Re: Kubelet & Cadvisor
> On May 17, 2017, at 7:37 AM, David Conde wrote: > > Hi, > > I am trying to get the DataDog agent working with k8s integration. I'm > hitting an issue around cadvisor not being available. I have read that > cadvisor is available via kubelet as long as I'm using certs to access it. > > Does anyone know what the equivalent of the 2 URLs below are when trying to > access via kubelet? > > - /api/v1.3/machine/ > - /api/v1.3/subcontainers/ > In general I don't think there is anything wrong with accessing cadvisor directly, except that I believe cadvisor isn't exposed from kubelets So i think, /stats/summary in the kubelet will externalize some of the cadvisor metrics you want. The thread below describes the idea behind stats as a cadvisor wrapper https://groups.google.com/forum/m/#!topic/kubernetes-sig-node/txBjT8-WvM0 > Thanks, > Dave > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Build pod is failing to push the image to docker registry
> On Apr 7, 2017, at 11:39 PM, Rodrigo Bersa wrote: > > Hi Madhukar, > > I know it can be obvious, but, did you restarted the docker.service after > configure the no proxy exception? > > Also, you can configure this proxy exception in the > /etc/origin/master/master-config.yaml, and restart the > atomic-openshiftt-master.service. > > > Regards, > > RODRIGO BERSA > CLOUD CONSULTANT, RHCSA > Red Hat Brasil > rbe...@redhat.comM: +55 11 99557-5841 > > > TRIED. TESTED. TRUSTED. > > > > >> On Fri, Apr 7, 2017 at 11:18 PM, Madhukar Nayakbomman >> wrote: >> Hi Tero, >> >> Thanks for the reply I did try these things but unfortunately the same error >> is popping up. So as per your reply the build pod use the docker of the node >> to push the image to the registry? Is there a documentation which helps to >> understand how build container pushes the image to the docker registry that >> would be really helpful >> >> Thanks, >> Madhukar >> >>> On Thu, Apr 6, 2017 at 10:42 PM, Tero Ahonen wrote: >>> And forgot proxy “beast” ….if you are using proxy then you need to add >>> docker registry to no proxy >>> >>> .t >>> On 7 Apr 2017, at 6.59, Madhukar Nayakbomman wrote: Hello Experts, I am a new bee to openshift world. Any help/assistance in solving the below problem is really appreciated. We are creating an application using the below json file, however the build is failing with below error input json: https://github.com/openshift/origin/blob/master/examples/sample-app/application-template-stibuild.json Error: error: build error: Failed to push image: Get https://10.104.6.164:5000/v1/_ping: dial tcp 10.104.6.164:5000: getsockopt: no route to host Version details: [root@a4s8 ~]# oc version oc v3.4.1.10 kubernetes v1.4.0+776c994 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://a4s8:8443 openshift v3.4.1.10 kubernetes v1.4.0+776c994 Build logs: [root@a4s8 ~]# oc logs ruby-sample-build-5-build -f Cloning "https://github.com/openshift/ruby-hello-world.git"; ... Commit: 022d87e4160c00274b63cdad7c238b5c6a299265 (Merge pull request #58 from junaruga/feature/fix-for-ruby24) Author: Ben Parees Date: Fri Mar 3 15:29:12 2017 -0500 ---> Installing application source ... ---> Building your Ruby application from source ... ---> Running 'bundle install --deployment --without development:test' ... Fetching gem metadata from https://rubygems.org/.. Installing rake 10.3.2 Installing i18n 0.6.11 Installing json 1.8.6 Installing minitest 5.4.2 Installing thread_safe 0.3.4 Installing tzinfo 1.2.2 Installing activesupport 4.1.7 Installing builder 3.2.2 Installing activemodel 4.1.7 Installing arel 5.0.1.20140414130214 Installing activerecord 4.1.7 Installing mysql2 0.3.16 Installing rack 1.5.2 Installing rack-protection 1.5.3 Installing tilt 1.4.1 Installing sinatra 1.4.5 Installing sinatra-activerecord 2.0.3 Using bundler 1.7.8 Your bundle is complete! Gems in the groups development and test were not installed. It was installed into ./bundle ---> Cleaning up unused ruby gems ... Running post commit hook ... /opt/rh/rh-ruby22/root/usr/bin/ruby -I"lib" -I"/opt/app-root/src/bundle/ruby/gems/rake-10.3.2/lib" "/opt/app-root/src/bundle/ruby/gems/rake-10.3.2/lib/rake/rake_test_loader.rb" "test/*_test.rb" Run options: --seed 63498 # Running: . Finished in 0.000908s, 1101.1930 runs/s, 1101.1930 assertions/s. 1 runs, 1 assertions, 0 failures, 0 errors, 0 skips Pushing image 10.104.6.164:5000/default/origin-ruby-sample:latest ... error: build error: Failed to push image: Get https://10.104.6.164:5000/v1/_ping: dial tcp 10.104.6.164:5000: getsockopt: no route to host Thanks, Madhukar ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: OpenShift node hardening - are these IP table rules ok?
Without loss of generality it's easy to find out wether or not you've broken networking in openshift, since ships with a lot of tests for networking, and DNS (extended.test). KUBECONFIG=/etc/origin/master/admin.kubeconfig /usr/libexec/atomic-openshift/extended.test --ginkgo.v=True --ginkgo.focus="DNS" (use "Networking" tags as well and make sure those pass). So... - Run the tests above with the argument --ginkgo.focus=DNS , - apply the rules, - re run them again and you will quickly detect a regression if you've broken anything . > On Apr 5, 2017, at 4:43 AM, Anton wrote: > > Hello > > I would like to harden my OpenShift node. > > I'm not at all versed in iptable rules, and would like hear if these rules - > https://javapipe.com/iptables-ddos-protection - are ok to apply, or not. > > Thanks for your help. > > b > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Is it possible to use Helm package system with OpenShift?
I believe there are some folks using helm on openshift in the fabric8 group; but I would guess some things that we specifically care at in openshift (like the auth, routes) still would require special treatment ... > On Mar 23, 2017, at 5:33 AM, Stéphane Klein > wrote: > > Hi, > > is it possible to use Helm (https://github.com/kubernetes/helm) package > system with OpenShift? > Maybe not default Kubernetes Helm Charts but some OpenShift Charts? > > Best regards, > Stéphane > -- > Stéphane Klein > blog: http://stephane-klein.info > cv : http://cv.stephane-klein.info > Twitter: http://twitter.com/klein_stephane > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: One command to check if all etcd serverd are up and if all masters are connected to this etcd nodes?
etcdhealth probably is sufficient but in any case
I was recently wondering myself what etcdhealth measured + does it
gaurantee the nodes are consistent, synced, no split brain?
We used to do something like this:
curl -L -X PUT http://node1:2379/v2/keys/message -d value="ABCD"
&& curl -L http://node2:2379/v2/keys/message | grep -q ABCD
&& curl -L http://node3:2379/v2/keys/message | grep -q ABCD
To guarantee that writes were working + consistent across the cluster.
jay vyas
On Fri, Jan 13, 2017 at 8:04 AM, Aleksandar Lazic
wrote:
> Hi.
>
> In case the peer* stuff doesn't work I have used this command.
> Just as plan B.
>
> ###
> /usr/bin/etcdctl --peers \
> $( awk -F= '/ETCD_LISTEN_CLIENT_URLS=/ {print $2}' < /etc/etcd/etcd.conf
> ) \
> --debug \
> --ca-file /etc/origin/master/master.etcd-ca.crt \
> --key-file /etc/origin/master/master.etcd-client.key \
> --cert-file /etc/origin/master/master.etcd-client.crt \
> cluster-health
> ###
>
> BR Aleks
>
>
>
> On Fri, 13 Jan 2017 12:57:24 +0100 *Diego Castro
> >* wrote
>
> You can check cluster health with etcdctl command, just run the following
> command on one of yours etcd servers:
>
> $ cd /etc/etcd/
>
> $ etcdctl --cert-file peer.crt --key-file peer.key --ca-file ca.crt -C
> https://:2379 cluster-health
>
>
> ---
> Diego Castro / The CloudFather
> GetupCloud.com - Eliminamos a Gravidade
>
> 2017-01-13 7:24 GMT-03:00 Stéphane Klein :
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
> Hi,
>
> I'm wondering if there are a command to check etcd servers status?
> Check if all etcd nodes are up.
>
> ```
> etcdClientInfo:
> ca: master.etcd-ca.crt
> certFile: master.etcd-client.crt
> keyFile: master.etcd-client.key
> urls:
> - https://etcd-1.priv.example.com:2379
> - https://etcd-2.priv.example.com:2379
> - https://etcd-3.priv.example.com:2379
> ```
>
> Check if this configuration is valid on all OpenShift masters.
>
> Something like `oc get nodes`.
>
> I try `oc status` but I haven't information about etcd configure.
>
> Best regards,
> Stéphane
> --
> Stéphane Klein
> blog: http://stephane-klein.info
> cv : http://cv.stephane-klein.info
> Twitter: http://twitter.com/klein_stephane
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
> ---
> Mit freundlichen Grüßen
> Aleksandar Lazic - ME2Digital e. U.
> https://me2digital.online/
> UID-Nr.: ATU71765716
> IBAN: AT27 1420 0200 1096 9086
> Firmenbuch: 462678 i
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
