Re: Kubelet & Cadvisor
> On May 17, 2017, at 7:37 AM, David Conde wrote: > > Hi, > > I am trying to get the DataDog agent working with k8s integration. I'm > hitting an issue around cadvisor not being available. I have read that > cadvisor is available via kubelet as long as I'm using certs to access it. > > Does anyone know what the equivalent of the 2 URLs below are when trying to > access via kubelet? > > - /api/v1.3/machine/ > - /api/v1.3/subcontainers/ > In general I don't think there is anything wrong with accessing cadvisor directly, except that I believe cadvisor isn't exposed from kubelets So i think, /stats/summary in the kubelet will externalize some of the cadvisor metrics you want. The thread below describes the idea behind stats as a cadvisor wrapper https://groups.google.com/forum/m/#!topic/kubernetes-sig-node/txBjT8-WvM0 > Thanks, > Dave > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Build pod is failing to push the image to docker registry
> On Apr 7, 2017, at 11:39 PM, Rodrigo Bersa wrote: > > Hi Madhukar, > > I know it can be obvious, but, did you restarted the docker.service after > configure the no proxy exception? > > Also, you can configure this proxy exception in the > /etc/origin/master/master-config.yaml, and restart the > atomic-openshiftt-master.service. > > > Regards, > > RODRIGO BERSA > CLOUD CONSULTANT, RHCSA > Red Hat Brasil > rbe...@redhat.comM: +55 11 99557-5841 > > > TRIED. TESTED. TRUSTED. > > > > >> On Fri, Apr 7, 2017 at 11:18 PM, Madhukar Nayakbomman >> wrote: >> Hi Tero, >> >> Thanks for the reply I did try these things but unfortunately the same error >> is popping up. So as per your reply the build pod use the docker of the node >> to push the image to the registry? Is there a documentation which helps to >> understand how build container pushes the image to the docker registry that >> would be really helpful >> >> Thanks, >> Madhukar >> >>> On Thu, Apr 6, 2017 at 10:42 PM, Tero Ahonen wrote: >>> And forgot proxy “beast” ….if you are using proxy then you need to add >>> docker registry to no proxy >>> >>> .t >>> On 7 Apr 2017, at 6.59, Madhukar Nayakbomman wrote: Hello Experts, I am a new bee to openshift world. Any help/assistance in solving the below problem is really appreciated. We are creating an application using the below json file, however the build is failing with below error input json: https://github.com/openshift/origin/blob/master/examples/sample-app/application-template-stibuild.json Error: error: build error: Failed to push image: Get https://10.104.6.164:5000/v1/_ping: dial tcp 10.104.6.164:5000: getsockopt: no route to host Version details: [root@a4s8 ~]# oc version oc v3.4.1.10 kubernetes v1.4.0+776c994 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://a4s8:8443 openshift v3.4.1.10 kubernetes v1.4.0+776c994 Build logs: [root@a4s8 ~]# oc logs ruby-sample-build-5-build -f Cloning "https://github.com/openshift/ruby-hello-world.git"; ... Commit: 022d87e4160c00274b63cdad7c238b5c6a299265 (Merge pull request #58 from junaruga/feature/fix-for-ruby24) Author: Ben Parees Date: Fri Mar 3 15:29:12 2017 -0500 ---> Installing application source ... ---> Building your Ruby application from source ... ---> Running 'bundle install --deployment --without development:test' ... Fetching gem metadata from https://rubygems.org/.. Installing rake 10.3.2 Installing i18n 0.6.11 Installing json 1.8.6 Installing minitest 5.4.2 Installing thread_safe 0.3.4 Installing tzinfo 1.2.2 Installing activesupport 4.1.7 Installing builder 3.2.2 Installing activemodel 4.1.7 Installing arel 5.0.1.20140414130214 Installing activerecord 4.1.7 Installing mysql2 0.3.16 Installing rack 1.5.2 Installing rack-protection 1.5.3 Installing tilt 1.4.1 Installing sinatra 1.4.5 Installing sinatra-activerecord 2.0.3 Using bundler 1.7.8 Your bundle is complete! Gems in the groups development and test were not installed. It was installed into ./bundle ---> Cleaning up unused ruby gems ... Running post commit hook ... /opt/rh/rh-ruby22/root/usr/bin/ruby -I"lib" -I"/opt/app-root/src/bundle/ruby/gems/rake-10.3.2/lib" "/opt/app-root/src/bundle/ruby/gems/rake-10.3.2/lib/rake/rake_test_loader.rb" "test/*_test.rb" Run options: --seed 63498 # Running: . Finished in 0.000908s, 1101.1930 runs/s, 1101.1930 assertions/s. 1 runs, 1 assertions, 0 failures, 0 errors, 0 skips Pushing image 10.104.6.164:5000/default/origin-ruby-sample:latest ... error: build error: Failed to push image: Get https://10.104.6.164:5000/v1/_ping: dial tcp 10.104.6.164:5000: getsockopt: no route to host Thanks, Madhukar ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: OpenShift node hardening - are these IP table rules ok?
Without loss of generality it's easy to find out wether or not you've broken networking in openshift, since ships with a lot of tests for networking, and DNS (extended.test). KUBECONFIG=/etc/origin/master/admin.kubeconfig /usr/libexec/atomic-openshift/extended.test --ginkgo.v=True --ginkgo.focus="DNS" (use "Networking" tags as well and make sure those pass). So... - Run the tests above with the argument --ginkgo.focus=DNS , - apply the rules, - re run them again and you will quickly detect a regression if you've broken anything . > On Apr 5, 2017, at 4:43 AM, Anton wrote: > > Hello > > I would like to harden my OpenShift node. > > I'm not at all versed in iptable rules, and would like hear if these rules - > https://javapipe.com/iptables-ddos-protection - are ok to apply, or not. > > Thanks for your help. > > b > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Is it possible to use Helm package system with OpenShift?
I believe there are some folks using helm on openshift in the fabric8 group; but I would guess some things that we specifically care at in openshift (like the auth, routes) still would require special treatment ... > On Mar 23, 2017, at 5:33 AM, Stéphane Klein > wrote: > > Hi, > > is it possible to use Helm (https://github.com/kubernetes/helm) package > system with OpenShift? > Maybe not default Kubernetes Helm Charts but some OpenShift Charts? > > Best regards, > Stéphane > -- > Stéphane Klein > blog: http://stephane-klein.info > cv : http://cv.stephane-klein.info > Twitter: http://twitter.com/klein_stephane > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: One command to check if all etcd serverd are up and if all masters are connected to this etcd nodes?
etcdhealth probably is sufficient but in any case I was recently wondering myself what etcdhealth measured + does it gaurantee the nodes are consistent, synced, no split brain? We used to do something like this: curl -L -X PUT http://node1:2379/v2/keys/message -d value="ABCD" && curl -L http://node2:2379/v2/keys/message | grep -q ABCD && curl -L http://node3:2379/v2/keys/message | grep -q ABCD To guarantee that writes were working + consistent across the cluster. jay vyas On Fri, Jan 13, 2017 at 8:04 AM, Aleksandar Lazic wrote: > Hi. > > In case the peer* stuff doesn't work I have used this command. > Just as plan B. > > ### > /usr/bin/etcdctl --peers \ > $( awk -F= '/ETCD_LISTEN_CLIENT_URLS=/ {print $2}' < /etc/etcd/etcd.conf > ) \ > --debug \ > --ca-file /etc/origin/master/master.etcd-ca.crt \ > --key-file /etc/origin/master/master.etcd-client.key \ > --cert-file /etc/origin/master/master.etcd-client.crt \ > cluster-health > ### > > BR Aleks > > > > On Fri, 13 Jan 2017 12:57:24 +0100 *Diego Castro > >* wrote > > You can check cluster health with etcdctl command, just run the following > command on one of yours etcd servers: > > $ cd /etc/etcd/ > > $ etcdctl --cert-file peer.crt --key-file peer.key --ca-file ca.crt -C > https://:2379 cluster-health > > > --- > Diego Castro / The CloudFather > GetupCloud.com - Eliminamos a Gravidade > > 2017-01-13 7:24 GMT-03:00 Stéphane Klein : > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > Hi, > > I'm wondering if there are a command to check etcd servers status? > Check if all etcd nodes are up. > > ``` > etcdClientInfo: > ca: master.etcd-ca.crt > certFile: master.etcd-client.crt > keyFile: master.etcd-client.key > urls: > - https://etcd-1.priv.example.com:2379 > - https://etcd-2.priv.example.com:2379 > - https://etcd-3.priv.example.com:2379 > ``` > > Check if this configuration is valid on all OpenShift masters. > > Something like `oc get nodes`. > > I try `oc status` but I haven't information about etcd configure. > > Best regards, > Stéphane > -- > Stéphane Klein > blog: http://stephane-klein.info > cv : http://cv.stephane-klein.info > Twitter: http://twitter.com/klein_stephane > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > --- > Mit freundlichen Grüßen > Aleksandar Lazic - ME2Digital e. U. > https://me2digital.online/ > UID-Nr.: ATU71765716 > IBAN: AT27 1420 0200 1096 9086 > Firmenbuch: 462678 i > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users