Re: Is that possible to deploy openshift on existing k8s cluster?

2017-08-22 Thread Clayton Coleman
On Tue, Aug 22, 2017 at 4:38 PM, Sanjeev Rampal (srampal) wrote: > Hi, > > > > Two related (but slightly different) questions … > > > > 1) Is it possible to setup Openshift RBAC such that some specific > tenants can only use standard kubernetes APIs/ CLIs and not

Re: Is that possible to deploy openshift on existing k8s cluster?

2017-08-22 Thread Sanjeev Rampal (srampal)
Hi, Two related (but slightly different) questions … 1) Is it possible to setup Openshift RBAC such that some specific tenants can only use standard kubernetes APIs/ CLIs and not Openshift specific api/ clis ? This way, a service provider can provide some tenants a pure native

Re: Debugging router hostname matching

2017-08-22 Thread Aleksandar Lazic
Hi Henryk. on Dienstag, 22. August 2017 at 18:03 was written: > Hi, > I have exposed service using the following command: >   oc expose docker-registry > --hostname=docker-registry-default.ec2-52-59-245-55.eu-central-1.compute.amazonaws.com.nip.io > I can see route created properly: > > $ oc

Re: Can't push to registry after ansible install

2017-08-22 Thread Tim Dudgeon
Actually I should have looked closer. The error on EC2 was different: error: build error: Failed to push image: Get https://docker-registry.default.svc:5000/v1/_ping: x509: certificate is valid for docker-registry-default.router.default.svc.cluster.local, 172.30.224.210, not

Debugging router hostname matching

2017-08-22 Thread Henryk Konsek
Hi, I have exposed service using the following command: oc expose docker-registry --hostname= docker-registry-default.ec2-52-59-245-55.eu-central-1.compute.amazonaws.com.nip.io I can see route created properly: $ oc get routes NAME HOST/PORT PATH

Re: Can't push to registry after ansible install

2017-08-22 Thread Tim Dudgeon
This is what my /etc/resolv.conf looks like: # nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh # Generated by NetworkManager search localdomain cluster.local nameserver 10.0.0.245 That was with EC2. However, on Scaleway the line starting with search was missing. I

Re: Can't push to registry after ansible install

2017-08-22 Thread Scott Dodson
Yeah, we set OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 in /etc/sysconfig/origin-master you can remove that and restart the master and it will revert back to pushing via the service IP. However the installer will deploy certificates, secure the registry, and should be adding

Re: Can't push to registry after ansible install

2017-08-22 Thread Cesar Wong
I saw the same thing on a new cluster. I resolved it manually by: 1) adding ‘search cluster.local’ to the node’s /etc/resolv.conf 2) adding docker-registry.default.svc and docker-registry.default.svc.cluster.local to the docker daemon’s insecure registries then stopped the node service,

Re: OpenShift Gitlab webhook Jenkins issues.

2017-08-22 Thread Ben Parees
On Tue, Aug 22, 2017 at 10:25 AM, Gabe Montero wrote: > > > On Mon, Aug 21, 2017 at 8:08 AM, Thorvald Hallvardsson < > thorvald.hallvards...@gmail.com> wrote: > >> Hi Ben, >> >> yes you got right understanding of my problem. >> >> There is no build associated yet, as it

Re: OpenShift Gitlab webhook Jenkins issues.

2017-08-22 Thread Gabe Montero
On Mon, Aug 21, 2017 at 8:08 AM, Thorvald Hallvardsson < thorvald.hallvards...@gmail.com> wrote: > Hi Ben, > > yes you got right understanding of my problem. > > There is no build associated yet, as it doesn't even get to the stage when > it would fireup any build for the pipeline. It's literally

Re: Is that possible to deploy openshift on existing k8s cluster?

2017-08-22 Thread Clayton Coleman
Not today. We hope to do so at some point in the future, but today openshift requires additional compiled in control points that only work when installing origin directly from the binaries we build. On Aug 22, 2017, at 6:36 AM, Yu Wei wrote: Hi, Now we have existing k8s

Can't push to registry after ansible install

2017-08-22 Thread Tim Dudgeon
Hi All, I'm having problems with the ansible installer. I've created a very simple 1 node cluster using an inventory file like this: OSEv3:children] masters nodes [OSEv3:vars] ansible_ssh_user=root openshift_deployment_type=origin openshift_disable_check=docker_storage,memory_availability

Re: Upgrade to v3.6.0, "oc adm migrate storage" return many errors like: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`

2017-08-22 Thread Vyacheslav Semushin
2017-08-22 12:04 GMT+02:00 Stéphane Klein : > When I try to edit pods : > > oc edit pod app-2-8bh3m > > If I update a label I have this error: > > # Please edit the object below. Lines beginning with a '#' will be ignored, > # and an empty file will abort the edit. If

Is that possible to deploy openshift on existing k8s cluster?

2017-08-22 Thread Yu Wei
Hi, Now we have existing k8s cluster running workloads. We also want to make use of features provided by Openshift Origin, for example DevOps etc. Is that possible to integrate openshift origin with our existing k8s? Any advice? Thanks, Jared, (韦煜) Software developer Interested in open

Re: Upgrade to v3.6.0, "oc adm migrate storage" return many errors like: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`

2017-08-22 Thread Michal Fojtik
Also can you run this with --loglevel=10 and check what is being sent to the server when the forbidden error occurs? We are trying to find out what changed in the Pod spec that is breaking update. On 22 August 2017 at 12:22:37, Michal Fojtik (mfoj...@redhat.com) wrote: > That is after you

Re: Upgrade to v3.6.0, "oc adm migrate storage" return many errors like: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`

2017-08-22 Thread Michal Fojtik
That is after you switched to 3.6? Does this affect all pods or just some? Does the pods that can't be edited have secret volumes? On 22 August 2017 at 12:05:11, Stéphane Klein (cont...@stephane-klein.info) wrote: > When I try to edit pods : > > oc edit pod app-2-8bh3m > > If I update a label I

Re: Upgrade to v3.6.0, "oc adm migrate storage" return many errors like: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`

2017-08-22 Thread Stéphane Klein
When I try to edit pods : oc edit pod app-2-8bh3m If I update a label I have this error: # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures.

Re: Upgrade to v3.6.0, "oc adm migrate storage" return many errors like: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`

2017-08-22 Thread Michal Fojtik
Can you please post the YAML representation of the 'test-secret-6-qz4ar' pod? Or another pod that failed. Thanks! On 21 August 2017 at 23:49:56, Stéphane Klein (cont...@stephane-klein.info) wrote: > Hi, > > when I try to upgrade OpenShift Origin v1.5.1 cluster to v3.6.0 I have many > errors