08:47:50.693641     816 plugins.go:83] "Registered admission plugin" plugin="LimitPodHardAntiAffinityTopology"
I1125 08:47:50.693680     816 plugins.go:83] "Registered admission plugin" plugin="DefaultTolerationSeconds"
I1125 08:47:50.693736     816 plugins.go:83] "Registered admission plugin" plugin="DefaultIngressClass"
I1125 08:47:50.693775     816 plugins.go:83] "Registered admission plugin" plugin="DenyServiceExternalIPs"
I1125 08:47:50.693809     816 plugins.go:83] "Registered admission plugin" plugin="AlwaysDeny"
I1125 08:47:50.693844     816 plugins.go:83] "Registered admission plugin" plugin="EventRateLimit"
I1125 08:47:50.693881     816 plugins.go:83] "Registered admission plugin" plugin="ExtendedResourceToleration"
I1125 08:47:50.693920     816 plugins.go:83] "Registered admission plugin" plugin="OwnerReferencesPermissionEnforcement"
I1125 08:47:50.693970     816 plugins.go:83] "Registered admission plugin" plugin="ImagePolicyWebhook"
I1125 08:47:50.694007     816 plugins.go:83] "Registered admission plugin" plugin="LimitRanger"
I1125 08:47:50.694045     816 plugins.go:83] "Registered admission plugin" plugin="NamespaceAutoProvision"
I1125 08:47:50.694080     816 plugins.go:83] "Registered admission plugin" plugin="NamespaceExists"
I1125 08:47:50.694116     816 plugins.go:83] "Registered admission plugin" plugin="NodeRestriction"
I1125 08:47:50.694158     816 plugins.go:83] "Registered admission plugin" plugin="TaintNodesByCondition"
I1125 08:47:50.694195     816 plugins.go:83] "Registered admission plugin" plugin="PodNodeSelector"
I1125 08:47:50.694232     816 plugins.go:83] "Registered admission plugin" plugin="PodTolerationRestriction"
I1125 08:47:51.031300     816 plugins.go:83] "Registered admission plugin" plugin="RuntimeClass"
I1125 08:47:51.031406     816 plugins.go:83] "Registered admission plugin" plugin="ResourceQuota"
I1125 08:47:51.031448     816 plugins.go:83] "Registered admission plugin" plugin="PodSecurity"
I1125 08:47:51.031484     816 plugins.go:83] "Registered admission plugin" plugin="Priority"
I1125 08:47:51.031518     816 plugins.go:83] "Registered admission plugin" plugin="ServiceAccount"
I1125 08:47:51.031552     816 plugins.go:83] "Registered admission plugin" plugin="DefaultStorageClass"
I1125 08:47:51.031629     816 plugins.go:83] "Registered admission plugin" plugin="PersistentVolumeClaimResize"
I1125 08:47:51.031668     816 plugins.go:83] "Registered admission plugin" plugin="StorageObjectInUseProtection"
I1125 08:47:51.031703     816 plugins.go:83] "Registered admission plugin" plugin="CertificateApproval"
I1125 08:47:51.031740     816 plugins.go:83] "Registered admission plugin" plugin="CertificateSigning"
I1125 08:47:51.031779     816 plugins.go:83] "Registered admission plugin" plugin="ClusterTrustBundleAttest"
I1125 08:47:51.031816     816 plugins.go:83] "Registered admission plugin" plugin="CertificateSubjectRestriction"
I1125 08:47:51.031852     816 plugins.go:83] "Registered admission plugin" plugin="PodTopologyLabels"

2025/11/25 08:47AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:34 > failed to configure API server flags: failed to get node IP address: could not find non-loopback private IP address... | component=apiserver
2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:96 > terminating the API server... | component=apiserver

INFO[2025-11-25T08:47:51.036208625Z] TTL events watch channel closed
INFO[2025-11-25T08:47:51.036335750Z] TTL events work queue has shut down

2025/11/25 08:47AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:241 > shutdown requested before apiserver was ready... | component=kubesolo

Any idea what might be going wrong here?

Does it require an assigned (by network) IP address, non-loopback that is? Makes sense, will test with a network cable attached and post as an additional comment if I find anything different.

Thanks again! 💯

[benoitschipper]

Update on previous comment

Got a bit further. I connected rj45 and default assigned ip is 192.168.200.1 (by Siemens defaults, it is used to also connected via SSH once the device is up locally if you want to and do not have a UART cable).

I got a bit further, but it started to complain about certificates/TLS. See more info below 😄

Hope this helps!

IP's Assigned

ip addr | grep inet | grep -v inet6

inet 127.0.0.1/8 scope host lo
inet 192.168.200.1/24 brd 192.168.200.255 scope global noprefixroute eno1

Command

kubesolo --portainer-edge-id="sometown" --portainer-edge-key="location" --no-local-storage

Logs

2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:111 > starting kubesolo... | build-date=2025-11-25T00:51:45Z commit=5855d6c version=5855d6c
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:113 > ensuring all embedded dependencies are available... | component=kubesolo
[  160.776782] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[  160.796408] Bridge firewalling registered
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:118 > generating relevant certificates... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:122 > starting kubesolo services... this may take a few minutes... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting containerd... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:25 > starting containerd... | component=containerd config=/var/lib/kubesolo/containerd/config.toml
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/executor.go:55 > containerd started successfully... | component=containerd
2025/11/25 09:09AM WRN ../home/runner/work/kubesolo/kubesolo/pkg/runtime/containerd/health.go:36 > containerd health check failed: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/lib/kubesolo/containerd/containerd.sock: connect: connection refused" | component=containerd

INFO[2025-11-25T09:09:39.753673675Z] starting containerd                           revision= version=2.0.5+unknown
INFO[2025-11-25T09:09:39.788951791Z] loading plugin                                id=io.containerd.warning.v1.deprecations type=io.containerd.warning.v1
INFO[2025-11-25T09:09:39.789276300Z] loading plugin                                id=io.containerd.content.v1.content type=io.containerd.content.v1
INFO[2025-11-25T09:09:39.790927368Z] loading plugin                                id=io.containerd.snapshotter.v1.overlayfs type=io.containerd.snapshotter.v1
INFO[2025-11-25T09:09:39.792199747Z] loading plugin                                id=io.containerd.event.v1.exchange type=io.containerd.event.v1
INFO[2025-11-25T09:09:39.792436055Z] loading plugin                                id=io.containerd.metadata.v1.bolt type=io.containerd.metadata.v1
INFO[2025-11-25T09:09:39.792577776Z] metadata content store policy set             policy=shared
INFO[2025-11-25T09:09:39.803374520Z] loading plugin                                id=io.containerd.gc.v1.scheduler type=io.containerd.gc.v1
INFO[2025-11-25T09:09:39.803931227Z] loading plugin                                id=io.containerd.differ.v1.walking type=io.containerd.differ.v1
INFO[2025-11-25T09:09:39.804045616Z] loading plugin                                id=io.containerd.lease.v1.manager type=io.containerd.lease.v1
INFO[2025-11-25T09:09:39.804140322Z] loading plugin                                id=io.containerd.service.v1.containers-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804246462Z] loading plugin                                id=io.containerd.service.v1.content-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804335409Z] loading plugin                                id=io.containerd.service.v1.diff-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804420145Z] loading plugin                                id=io.containerd.service.v1.images-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804516001Z] loading plugin                                id=io.containerd.service.v1.introspection-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804596684Z] loading plugin                                id=io.containerd.service.v1.namespaces-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804675041Z] loading plugin                                id=io.containerd.service.v1.snapshots-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.804745495Z] loading plugin                                id=io.containerd.shim.v1.manager type=io.containerd.shim.v1
INFO[2025-11-25T09:09:39.804831821Z] loading plugin                                id=io.containerd.runtime.v2.task type=io.containerd.runtime.v2
INFO[2025-11-25T09:09:39.805947865Z] loading plugin                                id=io.containerd.service.v1.tasks-service type=io.containerd.service.v1
INFO[2025-11-25T09:09:39.806164735Z] loading plugin                                id=io.containerd.grpc.v1.containers type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:39.806259266Z] loading plugin                                id=io.containerd.grpc.v1.content type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140333187Z] loading plugin                                id=io.containerd.grpc.v1.diff type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140523175Z] loading plugin                                id=io.containerd.grpc.v1.events type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140607052Z] loading plugin                                id=io.containerd.grpc.v1.images type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140703513Z] loading plugin                                id=io.containerd.grpc.v1.introspection type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140798479Z] loading plugin                                id=io.containerd.grpc.v1.leases type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140893056Z] loading plugin                                id=io.containerd.grpc.v1.namespaces type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.140990827Z] loading plugin                                id=io.containerd.sandbox.store.v1.local type=io.containerd.sandbox.store.v1
INFO[2025-11-25T09:09:40.141079258Z] loading plugin                                id=io.containerd.cri.v1.images type=io.containerd.cri.v1
INFO[2025-11-25T09:09:40.141931675Z] Get image filesystem path "/var/lib/kubesolo/containerd/root/io.containerd.snapshotter.v1.overlayfs" for snapshotter "overlayfs"
INFO[2025-11-25T09:09:40.142036210Z] Start snapshots syncer
INFO[2025-11-25T09:09:40.142151584Z] loading plugin                                id=io.containerd.cri.v1.runtime type=io.containerd.cri.v1
INFO[2025-11-25T09:09:40.144044039Z] starting cri plugin                           config="{\"containerd\":{\"defaultRuntimeName\":\"runc\",\"runtimes\":{\"runc\":{\"runtimeType\":\"io.containerd.runc.v2\",\"runtimePath\":\"/var/lib/kubesolo/containerd/containerd-shim-runc-v2\",\"PodAnnotations\":[],\"ContainerAnnotations\":[],\"options\":{\"BinaryName\":\"/var/lib/kubesolo/containerd/runc\",\"CriuImagePath\":\"\",\"CriuWorkPath\":\"\",\"IoGid\":0,\"IoUid\":0,\"NoNewKeyring\":false,\"Root\":\"\",\"ShimCgroup\":\"\"},\"privileged_without_host_devices\":false,\"privileged_without_host_devices_all_devices_allowed\":false,\"baseRuntimeSpec\":\"\",\"cniConfDir\":\"\",\"cniMaxConfNum\":0,\"snapshotter\":\"\",\"sandboxer\":\"podsandbox\",\"io_type\":\"\"}},\"ignoreBlockIONotEnabledErrors\":false,\"ignoreRdtNotEnabledErrors\":false},\"cni\":{\"binDir\":\"/var/lib/kubesolo/containerd/cni/plugins\",\"confDir\":\"/etc/cni/net.d\",\"maxConfNum\":1,\"setupSerially\":false,\"confTemplate\":\"\",\"ipPref\":\"\",\"useInternalLoopback\":false},\"enableSelinux\":false,\"selinuxCategoryRange\":1024,\"maxContainerLogSize\":16384,\"disableApparmor\":false,\"restrictOOMScoreAdj\":false,\"disableProcMount\":false,\"unsetSeccompProfile\":\"\",\"tolerateMissingHugetlbController\":true,\"disableHugetlbController\":true,\"device_ownership_from_security_context\":false,\"ignoreImageDefinedVolumes\":false,\"netnsMountsUnderStateDir\":false,\"enableUnprivilegedPorts\":true,\"enableUnprivilegedICMP\":true,\"enableCDI\":true,\"cdiSpecDirs\":[\"/etc/cdi\",\"/var/run/cdi\"],\"drainExecSyncIOTimeout\":\"0s\",\"ignoreDeprecationWarnings\":[],\"containerdRootDir\":\"/var/lib/kubesolo/containerd/root\",\"containerdEndpoint\":\"/var/lib/kubesolo/containerd/containerd.sock\",\"rootDir\":\"/var/lib/kubesolo/containerd/root/io.containerd.grpc.v1.cri\",\"stateDir\":\"/var/lib/kubesolo/containerd/state/io.containerd.grpc.v1.cri\"}"
INFO[2025-11-25T09:09:40.144417750Z] loading plugin                                id=io.containerd.podsandbox.controller.v1.podsandbox type=io.containerd.podsandbox.controller.v1
INFO[2025-11-25T09:09:40.484988160Z] loading plugin                                id=io.containerd.sandbox.controller.v1.shim type=io.containerd.sandbox.controller.v1
INFO[2025-11-25T09:09:40.485940832Z] loading plugin                                id=io.containerd.grpc.v1.sandbox-controllers type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486118611Z] loading plugin                                id=io.containerd.grpc.v1.sandboxes type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486224691Z] loading plugin                                id=io.containerd.grpc.v1.snapshots type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486310598Z] loading plugin                                id=io.containerd.grpc.v1.tasks type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486406479Z] loading plugin                                id=io.containerd.grpc.v1.version type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486487047Z] loading plugin                                id=io.containerd.grpc.v1.healthcheck type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486572989Z] loading plugin                                id=io.containerd.grpc.v1.cri type=io.containerd.grpc.v1
INFO[2025-11-25T09:09:40.486827940Z] Connect containerd service
INFO[2025-11-25T09:09:40.487112799Z] NRI service not found, NRI support disabled
INFO[2025-11-25T09:09:40.500474424Z] Start subscribing containerd event
INFO[2025-11-25T09:09:40.500870902Z] Start recovering state
INFO[2025-11-25T09:09:40.501793842Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock.ttrpc
INFO[2025-11-25T09:09:40.502310414Z] serving...                                    address=/var/lib/kubesolo/containerd/containerd.sock
WARN[2025-11-25T09:09:40.506797534Z] The image docker.io/rancher/local-path-provisioner:v0.0.31 is not unpacked.
WARN[2025-11-25T09:09:40.508277482Z] The image sha256:481b7150644c6a176234d7f3d8fbbb9f612dbb223d1cd8aec8b00809037949a5 is not unpacked.
WARN[2025-11-25T09:09:40.508362489Z] The image docker.io/coredns/coredns:1.12.2 is not unpacked.
WARN[2025-11-25T09:09:40.510221417Z] The image docker.io/portainer/agent:2.32.0 is not unpacked.
WARN[2025-11-25T09:09:40.510448391Z] The image docker.io/portainer/pause:latest is not unpacked.
WARN[2025-11-25T09:09:40.511475486Z] The image sha256:0486683f64fa831dcc18ffb5ebb61f24ea2fdf3c36d41ddc3c763fa9f4454ae4 is not unpacked.
WARN[2025-11-25T09:09:40.511864245Z] The image sha256:a1583bd72bdd7265607f24ba619b4c96dda96e67d6f2feeadd644aad2b1cc239 is not unpacked.
WARN[2025-11-25T09:09:40.512686859Z] The image sha256:b41714cf6249634852799cf17377f98e07dace3e242c68d0f62797e452bbd032 is not unpacked.
INFO[2025-11-25T09:09:40.537382721Z] Start event monitor
INFO[2025-11-25T09:09:40.537562494Z] Start cni network conf syncer for default
INFO[2025-11-25T09:09:40.537689773Z] Start streaming server
INFO[2025-11-25T09:09:40.537813901Z] containerd successfully booted in 0.809006s
INFO[2025-11-25T09:09:44.814014810Z] ImageUpdate event name:"docker.io/coredns/coredns:1.12.2" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T09:09:44.958885134Z] ImageUpdate event name:"docker.io/portainer/pause:latest" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T09:09:48.896067479Z] ImageUpdate event name:"docker.io/rancher/local-path-provisioner:v0.0.31" labels:{key:"io.cri-containerd.image" value:"managed"}
INFO[2025-11-25T09:09:55.325814852Z] ImageUpdate event name:"docker.io/portainer/agent:2.32.0" labels:{key:"io.cri-containerd.image" value:"managed"}

2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > containerd is ready... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting kine... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:21 > starting kine process (sqlite storage)... | component=kine database=/var/lib/kubesolo/kine/db

INFO[2025-11-25T09:09:55.371760578Z] Configuring sqlite3 database connection pooling: maxIdleConns=3, maxOpenConns=5, connMaxLifetime=1m0s
INFO[2025-11-25T09:09:55.372026111Z] Configuring database table schema and indexes, this may take a moment...
INFO[2025-11-25T09:09:55.372890918Z] Database tables and indexes are up to date
INFO[2025-11-25T09:09:55.379958645Z] Kine available at http://127.0.0.1:2379

2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kine/executor.go:41 > kine server started successfully... | component=kine
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > kine is ready... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting apiserver... | component=kubesolo
2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:24 > starting API server... | component=apiserver

I1125 09:09:55.387067     648 plugins.go:83] "Registered admission plugin" plugin="KubeSoloNodeSetter"
I1125 09:09:55.387561     648 plugins.go:83] "Registered admission plugin" plugin="NamespaceLifecycle"
I1125 09:09:55.387691     648 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionWebhook"
I1125 09:09:55.387737     648 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionWebhook"
I1125 09:09:55.387775     648 plugins.go:83] "Registered admission plugin" plugin="ValidatingAdmissionPolicy"
I1125 09:09:55.387811     648 plugins.go:83] "Registered admission plugin" plugin="MutatingAdmissionPolicy"
I1125 09:09:55.387849     648 plugins.go:83] "Registered admission plugin" plugin="AlwaysAdmit"
I1125 09:09:55.387885     648 plugins.go:83] "Registered admission plugin" plugin="AlwaysPullImages"
I1125 09:09:55.387925     648 plugins.go:83] "Registered admission plugin" plugin="LimitPodHardAntiAffinityTopology"
I1125 09:09:55.387962     648 plugins.go:83] "Registered admission plugin" plugin="DefaultTolerationSeconds"
I1125 09:09:55.388008     648 plugins.go:83] "Registered admission plugin" plugin="DefaultIngressClass"
I1125 09:09:55.388044     648 plugins.go:83] "Registered admission plugin" plugin="DenyServiceExternalIPs"
I1125 09:09:55.388079     648 plugins.go:83] "Registered admission plugin" plugin="AlwaysDeny"
I1125 09:09:55.388115     648 plugins.go:83] "Registered admission plugin" plugin="EventRateLimit"
I1125 09:09:55.388154     648 plugins.go:83] "Registered admission plugin" plugin="ExtendedResourceToleration"
I1125 09:09:55.388193     648 plugins.go:83] "Registered admission plugin" plugin="OwnerReferencesPermissionEnforcement"
I1125 09:09:55.388243     648 plugins.go:83] "Registered admission plugin" plugin="ImagePolicyWebhook"
I1125 09:09:55.388278     648 plugins.go:83] "Registered admission plugin" plugin="LimitRanger"
I1125 09:09:55.388314     648 plugins.go:83] "Registered admission plugin" plugin="NamespaceAutoProvision"
I1125 09:09:55.388348     648 plugins.go:83] "Registered admission plugin" plugin="NamespaceExists"
I1125 09:09:55.388383     648 plugins.go:83] "Registered admission plugin" plugin="NodeRestriction"
I1125 09:09:55.388419     648 plugins.go:83] "Registered admission plugin" plugin="TaintNodesByCondition"
I1125 09:09:55.388460     648 plugins.go:83] "Registered admission plugin" plugin="PodNodeSelector"
I1125 09:09:55.388497     648 plugins.go:83] "Registered admission plugin" plugin="PodTolerationRestriction"
I1125 09:09:55.388532     648 plugins.go:83] "Registered admission plugin" plugin="RuntimeClass"
I1125 09:09:55.388567     648 plugins.go:83] "Registered admission plugin" plugin="ResourceQuota"
I1125 09:09:55.388605     648 plugins.go:83] "Registered admission plugin" plugin="PodSecurity"
I1125 09:09:55.388641     648 plugins.go:83] "Registered admission plugin" plugin="Priority"
I1125 09:09:55.722152     648 plugins.go:83] "Registered admission plugin" plugin="ServiceAccount"
I1125 09:09:55.722209     648 plugins.go:83] "Registered admission plugin" plugin="DefaultStorageClass"
I1125 09:09:55.722274     648 plugins.go:83] "Registered admission plugin" plugin="PersistentVolumeClaimResize"
I1125 09:09:55.722409     648 plugins.go:83] "Registered admission plugin" plugin="StorageObjectInUseProtection"
I1125 09:09:55.722449     648 plugins.go:83] "Registered admission plugin" plugin="CertificateApproval"
I1125 09:09:55.722486     648 plugins.go:83] "Registered admission plugin" plugin="CertificateSigning"
I1125 09:09:55.722523     648 plugins.go:83] "Registered admission plugin" plugin="ClusterTrustBundleAttest"
I1125 09:09:55.722560     648 plugins.go:83] "Registered admission plugin" plugin="CertificateSubjectRestriction"
I1125 09:09:55.722594     648 plugins.go:83] "Registered admission plugin" plugin="PodTopologyLabels"

2025/11/25 09:09AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/webhook/executor.go:43 > starting webhook server on :10443 | component=webhook
2025/11/25 09:10AM WRN ../home/runner/work/kubesolo/kubesolo/internal/runtime/network/health.go:19 > component health check failed: Get "https://127.0.0.1:6443/healthz": dial tcp 127.0.0.1:6443: connect: connection refused | component=apiserver

I1125 09:10:00.746239     648 registry.go:355] setting kube:feature gate emulation version to 1.33
I1125 09:10:00.751153     648 options.go:249] external host was not specified, using 192.168.200.1
I1125 09:10:00.775870     648 server.go:155] Version: v1.33.2+kubesolo-5855d6c
I1125 09:10:00.776147     648 server.go:157] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I1125 09:10:06.066494     648 shared_informer.go:350] "Waiting for caches to sync" controller="node_authorizer"
I1125 09:10:06.168159     648 plugins.go:157] Loaded 6 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,ServiceAccount,NodeRestriction,DefaultStorageClass,PodTopologyLabels,MutatingAdmissionWebhook.
I1125 09:10:06.168329     648 plugins.go:160] Loaded 2 validating admission controller(s) successfully in the following order: ServiceAccount,ValidatingAdmissionWebhook.
I1125 09:10:06.170426     648 instance.go:233] Using reconciler: lease
I1125 09:10:06.220907     648 handler.go:288] Adding GroupVersion apiextensions.k8s.io v1 to ResourceManager
W1125 09:10:06.221069     648 genericapiserver.go:778] Skipping API apiextensions.k8s.io/v1beta1 because it has no resources.
E1125 09:10:06.239438     648 server.go:126] Could not construct pre-rendered responses for ServiceAccountIssuerDiscovery endpoints. Endpoints will not be enabled. Error: issuer URL must use https scheme, got: kubernetes.default.svc
I1125 09:10:06.261403     648 storage_core.go:375] kube-apiserver started with IP allocator and dual write enabled but bitmap allocator does not exist, recreating it ...
I1125 09:10:06.291115     648 cidrallocator.go:197] starting ServiceCIDR Allocator Controller
I1125 09:10:06.567187     648 handler.go:288] Adding GroupVersion  v1 to ResourceManager
I1125 09:10:06.568869     648 apis.go:112] API group "internal.apiserver.k8s.io" is not enabled, skipping.
I1125 09:10:06.749788     648 apis.go:112] API group "storagemigration.k8s.io" is not enabled, skipping.
I1125 09:10:06.856603     648 apis.go:112] API group "resource.k8s.io" is not enabled, skipping.
I1125 09:10:06.920662     648 handler.go:288] Adding GroupVersion authentication.k8s.io v1 to ResourceManager
W1125 09:10:06.920804     648 genericapiserver.go:778] Skipping API authentication.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.920856     648 genericapiserver.go:778] Skipping API authentication.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:06.923725     648 handler.go:288] Adding GroupVersion authorization.k8s.io v1 to ResourceManager
W1125 09:10:06.923817     648 genericapiserver.go:778] Skipping API authorization.k8s.io/v1beta1 because it has no resources.
I1125 09:10:06.929538     648 handler.go:288] Adding GroupVersion autoscaling v2 to ResourceManager
I1125 09:10:06.934303     648 handler.go:288] Adding GroupVersion autoscaling v1 to ResourceManager
W1125 09:10:06.934410     648 genericapiserver.go:778] Skipping API autoscaling/v2beta1 because it has no resources.
W1125 09:10:06.934453     648 genericapiserver.go:778] Skipping API autoscaling/v2beta2 because it has no resources.
I1125 09:10:06.942765     648 handler.go:288] Adding GroupVersion batch v1 to ResourceManager
W1125 09:10:06.942883     648 genericapiserver.go:778] Skipping API batch/v1beta1 because it has no resources.
I1125 09:10:06.948245     648 handler.go:288] Adding GroupVersion certificates.k8s.io v1 to ResourceManager
W1125 09:10:06.948349     648 genericapiserver.go:778] Skipping API certificates.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.948391     648 genericapiserver.go:778] Skipping API certificates.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:06.952144     648 handler.go:288] Adding GroupVersion coordination.k8s.io v1 to ResourceManager
W1125 09:10:06.952238     648 genericapiserver.go:778] Skipping API coordination.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.952281     648 genericapiserver.go:778] Skipping API coordination.k8s.io/v1alpha2 because it has no resources.
I1125 09:10:06.955942     648 handler.go:288] Adding GroupVersion discovery.k8s.io v1 to ResourceManager
W1125 09:10:06.956043     648 genericapiserver.go:778] Skipping API discovery.k8s.io/v1beta1 because it has no resources.
I1125 09:10:06.970973     648 handler.go:288] Adding GroupVersion networking.k8s.io v1 to ResourceManager
W1125 09:10:06.971093     648 genericapiserver.go:778] Skipping API networking.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.971137     648 genericapiserver.go:778] Skipping API networking.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:06.974084     648 handler.go:288] Adding GroupVersion node.k8s.io v1 to ResourceManager
W1125 09:10:06.974178     648 genericapiserver.go:778] Skipping API node.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.974219     648 genericapiserver.go:778] Skipping API node.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:06.978830     648 handler.go:288] Adding GroupVersion policy v1 to ResourceManager
W1125 09:10:06.978987     648 genericapiserver.go:778] Skipping API policy/v1beta1 because it has no resources.
I1125 09:10:06.989491     648 handler.go:288] Adding GroupVersion rbac.authorization.k8s.io v1 to ResourceManager
W1125 09:10:06.989603     648 genericapiserver.go:778] Skipping API rbac.authorization.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.989651     648 genericapiserver.go:778] Skipping API rbac.authorization.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:06.992790     648 handler.go:288] Adding GroupVersion scheduling.k8s.io v1 to ResourceManager
W1125 09:10:06.992890     648 genericapiserver.go:778] Skipping API scheduling.k8s.io/v1beta1 because it has no resources.
W1125 09:10:06.992931     648 genericapiserver.go:778] Skipping API scheduling.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:07.007102     648 handler.go:288] Adding GroupVersion storage.k8s.io v1 to ResourceManager
W1125 09:10:07.007234     648 genericapiserver.go:778] Skipping API storage.k8s.io/v1beta1 because it has no resources.
W1125 09:10:07.007278     648 genericapiserver.go:778] Skipping API storage.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:07.015057     648 handler.go:288] Adding GroupVersion flowcontrol.apiserver.k8s.io v1 to ResourceManager
W1125 09:10:07.015172     648 genericapiserver.go:778] Skipping API flowcontrol.apiserver.k8s.io/v1beta3 because it has no resources.
W1125 09:10:07.015220     648 genericapiserver.go:778] Skipping API flowcontrol.apiserver.k8s.io/v1beta2 because it has no resources.
W1125 09:10:07.015289     648 genericapiserver.go:778] Skipping API flowcontrol.apiserver.k8s.io/v1beta1 because it has no resources.
I1125 09:10:07.045712     648 handler.go:288] Adding GroupVersion apps v1 to ResourceManager
W1125 09:10:07.045833     648 genericapiserver.go:778] Skipping API apps/v1beta2 because it has no resources.
W1125 09:10:07.045879     648 genericapiserver.go:778] Skipping API apps/v1beta1 because it has no resources.
I1125 09:10:07.059866     648 handler.go:288] Adding GroupVersion admissionregistration.k8s.io v1 to ResourceManager
W1125 09:10:07.059981     648 genericapiserver.go:778] Skipping API admissionregistration.k8s.io/v1beta1 because it has no resources.
W1125 09:10:07.060026     648 genericapiserver.go:778] Skipping API admissionregistration.k8s.io/v1alpha1 because it has no resources.
I1125 09:10:07.063884     648 handler.go:288] Adding GroupVersion events.k8s.io v1 to ResourceManager
W1125 09:10:07.063984     648 genericapiserver.go:778] Skipping API events.k8s.io/v1beta1 because it has no resources.
I1125 09:10:07.084983     648 handler.go:288] Adding GroupVersion apiregistration.k8s.io v1 to ResourceManager
W1125 09:10:07.085098     648 genericapiserver.go:778] Skipping API apiregistration.k8s.io/v1beta1 because it has no resources.
I1125 09:10:09.952012     648 dynamic_cafile_content.go:161] "Starting controller" name="request-header::/var/lib/kubesolo/pki/request-header/request-header-ca.crt"
I1125 09:10:09.952073     648 dynamic_cafile_content.go:161] "Starting controller" name="client-ca-bundle::/var/lib/kubesolo/pki/ca/ca.crt"
I1125 09:10:09.953690     648 dynamic_serving_content.go:135] "Starting controller" name="serving-cert::/var/lib/kubesolo/pki/apiserver/apiserver.crt::/var/lib/kubesolo/pki/apiserver/apiserver.key"
I1125 09:10:09.957396     648 tlsconfig.go:243] "Starting DynamicServingCertificateController"
I1125 09:10:09.957389     648 secure_serving.go:211] Serving securely on [::]:6443
I1125 09:10:09.958423     648 dynamic_serving_content.go:135] "Starting controller" name="aggregator-proxy-cert::/var/lib/kubesolo/pki/request-header/request-header-client.crt::/var/lib/kubesolo/pki/request-header/request-header-client.key"
I1125 09:10:09.958602     648 controller.go:119] Starting legacy_token_tracking_controller
I1125 09:10:09.958671     648 shared_informer.go:350] "Waiting for caches to sync" controller="configmaps"
I1125 09:10:09.958909     648 local_available_controller.go:156] Starting LocalAvailability controller
I1125 09:10:09.958964     648 cache.go:32] Waiting for caches to sync for LocalAvailability controller
I1125 09:10:09.963063     648 gc_controller.go:78] Starting apiserver lease garbage collector
I1125 09:10:09.963849     648 default_servicecidr_controller.go:110] Starting kubernetes-service-cidr-controller
I1125 09:10:09.964013     648 shared_informer.go:350] "Waiting for caches to sync" controller="kubernetes-service-cidr-controller"
I1125 09:10:09.964050     648 customresource_discovery_controller.go:294] Starting DiscoveryController
I1125 09:10:09.966123     648 apiservice_controller.go:100] Starting APIServiceRegistrationController
I1125 09:10:09.966208     648 cache.go:32] Waiting for caches to sync for APIServiceRegistrationController controller
I1125 09:10:09.966346     648 aggregator.go:169] waiting for initial CRD sync...
I1125 09:10:09.966407     648 controller.go:78] Starting OpenAPI AggregationController
I1125 09:10:09.968678     648 controller.go:142] Starting OpenAPI controller
I1125 09:10:09.968909     648 controller.go:90] Starting OpenAPI V3 controller
I1125 09:10:09.969033     648 naming_controller.go:299] Starting NamingConditionController
I1125 09:10:09.969190     648 establishing_controller.go:81] Starting EstablishingController
I1125 09:10:09.969360     648 nonstructuralschema_controller.go:195] Starting NonStructuralSchemaConditionController
I1125 09:10:09.969506     648 apiapproval_controller.go:189] Starting KubernetesAPIApprovalPolicyConformantConditionController
I1125 09:10:09.969600     648 crd_finalizer.go:269] Starting CRDFinalizer
I1125 09:10:09.969897     648 crdregistration_controller.go:114] Starting crd-autoregister controller
I1125 09:10:09.969958     648 shared_informer.go:350] "Waiting for caches to sync" controller="crd-autoregister"
I1125 09:10:09.976547     648 system_namespaces_controller.go:66] Starting system namespaces controller
I1125 09:10:09.976805     648 apf_controller.go:377] Starting API Priority and Fairness config controller
I1125 09:10:09.977644     648 cluster_authentication_trust_controller.go:459] Starting cluster_authentication_trust_controller controller
I1125 09:10:09.977727     648 shared_informer.go:350] "Waiting for caches to sync" controller="cluster_authentication_trust_controller"
I1125 09:10:09.977855     648 remote_available_controller.go:411] Starting RemoteAvailability controller
I1125 09:10:09.977909     648 cache.go:32] Waiting for caches to sync for RemoteAvailability controller
I1125 09:10:09.978032     648 controller.go:80] Starting OpenAPI V3 AggregationController
I1125 09:10:09.978233     648 repairip.go:200] Starting ipallocator-repair-controller
I1125 09:10:09.978281     648 shared_informer.go:350] "Waiting for caches to sync" controller="ipallocator-repair-controller"
I1125 09:10:09.990738     648 dynamic_cafile_content.go:161] "Starting controller" name="client-ca-bundle::/var/lib/kubesolo/pki/ca/ca.crt"
I1125 09:10:09.991304     648 dynamic_cafile_content.go:161] "Starting controller" name="request-header::/var/lib/kubesolo/pki/request-header/request-header-ca.crt"

2025/11/25 09:10AM WRN ../home/runner/work/kubesolo/kubesolo/internal/runtime/network/health.go:35 > component health check failed: status=403, body={"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/healthz\"","reason":"Forbidden","details":{},"code":403} | component=apiserver

I1125 09:10:10.158930     648 shared_informer.go:357] "Caches are synced" controller="configmaps"
I1125 09:10:10.165124     648 shared_informer.go:357] "Caches are synced" controller="kubernetes-service-cidr-controller"
I1125 09:10:10.165298     648 default_servicecidr_controller.go:165] Creating default ServiceCIDR with CIDRs: [10.43.0.0/16]
I1125 09:10:10.166380     648 cache.go:39] Caches are synced for APIServiceRegistrationController controller
I1125 09:10:10.168021     648 handler_discovery.go:451] Starting ResourceDiscoveryManager
I1125 09:10:10.170273     648 shared_informer.go:357] "Caches are synced" controller="crd-autoregister"
I1125 09:10:10.171471     648 aggregator.go:171] initial CRD sync complete...
I1125 09:10:10.171554     648 autoregister_controller.go:144] Starting autoregister controller
I1125 09:10:10.171705     648 cache.go:32] Waiting for caches to sync for autoregister controller
I1125 09:10:10.171754     648 cache.go:39] Caches are synced for autoregister controller
I1125 09:10:10.186456     648 cache.go:39] Caches are synced for LocalAvailability controller
I1125 09:10:10.268004     648 shared_informer.go:357] "Caches are synced" controller="node_authorizer"
I1125 09:10:10.319489     648 cidrallocator.go:301] created ClusterIP allocator for Service CIDR 10.43.0.0/16
I1125 09:10:10.321211     648 default_servicecidr_controller.go:214] Setting default ServiceCIDR condition Ready to True
E1125 09:10:10.332772     648 controller.go:95] "Unable to perform initial Kubernetes service initialization" err="namespaces \"default\" not found"
E1125 09:10:10.333783     648 controller.go:145] "Failed to ensure lease exists, will retry" err="namespaces \"kube-system\" not found" interval="200ms"
E1125 09:10:10.336239     648 controller.go:148] "Unhandled Error" err="while syncing ConfigMap \"kube-system/kube-apiserver-legacy-service-account-token-tracking\", err: namespaces \"kube-system\" not found" logger="UnhandledError"
I1125 09:10:10.370909     648 apf_controller.go:382] Running API Priority and Fairness config worker
I1125 09:10:10.371027     648 apf_controller.go:385] Running API Priority and Fairness periodic rebalancing process
I1125 09:10:10.371804     648 shared_informer.go:357] "Caches are synced" controller="cluster_authentication_trust_controller"
I1125 09:10:10.372026     648 cache.go:39] Caches are synced for RemoteAvailability controller
I1125 09:10:10.372344     648 shared_informer.go:357] "Caches are synced" controller="ipallocator-repair-controller"
I1125 09:10:10.391378     648 cidrallocator.go:277] updated ClusterIP allocator for Service CIDR 10.43.0.0/16
I1125 09:10:10.414191     648 default_servicecidr_controller.go:136] Shutting down kubernetes-service-cidr-controller
I1125 09:10:10.993821     648 storage_scheduling.go:95] created PriorityClass system-node-critical with value 2000001000
I1125 09:10:11.014761     648 storage_scheduling.go:95] created PriorityClass system-cluster-critical with value 2000000000
I1125 09:10:11.014878     648 storage_scheduling.go:111] all system priority classes are created successfully or already exist.
I1125 09:10:14.201855     648 alloc.go:328] "allocated clusterIPs" service="default/kubernetes" clusterIPs={"IPv4":"10.43.0.1"}
W1125 09:10:14.227581     648 lease.go:265] Resetting endpoints for master service "kubernetes" to [192.168.200.1]

2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/kubeconfig.go:41 > kubeconfig file created at /var/lib/kubesolo/pki/admin/admin.kubeconfig | component=apiserver
2025/11/25 09:10AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/rbac.go:48 > authentication test failed: Get "https://192.168.200.1:6443/api/v1/namespaces": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1 | component=apiserver configPath=/var/lib/kubesolo/pki/admin/admin.kubeconfig
2025/11/25 09:10AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:87 > failed to apply the RBAC configuration: authentication test failed: Get "https://192.168.200.1:6443/api/v1/namespaces": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1... | component=apiserver
2025/11/25 09:10AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:91 > failed to register the kubesolo webhook: failed to get existing webhook configuration: Get "https://192.168.200.1:6443/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/webhook.kubesolo.io": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1... | component=apiserver
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/apiserver/executor.go:60 > API server ready... | component=apiserver
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > apiserver is ready... | component=kubesolo
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting controller... | component=kubesolo
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/controller/executor.go:23 > starting controller manager... | component=controller
2025/11/25 09:10AM WRN ../home/runner/work/kubesolo/kubesolo/internal/runtime/network/health.go:19 > component health check failed: Get "https://127.0.0.1:10257/healthz": dial tcp 127.0.0.1:10257: connect: connection refused | component=controller-manager

I1125 09:10:25.791840     648 controllermanager.go:188] "Starting" version="v1.33.2+kubesolo-5855d6c"
I1125 09:10:25.792062     648 controllermanager.go:190] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I1125 09:10:25.804383     648 dynamic_cafile_content.go:161] "Starting controller" name="request-header::/var/lib/kubesolo/pki/ca/ca.crt"
I1125 09:10:25.804416     648 configmap_cafile_content.go:205] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I1125 09:10:25.804606     648 shared_informer.go:350] "Waiting for caches to sync" controller="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I1125 09:10:25.806107     648 dynamic_serving_content.go:135] "Starting controller" name="serving-cert::/var/lib/kubesolo/pki/controller-manager/controller-manager.crt::/var/lib/kubesolo/pki/controller-manager/controller-manager.key"
I1125 09:10:25.809322     648 secure_serving.go:211] Serving securely on [::]:10257
I1125 09:10:25.809440     648 tlsconfig.go:243] "Starting DynamicServingCertificateController"
E1125 09:10:25.839721     648 reflector.go:200] "Failed to watch" err="failed to list *v1.ConfigMap: Get \"https://192.168.200.1:6443/api/v1/namespaces/kube-system/configmaps?fieldSelector=metadata.name%3Dextension-apiserver-authentication&limit=500&resourceVersion=0\": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1" logger="UnhandledError" reflector="k8s.io/client-go@v1.33.2-k3s1/tools/cache/reflector.go:285" type="*v1.ConfigMap"

2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/controller/executor.go:48 > controller manager ready... | component=controller
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:238 > controller is ready... | component=kubesolo
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:192 > starting kubelet... | component=kubesolo
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/kubelet/executor.go:25 > starting kubelet... | component=kubelet

E1125 09:10:27.040434     648 reflector.go:200] "Failed to watch" err="failed to list *v1.ConfigMap: Get \"https://192.168.200.1:6443/api/v1/namespaces/kube-system/configmaps?fieldSelector=metadata.name%3Dextension-apiserver-authentication&limit=500&resourceVersion=0\": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1" logger="UnhandledError" reflector="k8s.io/client-go@v1.33.2-k3s1/tools/cache/reflector.go:285" type="*v1.ConfigMap"
E1125 09:10:29.886808     648 reflector.go:200] "Failed to watch" err="failed to list *v1.ConfigMap: Get \"https://192.168.200.1:6443/api/v1/namespaces/kube-system/configmaps?fieldSelector=metadata.name%3Dextension-apiserver-authentication&limit=500&resourceVersion=0\": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1" logger="UnhandledError" reflector="k8s.io/client-go@v1.33.2-k3s1/tools/cache/reflector.go:285" type="*v1.ConfigMap"

I1125 09:10:30.883270     648 codec.go:100] "Using lenient decoding as strict decoding failed" err="strict decoding error: unknown field \"imagePullProgressDeadline\""
I1125 09:10:30.917013     648 server.go:526] "Kubelet version" kubeletVersion="v1.33.2+kubesolo-5855d6c"
I1125 09:10:30.917137     648 server.go:528] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I1125 09:10:30.918539     648 server.go:951] "Client rotation is on, will bootstrap in background"
I1125 09:10:30.921192     648 certificate_store.go:160] "Loading cert/key pair" certFile="/var/lib/kubesolo/pki/kubelet/kubelet.crt" keyFile="/var/lib/kubesolo/pki/kubelet/kubelet.key"
I1125 09:10:30.930622     648 dynamic_cafile_content.go:161] "Starting controller" name="client-ca-bundle::/var/lib/kubesolo/pki/ca/ca.crt"

2025/11/25 09:10AM ERR ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/kubelet/executor.go:77 > failed to apply RBAC rules: failed to update ClusterRole: Put "https://192.168.200.1:6443/apis/rbac.authorization.k8s.io/v1/clusterroles/system:node": tls: failed to verify certificate: x509: certificate is valid for 10.43.0.1, 127.0.0.1, not 192.168.200.1... | component=kubelet
2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/pkg/kubernetes/kubelet/executor.go:89 > terminating kubelet... | component=kubelet

I1125 09:10:30.943224     648 controller.go:133] Shutting down kubernetes service endpoint reconciler

2025/11/25 09:10AM INF ../home/runner/work/kubesolo/kubesolo/cmd/kubesolo/main.go:241 > shutdown requested before kubelet was ready... | component=kubesolo

[stevensbkang]

Yes, it will need an IP address so that it can be assigned to the API server! To fix the error right now, please delete the pki folder under /var/lib/kubesolo, restart the kubesolo service, and it will regenerate cert for the new IP address!

[benoitschipper]

Thanks I did that and I seem to have gotten quite far. It seems the cluster was running. However, i did get quite some errors at the end. And killed the process to be able to share the logs, see attached. I tried to look for a kubeconfig also, but was unable to find it under /var/lib/kubesolo/pki/admin/admin.kubeconfig

kubesolo_install_log.txt

Hope the logs help 💯 Let me know if I can test, check something.

I want to also check a clean setup and run kubesolo whilst connected to the network from scratch, if anything different comes out of that I will comment here.

Update

Clean setup from scratch resulted in the below logs

kubesolo_install_log_2.txt

Seems the cluster is up but it fails to do the following (and repeats itself):

E1125 12:39:51.921158     776 kuberuntime_manager.go:1252] "CreatePodSandbox for pod failed" err="rpc error: code = Unknown desc = failed to setup network for sandbox \"3c5130a8992baf58655149e404975ad4e39b22d701a4673a1ee883c0481f7f59\": plugin type=\"bridge\" failed (add): netplugin failed with no error message: fork/exec /var/lib/kubesolo/containerd/cni/plugins/bridge: permission denied" pod="kube-system/coredns-5fcc7f9b9-fzvj4"

Not sure why it gets permission errors:

root@iot2050-debian:/var/lib/kubesolo/containerd/cni/plugins# ls -l
-rwxr-xr-x 1 root root 4404044 Nov 25 12:38 bridge
-rwxr-xr-x 1 root root 3437099 Nov 25 12:38 host-local
-rwxr-xr-x 1 root root 3452632 Nov 25 12:38 loopback
-rwxr-xr-x 1 root root 3841245 Nov 25 12:38 portmap

Unfortunately cleaning the image (or starting from scratch) made no difference. Just wanted to make sure I checked that 😄