Re: [kubernetes-users] Ingress resource having backend kubernetes services in multiple namespace.

Thanks. > > On Thu, Oct 12, 2017 at 9:38 PM, 'Tim Hockin' via Kubernetes user discussion > and Q <kubernetes-users@googlegroups.com> wrote: >> >> Currently it is not possible to express this. >> >> On Thu, Oct 12, 2017 at 12:21 AM, <cybage.almdev...@

Re: [kubernetes-users] Re: GKE Kubernetes control plane unable to talk to service

In general the control plane can not access Services. Not all installations treat the master as a node, and it's not actually required to be. Consider that the controller manager is responsible for telling resolving services to endpoints - having g it depends on service cluster IPs depends on

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

On Fri, Oct 13, 2017 at 3:17 AM, wrote: > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote: >> Private Google Access is not a private subnet. That simply allows your VMs >> to access google service without a public IP. You still have to make VMs >>

Re: [kubernetes-users] how much containers can i instantiate in comparison with VM

Containers can consume as little as 0.001 CPUs on platforms like Kubernetes. You can run hundreds of small containers on a machine. There's no VMM overhead, no guest OS overhead, and everything you do in a container is transparent to the host OS. Tools like `ps` and `kill` just work. On Tue,

Re: [kubernetes-users] Cluster DNS: bottleneck with ~1000 outbound connections per second

thing > instead. Yeah "Host" might have been better. I would take PRs to add Host and let it mean the same as "Default" and deprecate (but not remove) "Default". Tim > On Oct 5, 2017 13:54, "'Tim Hockin' via Kubernetes user discussion and Q" >

Re: [kubernetes-users] Cluster DNS: bottleneck with ~1000 outbound connections per second

We had a proposal to avoid conntrack for DNS, but no real movement on it. We have flags to adjust the conntrack table size. Kernel has params to tweak timeouts, which users can tweak. Sustained 1000 QPS DNS seems artificial. On Thu, Oct 5, 2017 at 10:47 AM, Evan Jones

Re: [kubernetes-users] Re: Is it possible to not populate a pod with environment variables for known services?

pkg/kubelet/envvars/envvars.go Simplest change would probably be a new field, default true, saying "publish env vars for services". we might want to special case KUBERNETES_SERVICE_HOST and _PORT because that has deeper roots. A short design proposal would be appropriate. On Wed, Oct 4, 2017

Re: [kubernetes-users] Re: Is it possible to not populate a pod with environment variables for known services?

AFAIK there isn't a way to disable these automatic variables. We've discussed this for a very long time, and maybe it's finally time to add an optional disable for this? Proposals and patches welcome. This should be a pretty easy one, honestly. FWIW, the variables are named `FOOBAR_SERVICE_HOST

Re: [kubernetes-users] How to define options for docker run inside a k8s yaml specification

You have to look at the kubernetes docs for the kubernetes API. Kubernetes is not docker. https://kubernetes.io/docs/api-reference/v1.7/#pod-v1-core Search for `hostNetwork`. Tim On Mon, Oct 2, 2017 at 10:14 AM, wrote: > Could you please elaborate. Do not

Re: [kubernetes-users] Remote connections appear to originate from the gateway ??

I think flannel and weave HAVE to masquerade when crossing virtual network planes. Non-overlay solutions don't have to, but there are different tradeoffs. Take a look at Service.spec.externalTrafficPolicy On Sat, Sep 30, 2017 at 6:19 PM, Blade Doyle wrote: > >

Re: [kubernetes-users] No traffic reaching the pod after delete followed by create

rmed by running > tcpdump on the host. > I don’t see the traffic if I ran tcpdump on the pod/container > > — > Fritz > > > On Sep 25, 2017, at 7:58 PM, 'Tim Hockin' via Kubernetes user discussion > and Q <kubernetes-users@googlegroups.com> wrote: > > Was it

Re: [kubernetes-users] No traffic reaching the pod after delete followed by create

Was it a single connection? Services are generally connection oriented. On Sep 25, 2017 7:21 PM, wrote: > Hi All, > > I deleted my pod, and recreated it back while traffic continuously running > in the background destined to the service. After the pod got recreated, I > do

Re: [kubernetes-users] route traffic to the Ingress controller

regards, Laszlo On 25.09.2017 16:36, 'Tim Hockin' via Kubernetes user discussion and Q wrote: > Of course. Ingress is a very special sort of workload, with more > particular requirements than most. It's more infrastructure than > application. > > On Sep 25, 2017 5:53 AM, "Budai Laszlo

Re: [kubernetes-users] Resolv.conf override for a pod

There isn't a great answer to this. It is something that has been on my mind we multi-tenant installations, but it is unsolved for now. On Sep 25, 2017 7:30 AM, "Simone D'Andreta" wrote: > I need to be able to overwrite the resolv.conf per pods. If I tweak the >

Re: [kubernetes-users] route traffic to the Ingress controller

; > > > > > On 25.09.2017 15:29, 'Tim Hockin' via Kubernetes user discussion and Q > wrote: > >> You have to arrange that traffic delivery. Kubernetes doesn't >> intrinsically know your network, unless you are on one of the major clouds. >> >> A commo

Re: [kubernetes-users] route traffic to the Ingress controller

You have to arrange that traffic delivery. Kubernetes doesn't intrinsically know your network, unless you are on one of the major clouds. A common answer is to DNS-roundrobin the nodes' public IPs, or to configure your L3 infrastructure to VIP to your nodes. On Sep 25, 2017 1:41 AM,

Re: [kubernetes-users] Resolv.conf override for a pod

you're trying to mount a directory (emptyDir) onto a file (/etc/resolv.conf). Without seeing the error that is a wild guess. I can't stop you from doing this, but I strongly encourage you to re-read and internalize what I wrote about multiple nameserver records. On Fri, Sep 22, 2017 at 6:19 AM,

Re: [kubernetes-users] Is a pod equivalent to a set of containers with shared IPC, net, PID namespaces and volumes?

Shared PID is coming, but last I checked it was not finished. On Fri, Sep 22, 2017 at 6:22 AM, Rodrigo Campos wrote: > At least ir has changed, you won't see pids from other containers in the pod > (although I think is the idea in some future, when containers runtimes allow

Re: [kubernetes-users] Re: Low throughput on K8s LoadBalancer

I mean, the LB itself requires very little CPU, but certainly hardware can make a difference... On Fri, Sep 22, 2017 at 12:33 AM, Vinoth Narasimhan wrote: > Thanks tim. > > Is my assumption is right ? > > Throughput depends on CPU threads and sockets arch > > On Friday,

Re: [kubernetes-users] Re: Low throughput on K8s LoadBalancer

Thanks for following up! On Thu, Sep 21, 2017 at 1:33 AM, Vinoth Narasimhan wrote: > Finally the issue was with the hardware spec. The previous k8s test i did > with 3 node cluster with each node spec has 1cpu and 4Gig RAM. > > Today i map the spec of the native tomcat

Re: [kubernetes-users] Resolv.conf override for a pod

You'd have to craft a new file and mount it onto your resolv.conf, which makes it harder to "just add another line" because you don't have the base. But more than that, what you're asking for is really non-standard behavior. You can't safely add a nameserver record to resolv.conf that produces

Re: [kubernetes-users] steps to migrate Docker image to use kubernetes

template: >> metadata: >> labels: >> run: agentc >> spec: >> containers: >> - name: agentk >> image: library/app-agentk:v1 >> env: >> - name: VOLUMEDIR >> value: /agentcompose_agentsvolum

Re: [kubernetes-users] steps to migrate Docker image to use kubernetes

c; if you choose to ignore >>> these errors, turn validation off with --validate=false >>> >>> >>> kuber-agent.yml >>> >>> apiVersion: apps/v1beta1 >>> kind: Deployment >>> metadata: >>> name: agent-kuber >>> sp

Re: [kubernetes-users] Re: using image from local directory

And if you are on different machines, you need to push that image somewhere so it can be pulled by kubelet On Wed, Sep 20, 2017 at 9:49 AM, Warren Strange wrote: > > > ImagePullBackOff means that Kubernetes can not find the image. > > You have: > image: agentc > > You

Re: [kubernetes-users] Resolv.conf override for a pod

There's no supported way to do that, in part because it would give up all of the Service names that kubernetes provides. I don't know what would happen if you tried to volumeMount a file over /etc/resolv.conf - might be worth a shot. On Wed, Sep 20, 2017 at 3:15 AM, Simone D'Andreta

Re: [kubernetes-users] Re: Low throughput on K8s LoadBalancer

Sorry, not sure I parsed your reply. If you test docker with client and server on the same node, you need to test kubernetes the same way. You can test your client to the pod's IP directly (should be same as docker perf) and then test kube services. On Tue, Sep 19, 2017 at 10:16 PM, Vinoth

Re: [kubernetes-users] Re: Low throughput on K8s LoadBalancer

NodePort vs VIP should have no difference - they traverse the same paths. This is a much steeper difference than what I measured and more than I would expect. Is this 8k new connections per second? Could you be exhausting conntrack records and getting some failures? It would be interesting to

Re: [kubernetes-users] steps to migrate Docker image to use kubernetes

Your volume config is not valid. What you need depends on whether you want your volume to literally map `/c/Users/abcd/config` (which you manage out of band, kubernetes won't touch) into your container or whether you want just "an empty directory". The literal equivalent would be more like: ```

Re: [kubernetes-users] Kubernetes, GCP, and IP Aliases

On Fri, Sep 15, 2017 at 4:13 PM, Mark Petrovic wrote: > Hello. > > I would have made this shorter if I could. Sorry. My context is > Kubernetes, but my immediate questions are around clusters I configure on > Google Compute Engine (GCE). Someone out there is bound to be

Re: [kubernetes-users] Is there any way to create ordinal index of pods in a normal ReplicaSet similarly to StatefulSet?

When it is rescheduled, it very likely ends up on a different Node. If you want to erase that info, you'll need to track ordinals yourself (via templating or via an ID service) or use StatefulSet. On Mon, Sep 11, 2017 at 1:03 PM, wrote: > Indeed, restarts do not

Re: [kubernetes-users] Is there any way to create ordinal index of pods in a normal ReplicaSet similarly to StatefulSet?

Pod restarts should not create new series'. Only if they get rescheduled, as in a rolling update. In that case they ARE different. On Sep 6, 2017 2:06 AM, wrote: Is there any way to create ordinal index of pods in a normal ReplicaSet similarly to StatefulSet?

Re: [kubernetes-users] FQDN's for pods?

We don't set the FQDN at all unless you specify the `subdomain` field in Pod.spec. That could be a bug, but the assumption is that the FQDN is "about" DNS lookup-ability. We could have that conversation, though. On Fri, Sep 8, 2017 at 8:39 AM, David Rosenstrauch wrote: > On

Re: [kubernetes-users] FQDN's for pods?

We do not have a mechanism to express what you want to express, then. You control the cluster suffix and the subdomain, and the pod name, but even with all of those in play, the hostname comes out as `..svc.`, I am pretty sure. I am open to proposals on how to allow what you want. On Tue, Sep 5,

Re: [kubernetes-users] FQDN's for pods?

.local > / # > > Essentially he wants hostname and subdomain to combine and set the FQDN. Not > just the start of the FQDN. E.g. hello.example > > Brandon > > On Tue, Sep 5, 2017 at 1:50 PM 'Tim Hockin' via Kubernetes user discussion > and Q <kubernetes-users@googlegroups.

Re: [kubernetes-users] FQDN's for pods?

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records-and-hostname-based-on-pods-hostname-and-subdomain-fields ? On Tue, Sep 5, 2017 at 1:41 PM, David Rosenstrauch wrote: > Is it possible to make Kubernetes assign fully-qualified domain names to >

Re: [kubernetes-users] Re: NetworkPolicy ingress restrictions don't seem to be working in GKE

I am not sure what you mean by Debian nodes. GKE supports 2 node images - our own COS (chromium) and Ubuntu (alpha, I think). Network Policy, via Calico, is offered in GKE alpha clusters today. Without making any product announcements, you can read into that what you will. Tim On Sep 4, 2017

Re: [kubernetes-users] delay container startup or define container/service dependency

What happens if B crashes and restarts? Or hiccups and just stops responding for a couple seconds? You have to handle that anyway, so ordering is irrelevant. On Sep 1, 2017 7:32 AM, "Yong Zhang" wrote: Hi, all I have one pod with two containers e.g. A and B, A should

Re: [kubernetes-users] kubelet/kube-proxy in-place upgrade ordering

You should not need to drain for kube-proxy, it is not saving any state that it can't fix on fly. Kubelet doesn't save much/any state YET, but it might in the future. Draining updates of kubelet are a hugely simplifying assumption, and frankly will dodge a whole class of potential live-update

[kubernetes-users] Re: Pod network latency problem

This won't be super helpful - it's really hard to debug this sort of thing remotely - but I will try. First, I'd look at tcpdump from the root of the client machine to rule out local latency. I can't fathom how 40-80 ms would be injected by the iptables or bridging. Best to rule it out.

Re: [kubernetes-users] Dynamic values in ConfigMap

Publish the base configmap into a volume. Run a sidecar container that consumes that and merges it with the unique ID (which you get from StatefulSet or somewhere else - different problem) and publish THAT to a shared emptyDir volume. When the base configmap changes, the sidecar wakes up (e.g.

Re: [kubernetes-users] k8s networking / cluster size limits confusion

On Mon, Aug 14, 2017 at 10:56 AM, David Rosenstrauch <dar...@darose.net> wrote: > On 2017-08-14 12:13 pm, 'Tim Hockin' via Kubernetes user discussion and Q > wrote: >> >> On Mon, Aug 14, 2017 at 9:03 AM, David Rosenstrauch <dar...@darose.net> >> wrote: >>

Re: [kubernetes-users] k8s networking / cluster size limits confusion

On Mon, Aug 14, 2017 at 9:03 AM, David Rosenstrauch wrote: > Thanks for the feedback. I see I didn't quite understand k8s networking > properly (and had my cluster misconfigured as a result). > > I now have it configured as: > > --cluster-cidr=10.240.0.0/12 /12 gives you room

Re: [kubernetes-users] Kubernetes resource management

A single program, in a container, can only access the resources of that single machine. A "service" can scale horizontally, across many machines, to grow. In kubernetes we call that replicas, and the typical primitive is Deployment. On Aug 10, 2017 9:23 AM, wrote: > Hi > >

Re: [kubernetes-users] Finding a way to get stable public IP for outbound connections

The GKE team has heard the desire for this and is looking at possible ways to provide it. On Wed, Aug 9, 2017 at 3:56 PM, wrote: > On Friday, June 16, 2017 at 11:24:15 AM UTC-5, pa...@qwil.co wrote: >> Yes, this is the right approach -- here's a detailed walk-through: >> >>

Re: [kubernetes-users] How to move a POD from node1 to node2?

You haven't really explained what you are trying to do. The question you are asking is hard to answer because it indicates some misunderstanding deeper down. What are you trying to achieve? On Sun, Aug 6, 2017 at 2:35 AM, wrote: > OK so how do i create deployment with 1

Re: [kubernetes-users] Weighted load balancing to service/pods

As far as I know, nobody has implemented this, but it should be pretty trivial to write your own controller to manipulate labels based on your own definition of availability. On Aug 5, 2017 4:35 PM, "Rodrigo Campos" wrote: I **guess** there is not:

Re: [kubernetes-users] Help update env container.

There is no way to update an env var in a running container. It simply is not possible in Linux to update an env var without being IN that shell. This is one of the main arguments against env vars. On Thu, Aug 3, 2017 at 7:40 AM, wrote: > Hello, > > I need to update

Re: [kubernetes-users] Pod name parameter while creating deployment in kubernetes

Use labels. That's (part of) what they are for :) On Wed, Aug 2, 2017 at 11:55 PM, Eswari wrote: > Whenever I try to go to pod, need to give the complete pod name everytime. > > So, I am searching for the command to save the time > > On Thursday, August 3, 2017 at

Re: [kubernetes-users] GCP Internal Load Balancer through VPN

? > > On Wed, Aug 2, 2017 at 2:35 PM, 'Tim Hockin' via Kubernetes user discussion > and Q <kubernetes-users@googlegroups.com> wrote: >> >> Yes. Hang tight :) >> >> On Aug 2, 2017 1:51 PM, "Paul Mazzuca" <paul.j.mazz...@gmail.com> w

Re: [kubernetes-users] Pod name parameter while creating deployment in kubernetes

A deployment creates a replicaset which creates your pod. You might have N pods running (replicas) and you might have N replicasets (during an update, for example). The name is insignificant. What problem are you really having? On Wed, Aug 2, 2017 at 11:11 PM, Eswari

Re: [kubernetes-users] port kinds

Let me know if it isnt clear. I'll fix it. On Mon, Jul 31, 2017 at 11:26 PM, Snd LP <sendalot...@gmail.com> wrote: > thank you. > studying the slides. > (leaping from docker to kubernetes these days). > > On Mon, Jul 31, 2017 at 11:17 PM, 'Tim Hockin' via Kubernetes us

Re: [kubernetes-users] port kinds

https://speakerdeck.com/thockin/kubernetes-a-very-brief-explanation-of-ports On Mon, Jul 31, 2017 at 3:19 PM, Snd LP wrote: > I got some nginx containers running that I can access externally. > Here are two yaml files I ran to make this happen. > > What do "hostPort" vs

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

which we have created Private Subnet as above. > > These are steps we have followed to launch cluster in Private Subnet. > > > > On Wed, Jul 19, 2017 at 10:32 PM, 'Tim Hockin' via Kubernetes user > discussion and Q <kubernetes-users@googlegroups.com> wrote: > >>

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

How did you create these private/public subnets? GKE should not allow you to create a cluster in a Network that doesn't have a default route to internet. Routes are per-Network, not per-SubNetwork. On Tue, Jul 18, 2017 at 11:27 PM, nnilesh7...@gmail.com wrote: > On

Re: [kubernetes-users] Is it necessary to define container port in deployment?

You don't have to declare it, but it's better if you do. It serves as declaration of intention, plus allows you to provide a name for the port (can be used in various places) and it's at least hypothetically possible to block non-declared traffic. On Tue, Jul 18, 2017 at 4:05 AM, Yong Zhang

Re: [kubernetes-users] Creating a multi master Kubernetes cluster on GKE

This is not supported yet. We're looking at how best to support this. On Wed, Jul 12, 2017 at 1:42 AM, wrote: > Hi, > > When creating a new Kubernetes cluster on GKE (with a Google hosted > Kubernetes master), there is an option for selecting additional zones for > nodes.

Re: [kubernetes-users] Weird GKE-GCE routing behavior

.*. >> Removing the "datalab" route didn't change anything, >> and I'm also not sure how it would explain the inconsistent behavior >> between 10.240.0.2 & 10.240.0.35. >> >> On Sun, Jul 2, 2017 at 7:21 PM 'Tim Hockin' via Kubernetes user >> di

Re: [kubernetes-users] Weird GKE-GCE routing behavior

Check for duplicate or overlapping routes in the cloud console? On Jul 2, 2017 9:14 AM, "Itamar O" wrote: > Hi, > I'm investigating a weird routing behavior on our production GKE cluster > (nodes & master running 1.6.6), not quite sure how to proceed at this point. > > The

Re: [kubernetes-users] kubernetes ingress annotation syntax

Yeah, the naming on those is not very well defined :) On Wed, Jun 7, 2017 at 9:54 PM, wrote: > There is already a catalog in the ingress repository. This is the link > https://github.com/kubernetes/ingress/blob/master/docs/annotations.md > > > On Thursday, June 8, 2017 at

Re: [kubernetes-users] Docker vs K8s API

>>> total >>> ➜ time kubectl run --image=dlapiduz/hello-world test --attach >>> --restart=Never >>> Waiting for pod default/test to be running, status is Pending, pod >>> ready: false >>> hello >>> kubectl run --image=dlapiduz/hello-worl

Re: [kubernetes-users] Docker vs K8s API

It runs faster or it starts faster? The gif clear too quickly for me to see. On Thu, Jun 1, 2017 at 9:09 PM, Diego Lapiduz wrote: > Hi y'all, (k8s noob here so forgive me if this is something that I am > doing obviously wrong) > > I am trying to run a short lived task and I

Re: [kubernetes-users] Kubeadm is creating my kube-system PODs with an odd IP

on your master: ip addr show ? On Thu, Jun 1, 2017 at 8:59 AM, Prior, Mark wrote: > Hi, > > > > I am currently trying to install K8s using Kubeadm on a Centos7 VM (in > VMware Worstation) and am getting what i think is a strange result. The > kube-system PODs are

Re: [kubernetes-users] kube-proxy creating iptable rule for wrong interface

This being the kubernetes Service, the value is coming from Endpoints, which is being written by your apiserver. By default, it chooses the interface with a default route. If that is wrong, look at the `--advertise-address` flag. On Wed, May 31, 2017 at 8:33 AM, wrote: >

Re: [kubernetes-users] Re: 21-based K8s Community Micro Tasks

On Sat, May 27, 2017 at 3:40 PM, Joseph Jacks wrote: > Thanks! I do hear you, Tim --- however, I find that such an experiment is > worthy in the face of the challenges the project has in this area. Why not > have both extrinsic and intrinsic, then see what happens? That was

Re: [kubernetes-users] Re: 21-based K8s Community Micro Tasks

Curiously, I was JUST listening to a radio piece exploring the effects of intrinsic and extrinsic motivators. It is well understood that "common purpose" and "for the greater good" (intrinsic motivators) are more effective than money and stuff (extrinsic motivators). The interesting part was

Re: [kubernetes-users] Find out service ip range CIDR programatically

Unfortunately we don't have an obvious way to publish that information right now. On Wed, May 24, 2017 at 6:23 AM, hasan türken wrote: > Hi, > > I need a way to get service cluster ip range (as CIDR) that works accross > all Kubernetes clusters. > > I tried the following,

[kubernetes-users] Re: SIG-Azure proposal

I was assuming sig-coud would spawn working groups for individual cloud providers, and that's where critical conversations would be had. My hope was to rein in sig sprawl, and mitigate overlap. BUt I guess I don't care enough to argue it very hard. There shouldn't be much net impact of being a

Re: [kubernetes-users] Re: NetworkPolicy ingress restrictions don't seem to be working in GKE

We're looking at how to offer network policy. I promise I want it as much as you do (probably more). Tim On Tue, May 23, 2017 at 11:38 AM, wrote: > On Monday, April 24, 2017 at 6:51:11 PM UTC+3, Tim Hockin wrote: >> It is not yet supported in GKE, unfortunately. We are all

Re: [kubernetes-users] Externalize headless service in kubernetes

I was suggesting a headless Service to provide the DNS that you generally want in a StatefulSet *and* and normal Service of type=LoadBalancer, which can expose one or more of your ZK instances to the outside world. Sorry, I said "node" before when I meant zk instance. :) On Mon, May 22, 2017 at

[kubernetes-users] Re: SIG-Azure proposal

I don't see why we need sig-Azure, unless we thing sig-cloud is not going to happen. I don't know who is pushing hardest for sig-cloud - Brandon? On Mon, May 22, 2017 at 10:31 AM, Sarah Novotny wrote: > Hai all. > > What I'm hearing is immediate need for Azure work to

[kubernetes-users] Re: SIG-Azure proposal

you can label for area/platform/azure On Fri, May 19, 2017 at 2:43 PM, 'Eric Tune' via Kubernetes developer/contributor discussion wrote: > I was just triaging new issues today and I wanted to label one sig/azure, > but I can't (yet). > > On Fri, May 19, 2017 at

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

t, it might be possible to use affinity and > OnlyLocal together without the max-one trick. I'd have to try it and > take a look to be sure. In fact, I am pretty sure it would work. 76% > sure. > > 'Tim Hockin' via Kubernetes user discussion and Q > May 17, 2017 at 1:06 AM > &

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

pod IPs in haproxy config, but it avoids the "dumbest" layer of LB. I am sure that code already exists. Now that I think on it, it might be possible to use affinity and OnlyLocal together without the max-one trick. I'd have to try it and take a look to be sure. In fact, I am pretty sure

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

e other form of proxy service, right? > 'Tim Hockin' via Kubernetes user discussion and Q > May 16, 2017 at 11:53 AM > > On Tue, May 16, 2017 at 7:06 AM, Joe Auty <joea...@gmail.com> wrote: > > Hi Tim, > > I have a couple of different use cases actually, but at this point I'

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

to click > now! > > 'Tim Hockin' via Kubernetes user discussion and Q > May 16, 2017 at 11:45 AM > > On Tue, May 16, 2017 at 7:02 AM, Joe Auty <joea...@gmail.com> wrote: > > This is very helpful, thanks, this makes sense! > > If services are layer 4 th

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

On Tue, May 16, 2017 at 7:02 AM, Joe Auty wrote: > This is very helpful, thanks, this makes sense! > > If services are layer 4 though, what does service.spec.sessionAffinity do? The only real choice there is "ClientIP", which makes sense in an L4 context. > If I'm

Re: [kubernetes-users] Help me understand Kubernetes/Google LB options and architectures

You could maybe start with what you want to achieve, and what your requirements are? On Sun, May 14, 2017 at 10:28 AM, Joe Auty wrote: > Sorry for such a vague subject, but I think I need some help breaking things > down here. > > I think I understand how the Google layer 7

[kubernetes-users] Re: SIG-Azure proposal

I'd rather see a sig-node that spawns topical subgroups. There are many topics that cross-cultural all the clouds, and we have no such forum. On May 15, 2017 8:34 AM, "Ihor Dvoretskyi" wrote: I'd be happy to see yet another member of a Cloud Providers SIGs family!

Re: [kubernetes-users] services and namespaces

Part of the point of Services is that you don't have to discover the port - you can use known ports. That said, we also serve SRV records, so if you know the name of the port you want, you can find the number. On Fri, May 12, 2017 at 8:56 AM, wrote: > Back to service

Re: [kubernetes-users] kubectl apply does not always apply

You can either anonymize (like change the image name) or you can send it to me directly - thockin@google and I will pass it on to the folks who know that logic best. Tim On Thu, May 11, 2017 at 8:40 AM, Kristian Freed wrote: > Client version used is 1.5.4 against

Re: [kubernetes-users] kubectl apply does not always apply

What kubectl version? Can you show an example YAML pair that doesn't apply ? There have been bugs in the patch-generation logic in the past, but I think they are all resolved. On Thu, May 11, 2017 at 6:12 AM, Kristian Freed wrote: > Hi, > > We have an automated

Re: [kubernetes-users] One environment or many per cluster?

If I read correctly, they want quota to apply to a subset of pods in a Namespace (by selector) not the whole namespace (so multiple teams can share a namespace), or else they need to pollute names with env-specific decorations. On Tue, May 9, 2017 at 12:44 AM, 'David Oppenheimer' via Kubernetes

Re: [kubernetes-users] Get a static outgoing IP on GKE

GKE / Google Cloud in this regard. I can't say for sure what other clouds offer. It should be possible to run an HTTP Proxy or other app-specific proxy, which can get you a long way towards this. On Mon, May 8, 2017 at 12:14 PM, wrote: > On Friday, 13 January 2017 02:25:20

Re: [kubernetes-users] Failed to connect to external service from pod

service-cluster-ip-range=10.96.0.0/12 >> > >> > /12 is a LARGE service range - it allows 1 million Service IPs in your >> > cluster. That's unusual, and may cause problems elsewhere. >> > >> >> 3. Can you ping from the pod to its own Node IP? >> >> &

Re: [kubernetes-users] Failed to connect to external service from pod

t@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.10.32 >> PING 172.172.10.32 (172.172.10.32) 56(84) bytes of data. >> 64 bytes from 172.172.10.32: icmp_seq=1 ttl=64 time=0.108 ms >> 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms >> >> 4. Can you

Re: [kubernetes-users] Failed to connect to external service from pod

) 56(84) bytes of data. > 64 bytes from 172.172.10.32: icmp_seq=1 ttl=64 time=0.108 ms > 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms > > 4. Can you ping from the pod to a different Node IP? > > No. > > [root@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.1

Re: [kubernetes-users] Failed to connect to external service from pod

64 time=0.108 ms > 64 bytes from 172.172.10.32: icmp_seq=2 ttl=64 time=0.076 ms > > 4. Can you ping from the pod to a different Node IP? > > No. can you ping from a pod to a different pod on the other node? > [root@tulip-saas-xnode-2720274701-3fmqd /]# ping 172.172.10.31 > PING 172.17

Re: [kubernetes-users] Re: NetworkPolicy ingress restrictions don't seem to be working in GKE

It is not yet supported in GKE, unfortunately. We are all anxious to offer something as soon as possible. Tim On Mon, Apr 24, 2017 at 1:39 AM, wrote: > On Thursday, January 26, 2017 at 5:36:36 PM UTC, m...@ub.io wrote: >> Hello, >> >> What network plugin does GKE

Re: [kubernetes-users] Failed to connect to external service from pod

What network driver are you using? kubenet? CNI + flannel? CNI + weave? CNI + calico? What is your Service cluster IP range? Can you ping from the pod to its own Node IP? Can you ping from the pod to a different Node IP? On Mon, Apr 24, 2017 at 6:29 AM, Roger Song

Re: [kubernetes-users] One environment or many per cluster?

Sam, I don't have a clean answer for you. What you really want (it seems) is nested Namespaces. If only our foresight were better... The way we end up doing it internally is that foo-prod and foo-test get baked into the templates that produce the final configs that are sent to the master.

Re: RE : Re: RE : Re: RE : Re: [kubernetes-users] composition of services it's possible?

Nothing is impossible, but somethings are difficult. You could spin up a deployment per user, size 1, with a persistent volume, and run install packages onto the PV, rather than the rootfs. Or you could do a `docker build` which does `apt-get install` on all the extra packages you want, push that

Re: [kubernetes-users] How to change the adress of port-forwarding

hyy > > 2017-04-05 22:38 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and > Q <kubernetes-users@googlegroups.com>: >> >> On Wed, Apr 5, 2017 at 2:23 PM, YASMINE CHEIKHROUHOU >> <yasmine.cheikhrou...@enis.tn> wrote: >> > it seems that i don't

Re: [kubernetes-users] How to change the adress of port-forwarding

; i want this in the picture but i can't because it's forwarding only > localhost > thank you > > 2017-04-05 22:02 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and > Q <kubernetes-users@googlegroups.com>: >> >> On what cloud? >> >> On Wed, Apr 5,

Re: [kubernetes-users] How to change the adress of port-forwarding

RNAL-IP appears > > 2017-04-05 21:32 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and > Q <kubernetes-users@googlegroups.com>: >> >> I don't think you want to use `kubectl port-forward` for production - >> it runs the traffic through the master API. You clear

Re: [kubernetes-users] How to change the adress of port-forwarding

.tn> wrote: > I want to setup it for a permanent fixture > Does you understand,Sir, what i mean? > > 2017-04-05 16:54 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and > Q <kubernetes-users@googlegroups.com>: >> >> kubectl port-forward is not really designed

Re: [kubernetes-users] Outgoing network connections from pods fail on brand new cluster

I thought flannel made that rule, but I have not run flannel in a while... On Wed, Apr 5, 2017 at 1:18 PM, Jimmy Cuadra wrote: > Thanks, Tim! > > Is Flannel itself supposed to make those iptables changes, or does > kube-proxy do it? I'm still not sure how to proceed, or

Re: [kubernetes-users] How to change the adress of port-forwarding

od 3389 > The result will be like this: > Forwarding from 192.168.56.1:3389 -> 3389 > but --bind-address is not supported how to do? > > 2017-04-05 0:41 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and > Q <kubernetes-users@googlegroups.com>: >> >> Can you

Re: [kubernetes-users] Outgoing network connections from pods fail on brand new cluster

I see the flannel masquerade for inbound traffic (-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE) but not for outbound (expect -A POSTROUTING -s 10.244.0.0/16 ! -d 10.244.0.0/16 -j MASQUERADE) On Wed, Apr 5, 2017 at 3:16 AM, wrote: > Hello all, > > I'm

Re: [kubernetes-users] How to change the adress of port-forwarding

Can you explain what you're trying to do? I think there's a little confusion. On Tue, Apr 4, 2017 at 1:23 AM, jasmin wrote: > Hello > I want to change the adress of localhost but --bind-adress is not supported > with my kubectl version > Is there a solution > I

Re: [kubernetes-users] Re: Need to use Oracle's Cloud Platform load balancer as External load Balancer for Kubernetes loadbalancer service type.

On Sun, Apr 2, 2017 at 11:22 PM, wrote: > > > > > > One More question , In case of Service type as loadbalancer , does the > configured loadbalancer points to : > > a) internal cluster service ip and cluster port of service. > b) Node ip and node port of the service.

<    1   2   3   >