Thanks.
>
> On Thu, Oct 12, 2017 at 9:38 PM, 'Tim Hockin' via Kubernetes user discussion
> and Q <kubernetes-users@googlegroups.com> wrote:
>>
>> Currently it is not possible to express this.
>>
>> On Thu, Oct 12, 2017 at 12:21 AM, <cybage.almdev...@
In general the control plane can not access Services. Not all
installations treat the master as a node, and it's not actually required to
be.
Consider that the controller manager is responsible for telling resolving
services to endpoints - having g it depends on service cluster IPs depends
on
On Fri, Oct 13, 2017 at 3:17 AM, wrote:
> On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
>> Private Google Access is not a private subnet. That simply allows your VMs
>> to access google service without a public IP. You still have to make VMs
>>
Containers can consume as little as 0.001 CPUs on platforms like
Kubernetes. You can run hundreds of small containers on a machine.
There's no VMM overhead, no guest OS overhead, and everything you do
in a container is transparent to the host OS. Tools like `ps` and
`kill` just work.
On Tue,
thing
> instead.
Yeah "Host" might have been better. I would take PRs to add Host and
let it mean the same as "Default" and deprecate (but not remove)
"Default".
Tim
> On Oct 5, 2017 13:54, "'Tim Hockin' via Kubernetes user discussion and Q"
>
We had a proposal to avoid conntrack for DNS, but no real movement on it.
We have flags to adjust the conntrack table size.
Kernel has params to tweak timeouts, which users can tweak.
Sustained 1000 QPS DNS seems artificial.
On Thu, Oct 5, 2017 at 10:47 AM, Evan Jones
pkg/kubelet/envvars/envvars.go
Simplest change would probably be a new field, default true, saying
"publish env vars for services". we might want to special case
KUBERNETES_SERVICE_HOST and _PORT because that has deeper roots.
A short design proposal would be appropriate.
On Wed, Oct 4, 2017
AFAIK there isn't a way to disable these automatic variables. We've
discussed this for a very long time, and maybe it's finally time to
add an optional disable for this? Proposals and patches welcome.
This should be a pretty easy one, honestly.
FWIW, the variables are named `FOOBAR_SERVICE_HOST
You have to look at the kubernetes docs for the kubernetes API.
Kubernetes is not docker.
https://kubernetes.io/docs/api-reference/v1.7/#pod-v1-core
Search for `hostNetwork`.
Tim
On Mon, Oct 2, 2017 at 10:14 AM, wrote:
> Could you please elaborate. Do not
I think flannel and weave HAVE to masquerade when crossing virtual
network planes.
Non-overlay solutions don't have to, but there are different
tradeoffs. Take a look at Service.spec.externalTrafficPolicy
On Sat, Sep 30, 2017 at 6:19 PM, Blade Doyle wrote:
>
>
rmed by running
> tcpdump on the host.
> I don’t see the traffic if I ran tcpdump on the pod/container
>
> —
> Fritz
>
>
> On Sep 25, 2017, at 7:58 PM, 'Tim Hockin' via Kubernetes user discussion
> and Q <kubernetes-users@googlegroups.com> wrote:
>
> Was it
Was it a single connection? Services are generally connection oriented.
On Sep 25, 2017 7:21 PM, wrote:
> Hi All,
>
> I deleted my pod, and recreated it back while traffic continuously running
> in the background destined to the service. After the pod got recreated, I
> do
regards,
Laszlo
On 25.09.2017 16:36, 'Tim Hockin' via Kubernetes user discussion and Q
wrote:
> Of course. Ingress is a very special sort of workload, with more
> particular requirements than most. It's more infrastructure than
> application.
>
> On Sep 25, 2017 5:53 AM, "Budai Laszlo
There isn't a great answer to this. It is something that has been on my
mind we multi-tenant installations, but it is unsolved for now.
On Sep 25, 2017 7:30 AM, "Simone D'Andreta"
wrote:
> I need to be able to overwrite the resolv.conf per pods. If I tweak the
>
;
>
>
>
>
> On 25.09.2017 15:29, 'Tim Hockin' via Kubernetes user discussion and Q
> wrote:
>
>> You have to arrange that traffic delivery. Kubernetes doesn't
>> intrinsically know your network, unless you are on one of the major clouds.
>>
>> A commo
You have to arrange that traffic delivery. Kubernetes doesn't
intrinsically know your network, unless you are on one of the major clouds.
A common answer is to DNS-roundrobin the nodes' public IPs, or to configure
your L3 infrastructure to VIP to your nodes.
On Sep 25, 2017 1:41 AM,
you're trying to mount a directory (emptyDir) onto a file
(/etc/resolv.conf). Without seeing the error that is a wild guess. I
can't stop you from doing this, but I strongly encourage you to
re-read and internalize what I wrote about multiple nameserver
records.
On Fri, Sep 22, 2017 at 6:19 AM,
Shared PID is coming, but last I checked it was not finished.
On Fri, Sep 22, 2017 at 6:22 AM, Rodrigo Campos wrote:
> At least ir has changed, you won't see pids from other containers in the pod
> (although I think is the idea in some future, when containers runtimes allow
I mean, the LB itself requires very little CPU, but certainly hardware
can make a difference...
On Fri, Sep 22, 2017 at 12:33 AM, Vinoth Narasimhan
wrote:
> Thanks tim.
>
> Is my assumption is right ?
>
> Throughput depends on CPU threads and sockets arch
>
> On Friday,
Thanks for following up!
On Thu, Sep 21, 2017 at 1:33 AM, Vinoth Narasimhan wrote:
> Finally the issue was with the hardware spec. The previous k8s test i did
> with 3 node cluster with each node spec has 1cpu and 4Gig RAM.
>
> Today i map the spec of the native tomcat
You'd have to craft a new file and mount it onto your resolv.conf,
which makes it harder to "just add another line" because you don't
have the base.
But more than that, what you're asking for is really non-standard
behavior. You can't safely add a nameserver record to resolv.conf
that produces
template:
>> metadata:
>> labels:
>> run: agentc
>> spec:
>> containers:
>> - name: agentk
>> image: library/app-agentk:v1
>> env:
>> - name: VOLUMEDIR
>> value: /agentcompose_agentsvolum
c; if you choose to ignore
>>> these errors, turn validation off with --validate=false
>>>
>>>
>>> kuber-agent.yml
>>>
>>> apiVersion: apps/v1beta1
>>> kind: Deployment
>>> metadata:
>>> name: agent-kuber
>>> sp
And if you are on different machines, you need to push that image
somewhere so it can be pulled by kubelet
On Wed, Sep 20, 2017 at 9:49 AM, Warren Strange
wrote:
>
>
> ImagePullBackOff means that Kubernetes can not find the image.
>
> You have:
> image: agentc
>
> You
There's no supported way to do that, in part because it would give up
all of the Service names that kubernetes provides. I don't know what
would happen if you tried to volumeMount a file over /etc/resolv.conf
- might be worth a shot.
On Wed, Sep 20, 2017 at 3:15 AM, Simone D'Andreta
Sorry, not sure I parsed your reply.
If you test docker with client and server on the same node, you need
to test kubernetes the same way.
You can test your client to the pod's IP directly (should be same as
docker perf) and then test kube services.
On Tue, Sep 19, 2017 at 10:16 PM, Vinoth
NodePort vs VIP should have no difference - they traverse the same paths.
This is a much steeper difference than what I measured and more than I
would expect.
Is this 8k new connections per second? Could you be exhausting
conntrack records and getting some failures? It would be interesting
to
Your volume config is not valid. What you need depends on whether you
want your volume to literally map `/c/Users/abcd/config` (which you
manage out of band, kubernetes won't touch) into your container or
whether you want just "an empty directory".
The literal equivalent would be more like:
```
On Fri, Sep 15, 2017 at 4:13 PM, Mark Petrovic wrote:
> Hello.
>
> I would have made this shorter if I could. Sorry. My context is
> Kubernetes, but my immediate questions are around clusters I configure on
> Google Compute Engine (GCE). Someone out there is bound to be
When it is rescheduled, it very likely ends up on a different Node.
If you want to erase that info, you'll need to track ordinals yourself
(via templating or via an ID service) or use StatefulSet.
On Mon, Sep 11, 2017 at 1:03 PM, wrote:
> Indeed, restarts do not
Pod restarts should not create new series'. Only if they get rescheduled,
as in a rolling update. In that case they ARE different.
On Sep 6, 2017 2:06 AM, wrote:
Is there any way to create ordinal index of pods in a normal ReplicaSet
similarly to StatefulSet?
We don't set the FQDN at all unless you specify the `subdomain` field
in Pod.spec. That could be a bug, but the assumption is that the FQDN
is "about" DNS lookup-ability. We could have that conversation,
though.
On Fri, Sep 8, 2017 at 8:39 AM, David Rosenstrauch wrote:
> On
We do not have a mechanism to express what you want to express, then.
You control the cluster suffix and the subdomain, and the pod name,
but even with all of those in play, the hostname comes out as
`..svc.`, I am pretty sure. I am open to
proposals on how to allow what you want.
On Tue, Sep 5,
.local
> / #
>
> Essentially he wants hostname and subdomain to combine and set the FQDN. Not
> just the start of the FQDN. E.g. hello.example
>
> Brandon
>
> On Tue, Sep 5, 2017 at 1:50 PM 'Tim Hockin' via Kubernetes user discussion
> and Q <kubernetes-users@googlegroups.
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records-and-hostname-based-on-pods-hostname-and-subdomain-fields
?
On Tue, Sep 5, 2017 at 1:41 PM, David Rosenstrauch wrote:
> Is it possible to make Kubernetes assign fully-qualified domain names to
>
I am not sure what you mean by Debian nodes. GKE supports 2 node images -
our own COS (chromium) and Ubuntu (alpha, I think).
Network Policy, via Calico, is offered in GKE alpha clusters today.
Without making any product announcements, you can read into that what you
will.
Tim
On Sep 4, 2017
What happens if B crashes and restarts? Or hiccups and just stops
responding for a couple seconds? You have to handle that anyway, so
ordering is irrelevant.
On Sep 1, 2017 7:32 AM, "Yong Zhang" wrote:
Hi, all
I have one pod with two containers e.g. A and B,
A should
You should not need to drain for kube-proxy, it is not saving any
state that it can't fix on fly. Kubelet doesn't save much/any state
YET, but it might in the future. Draining updates of kubelet are a
hugely simplifying assumption, and frankly will dodge a whole class of
potential live-update
This won't be super helpful - it's really hard to debug this sort of thing
remotely - but I will try.
First, I'd look at tcpdump from the root of the client machine to rule out
local latency. I can't fathom how 40-80 ms would be injected by the
iptables or bridging. Best to rule it out.
Publish the base configmap into a volume. Run a sidecar container
that consumes that and merges it with the unique ID (which you get
from StatefulSet or somewhere else - different problem) and publish
THAT to a shared emptyDir volume. When the base configmap changes,
the sidecar wakes up (e.g.
On Mon, Aug 14, 2017 at 10:56 AM, David Rosenstrauch <dar...@darose.net> wrote:
> On 2017-08-14 12:13 pm, 'Tim Hockin' via Kubernetes user discussion and Q
> wrote:
>>
>> On Mon, Aug 14, 2017 at 9:03 AM, David Rosenstrauch <dar...@darose.net>
>> wrote:
>>
On Mon, Aug 14, 2017 at 9:03 AM, David Rosenstrauch wrote:
> Thanks for the feedback. I see I didn't quite understand k8s networking
> properly (and had my cluster misconfigured as a result).
>
> I now have it configured as:
>
> --cluster-cidr=10.240.0.0/12
/12 gives you room
A single program, in a container, can only access the resources of that
single machine. A "service" can scale horizontally, across many machines,
to grow. In kubernetes we call that replicas, and the typical primitive is
Deployment.
On Aug 10, 2017 9:23 AM, wrote:
> Hi
>
>
The GKE team has heard the desire for this and is looking at possible
ways to provide it.
On Wed, Aug 9, 2017 at 3:56 PM, wrote:
> On Friday, June 16, 2017 at 11:24:15 AM UTC-5, pa...@qwil.co wrote:
>> Yes, this is the right approach -- here's a detailed walk-through:
>>
>>
You haven't really explained what you are trying to do. The question
you are asking is hard to answer because it indicates some
misunderstanding deeper down. What are you trying to achieve?
On Sun, Aug 6, 2017 at 2:35 AM, wrote:
> OK so how do i create deployment with 1
As far as I know, nobody has implemented this, but it should be pretty
trivial to write your own controller to manipulate labels based on your own
definition of availability.
On Aug 5, 2017 4:35 PM, "Rodrigo Campos" wrote:
I **guess** there is not:
There is no way to update an env var in a running container. It
simply is not possible in Linux to update an env var without being IN
that shell. This is one of the main arguments against env vars.
On Thu, Aug 3, 2017 at 7:40 AM, wrote:
> Hello,
>
> I need to update
Use labels. That's (part of) what they are for :)
On Wed, Aug 2, 2017 at 11:55 PM, Eswari wrote:
> Whenever I try to go to pod, need to give the complete pod name everytime.
>
> So, I am searching for the command to save the time
>
> On Thursday, August 3, 2017 at
?
>
> On Wed, Aug 2, 2017 at 2:35 PM, 'Tim Hockin' via Kubernetes user discussion
> and Q <kubernetes-users@googlegroups.com> wrote:
>>
>> Yes. Hang tight :)
>>
>> On Aug 2, 2017 1:51 PM, "Paul Mazzuca" <paul.j.mazz...@gmail.com> w
A deployment creates a replicaset which creates your pod. You might
have N pods running (replicas) and you might have N replicasets
(during an update, for example). The name is insignificant. What
problem are you really having?
On Wed, Aug 2, 2017 at 11:11 PM, Eswari
Let me know if it isnt clear. I'll fix it.
On Mon, Jul 31, 2017 at 11:26 PM, Snd LP <sendalot...@gmail.com> wrote:
> thank you.
> studying the slides.
> (leaping from docker to kubernetes these days).
>
> On Mon, Jul 31, 2017 at 11:17 PM, 'Tim Hockin' via Kubernetes us
https://speakerdeck.com/thockin/kubernetes-a-very-brief-explanation-of-ports
On Mon, Jul 31, 2017 at 3:19 PM, Snd LP wrote:
> I got some nginx containers running that I can access externally.
> Here are two yaml files I ran to make this happen.
>
> What do "hostPort" vs
which we have created Private Subnet as above.
>
> These are steps we have followed to launch cluster in Private Subnet.
>
>
>
> On Wed, Jul 19, 2017 at 10:32 PM, 'Tim Hockin' via Kubernetes user
> discussion and Q <kubernetes-users@googlegroups.com> wrote:
>
>>
How did you create these private/public subnets? GKE should not allow
you to create a cluster in a Network that doesn't have a default route
to internet. Routes are per-Network, not per-SubNetwork.
On Tue, Jul 18, 2017 at 11:27 PM, nnilesh7...@gmail.com
wrote:
> On
You don't have to declare it, but it's better if you do. It serves as
declaration of intention, plus allows you to provide a name for the
port (can be used in various places) and it's at least hypothetically
possible to block non-declared traffic.
On Tue, Jul 18, 2017 at 4:05 AM, Yong Zhang
This is not supported yet. We're looking at how best to support this.
On Wed, Jul 12, 2017 at 1:42 AM, wrote:
> Hi,
>
> When creating a new Kubernetes cluster on GKE (with a Google hosted
> Kubernetes master), there is an option for selecting additional zones for
> nodes.
.*.
>> Removing the "datalab" route didn't change anything,
>> and I'm also not sure how it would explain the inconsistent behavior
>> between 10.240.0.2 & 10.240.0.35.
>>
>> On Sun, Jul 2, 2017 at 7:21 PM 'Tim Hockin' via Kubernetes user
>> di
Check for duplicate or overlapping routes in the cloud console?
On Jul 2, 2017 9:14 AM, "Itamar O" wrote:
> Hi,
> I'm investigating a weird routing behavior on our production GKE cluster
> (nodes & master running 1.6.6), not quite sure how to proceed at this point.
>
> The
Yeah, the naming on those is not very well defined :)
On Wed, Jun 7, 2017 at 9:54 PM, wrote:
> There is already a catalog in the ingress repository. This is the link
> https://github.com/kubernetes/ingress/blob/master/docs/annotations.md
>
>
> On Thursday, June 8, 2017 at
>>> total
>>> ➜ time kubectl run --image=dlapiduz/hello-world test --attach
>>> --restart=Never
>>> Waiting for pod default/test to be running, status is Pending, pod
>>> ready: false
>>> hello
>>> kubectl run --image=dlapiduz/hello-worl
It runs faster or it starts faster? The gif clear too quickly for me to
see.
On Thu, Jun 1, 2017 at 9:09 PM, Diego Lapiduz wrote:
> Hi y'all, (k8s noob here so forgive me if this is something that I am
> doing obviously wrong)
>
> I am trying to run a short lived task and I
on your master: ip addr show ?
On Thu, Jun 1, 2017 at 8:59 AM, Prior, Mark
wrote:
> Hi,
>
>
>
> I am currently trying to install K8s using Kubeadm on a Centos7 VM (in
> VMware Worstation) and am getting what i think is a strange result. The
> kube-system PODs are
This being the kubernetes Service, the value is coming from Endpoints,
which is being written by your apiserver. By default, it chooses the
interface with a default route. If that is wrong, look at the
`--advertise-address` flag.
On Wed, May 31, 2017 at 8:33 AM, wrote:
>
On Sat, May 27, 2017 at 3:40 PM, Joseph Jacks wrote:
> Thanks! I do hear you, Tim --- however, I find that such an experiment is
> worthy in the face of the challenges the project has in this area. Why not
> have both extrinsic and intrinsic, then see what happens?
That was
Curiously, I was JUST listening to a radio piece exploring the effects
of intrinsic and extrinsic motivators. It is well understood that
"common purpose" and "for the greater good" (intrinsic motivators) are
more effective than money and stuff (extrinsic motivators). The
interesting part was
Unfortunately we don't have an obvious way to publish that information
right now.
On Wed, May 24, 2017 at 6:23 AM, hasan türken wrote:
> Hi,
>
> I need a way to get service cluster ip range (as CIDR) that works accross
> all Kubernetes clusters.
>
> I tried the following,
I was assuming sig-coud would spawn working groups for individual
cloud providers, and that's where critical conversations would be had.
My hope was to rein in sig sprawl, and mitigate overlap.
BUt I guess I don't care enough to argue it very hard. There
shouldn't be much net impact of being a
We're looking at how to offer network policy. I promise I want it as
much as you do (probably more).
Tim
On Tue, May 23, 2017 at 11:38 AM, wrote:
> On Monday, April 24, 2017 at 6:51:11 PM UTC+3, Tim Hockin wrote:
>> It is not yet supported in GKE, unfortunately. We are all
I was suggesting a headless Service to provide the DNS that you
generally want in a StatefulSet *and* and normal Service of
type=LoadBalancer, which can expose one or more of your ZK instances
to the outside world.
Sorry, I said "node" before when I meant zk instance. :)
On Mon, May 22, 2017 at
I don't see why we need sig-Azure, unless we thing sig-cloud is not
going to happen.
I don't know who is pushing hardest for sig-cloud - Brandon?
On Mon, May 22, 2017 at 10:31 AM, Sarah Novotny wrote:
> Hai all.
>
> What I'm hearing is immediate need for Azure work to
you can label for area/platform/azure
On Fri, May 19, 2017 at 2:43 PM, 'Eric Tune' via Kubernetes
developer/contributor discussion
wrote:
> I was just triaging new issues today and I wanted to label one sig/azure,
> but I can't (yet).
>
> On Fri, May 19, 2017 at
t, it might be possible to use affinity and
> OnlyLocal together without the max-one trick. I'd have to try it and
> take a look to be sure. In fact, I am pretty sure it would work. 76%
> sure.
>
> 'Tim Hockin' via Kubernetes user discussion and Q
> May 17, 2017 at 1:06 AM
>
&
pod
IPs in haproxy config, but it avoids the "dumbest" layer of LB. I am
sure that code already exists.
Now that I think on it, it might be possible to use affinity and
OnlyLocal together without the max-one trick. I'd have to try it and
take a look to be sure. In fact, I am pretty sure
e other form of proxy service, right?
> 'Tim Hockin' via Kubernetes user discussion and Q
> May 16, 2017 at 11:53 AM
>
> On Tue, May 16, 2017 at 7:06 AM, Joe Auty <joea...@gmail.com> wrote:
>
> Hi Tim,
>
> I have a couple of different use cases actually, but at this point I'
to click
> now!
>
> 'Tim Hockin' via Kubernetes user discussion and Q
> May 16, 2017 at 11:45 AM
>
> On Tue, May 16, 2017 at 7:02 AM, Joe Auty <joea...@gmail.com> wrote:
>
> This is very helpful, thanks, this makes sense!
>
> If services are layer 4 th
On Tue, May 16, 2017 at 7:02 AM, Joe Auty wrote:
> This is very helpful, thanks, this makes sense!
>
> If services are layer 4 though, what does service.spec.sessionAffinity do?
The only real choice there is "ClientIP", which makes sense in an L4 context.
> If I'm
You could maybe start with what you want to achieve, and what your
requirements are?
On Sun, May 14, 2017 at 10:28 AM, Joe Auty wrote:
> Sorry for such a vague subject, but I think I need some help breaking things
> down here.
>
> I think I understand how the Google layer 7
I'd rather see a sig-node that spawns topical subgroups. There are many
topics that cross-cultural all the clouds, and we have no such forum.
On May 15, 2017 8:34 AM, "Ihor Dvoretskyi"
wrote:
I'd be happy to see yet another member of a Cloud Providers SIGs family!
Part of the point of Services is that you don't have to discover the
port - you can use known ports. That said, we also serve SRV records,
so if you know the name of the port you want, you can find the number.
On Fri, May 12, 2017 at 8:56 AM, wrote:
> Back to service
You can either anonymize (like change the image name) or you can send
it to me directly - thockin@google and I will pass it on to the folks
who know that logic best.
Tim
On Thu, May 11, 2017 at 8:40 AM, Kristian Freed
wrote:
> Client version used is 1.5.4 against
What kubectl version? Can you show an example YAML pair that doesn't
apply ? There have been bugs in the patch-generation logic in the
past, but I think they are all resolved.
On Thu, May 11, 2017 at 6:12 AM, Kristian Freed
wrote:
> Hi,
>
> We have an automated
If I read correctly, they want quota to apply to a subset of pods in a
Namespace (by selector) not the whole namespace (so multiple teams can
share a namespace), or else they need to pollute names with
env-specific decorations.
On Tue, May 9, 2017 at 12:44 AM, 'David Oppenheimer' via Kubernetes
GKE / Google Cloud in this regard. I can't say for sure what other
clouds offer.
It should be possible to run an HTTP Proxy or other app-specific
proxy, which can get you a long way towards this.
On Mon, May 8, 2017 at 12:14 PM, wrote:
> On Friday, 13 January 2017 02:25:20
service-cluster-ip-range=10.96.0.0/12
>> >
>> > /12 is a LARGE service range - it allows 1 million Service IPs in your
>> > cluster. That's unusual, and may cause problems elsewhere.
>> >
>> >> 3. Can you ping from the pod to its own Node IP?
>> >>
&
t@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.10.32
>> PING 172.172.10.32 (172.172.10.32) 56(84) bytes of data.
>> 64 bytes from 172.172.10.32: icmp_seq=1 ttl=64 time=0.108 ms
>> 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms
>>
>> 4. Can you
) 56(84) bytes of data.
> 64 bytes from 172.172.10.32: icmp_seq=1 ttl=64 time=0.108 ms
> 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms
>
> 4. Can you ping from the pod to a different Node IP?
>
> No.
>
> [root@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.1
64 time=0.108 ms
> 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms
>
> 4. Can you ping from the pod to a different Node IP?
>
> No.
can you ping from a pod to a different pod on the other node?
> [root@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.10.31
> PING 172.17
It is not yet supported in GKE, unfortunately. We are all anxious to
offer something as soon as possible.
Tim
On Mon, Apr 24, 2017 at 1:39 AM, wrote:
> On Thursday, January 26, 2017 at 5:36:36 PM UTC, m...@ub.io wrote:
>> Hello,
>>
>> What network plugin does GKE
What network driver are you using? kubenet? CNI + flannel? CNI +
weave? CNI + calico?
What is your Service cluster IP range?
Can you ping from the pod to its own Node IP?
Can you ping from the pod to a different Node IP?
On Mon, Apr 24, 2017 at 6:29 AM, Roger Song
Sam,
I don't have a clean answer for you. What you really want (it seems)
is nested Namespaces. If only our foresight were better...
The way we end up doing it internally is that foo-prod and foo-test
get baked into the templates that produce the final configs that are
sent to the master.
Nothing is impossible, but somethings are difficult.
You could spin up a deployment per user, size 1, with a persistent
volume, and run install packages onto the PV, rather than the rootfs.
Or you could do a `docker build` which does `apt-get install` on all
the extra packages you want, push that
hyy
>
> 2017-04-05 22:38 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q <kubernetes-users@googlegroups.com>:
>>
>> On Wed, Apr 5, 2017 at 2:23 PM, YASMINE CHEIKHROUHOU
>> <yasmine.cheikhrou...@enis.tn> wrote:
>> > it seems that i don't
; i want this in the picture but i can't because it's forwarding only
> localhost
> thank you
>
> 2017-04-05 22:02 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q <kubernetes-users@googlegroups.com>:
>>
>> On what cloud?
>>
>> On Wed, Apr 5,
RNAL-IP appears
>
> 2017-04-05 21:32 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q <kubernetes-users@googlegroups.com>:
>>
>> I don't think you want to use `kubectl port-forward` for production -
>> it runs the traffic through the master API. You clear
.tn> wrote:
> I want to setup it for a permanent fixture
> Does you understand,Sir, what i mean?
>
> 2017-04-05 16:54 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q <kubernetes-users@googlegroups.com>:
>>
>> kubectl port-forward is not really designed
I thought flannel made that rule, but I have not run flannel in a while...
On Wed, Apr 5, 2017 at 1:18 PM, Jimmy Cuadra wrote:
> Thanks, Tim!
>
> Is Flannel itself supposed to make those iptables changes, or does
> kube-proxy do it? I'm still not sure how to proceed, or
od 3389
> The result will be like this:
> Forwarding from 192.168.56.1:3389 -> 3389
> but --bind-address is not supported how to do?
>
> 2017-04-05 0:41 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q <kubernetes-users@googlegroups.com>:
>>
>> Can you
I see the flannel masquerade for inbound traffic (-A POSTROUTING ! -s
10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE) but not for outbound
(expect -A POSTROUTING -s 10.244.0.0/16 ! -d 10.244.0.0/16 -j
MASQUERADE)
On Wed, Apr 5, 2017 at 3:16 AM, wrote:
> Hello all,
>
> I'm
Can you explain what you're trying to do? I think there's a little confusion.
On Tue, Apr 4, 2017 at 1:23 AM, jasmin wrote:
> Hello
> I want to change the adress of localhost but --bind-adress is not supported
> with my kubectl version
> Is there a solution
> I
On Sun, Apr 2, 2017 at 11:22 PM, wrote:
>
>
>
>
>
> One More question , In case of Service type as loadbalancer , does the
> configured loadbalancer points to :
>
> a) internal cluster service ip and cluster port of service.
> b) Node ip and node port of the service.
101 - 200 of 273 matches
Mail list logo