Re: [kubernetes-users] Access Kubernetes Dashboard ui from browser

[Jordan Liggitt]

https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
 
is a good overview of the options for accessing the dashboard


On Tuesday, March 27, 2018 at 6:54:38 PM UTC-4, Rodrigo Campos wrote:
>
>
> On Tuesday, March 27, 2018, jw  wrote:
>
>> I am new to K8S. Follow https://get.k8s.io/ created a Kubernetes cluster 
>> in Google cloud (gce instances). I tries to access dashboard UI from 
>> browser but without success. The cluster-info looks like this:
>>
>> kubectl cluster-info
>> Kubernetes master is running at https://
>> GLBCDefaultBackend is running at 
>> https:///api/v1/namespaces/kube-system/services/default-http-backend/proxy
>> Heapster is running at 
>> https:///api/v1/namespaces/kube-system/services/heapster/proxy
>> KubeDNS is running at 
>> https:///api/v1/namespaces/kube-system/services/kube-dns/proxy
>> kubernetes-dashboard is running at 
>> https:///api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy
>> Metrics-server is running at 
>> https:///api/v1/namespaces/kube-system/services/metrics-server/proxy
>> Grafana is running at 
>> https:///api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
>> InfluxDB is running at 
>> https:///api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
>>
>> The Kubernetes version is 1.9. When I typed https:///ui on 
>> browser, I am getting:
>>
>
> Why this URL and not the one for Kubernetes dashboard that you posted some 
> lines above?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can I launch Google Container Engine (GKE) in Private GCP network Subnet?

[Vinita]

Hi,

I am trying to use private cluster. I am able to create private cluster but 
kubectl commands are not working. I am seeing connection time out error as 
below -

kubectl run nginx --image=nginx --replicas=2error: failed to discover 
supported resources: Get https://104.154.200.217/api: dial tcp 
104.154.200.217:443: i/o timeout
Am I missing something. I am seeing this issue in my SDK as well as Cloud 
shell.Thanks


On Monday, March 26, 2018 at 1:31:46 PM UTC-7, manjo...@google.com wrote:
>
> On Thursday, March 8, 2018 at 4:56:09 AM UTC, Tim Hockin wrote:
> > NB there are two issues here:
> > 
> > 1) how to run a cluster where the VMs have no public IP, and the node
> > <-> master comms are private IP.
> > 
> > 2) how to run a cluster with long-term-stable egress IPs.
> > 
> > They are not the same issue, despite being related :)
> > 
> > Tim
> > 
> > 
> > On Wed, Mar 7, 2018 at 2:27 AM,   
> wrote:
> > > On Friday, October 13, 2017 at 9:05:14 PM UTC+5:30, Tim Hockin wrote:
> > >> On Fri, Oct 13, 2017 at 3:17 AM,   
> wrote:
> > >> > On Friday, July 28, 2017 at 11:52:27 AM UTC+5:30, Tim Hockin wrote:
> > >> >> Private Google Access is not a private subnet.  That simply allows 
> your VMs to access google service without a public IP.  You still have to 
> make VMs without a public IP, which GKE does not support yet.
> > >> >
> > >> > Are there any near plan to have GKE working in Private network ? I 
> don't want to expose my containers to public IPs
> > >>
> > >> We are evaluating how best to support this.  In the mean time, it's
> > >> important to note that none of your containers are exposed by default,
> > >> they do not have external IPs, and with the exception of the nodes'
> > >> SSH port, all the default GCP firewalls default to "closed".  The only
> > >> "public" traffic required is GKE masters <-> nodes, and that is only
> > >> "public" in name.  The traffic stays withing Google's network.
> > >>
> > >> Tim
> > >
> > > I would like to give this thread a bump and love to know if there is 
> any update.
> > > It is not uncommon to allow access to a service by whitelisting the 
> public ip. Each kubernetes node having its own public ip makes a mess. 
> Right now, only solution seems to be running a NAT instance[1]. GCP doesn't 
> provide NAT gateway as service either, so one would have to deal with 
> scaling and high availability themselves.
> > >
> > >
> > > [1] 
> https://cloud.google.com/solutions/using-a-nat-gateway-with-kubernetes-engine
> > >
> > > --
> > > You received this message because you are subscribed to the Google 
> Groups "Kubernetes user discussion and Q" group.
> > > To unsubscribe from this group and stop receiving emails from it, send 
> an email to kubernetes-use...@googlegroups.com .
> > > To post to this group, send email to kubernet...@googlegroups.com 
> .
> > > Visit this group at https://groups.google.com/group/kubernetes-users.
> > > For more options, visit https://groups.google.com/d/optout.
>
> Hi,
>
> GKE now supports private clusters :-)
>
> https://cloudplatform.googleblog.com/2018/03/kubernetes-engine-private-clusters-now.html
>
> Hope that helps!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Re: Understending Google Pricing plan

[Łukasz Byjoś]

If your backend will be idle for the most of the time consider using 
AppEngine Standard which can get to 0 instances when not used. 

W dniu piątek, 9 marca 2018 19:00:29 UTC+1 użytkownik uzytk...@gmail.com 
napisał:
>
> Sorry if this is very basic question but my background is not in web 
> development. I'd like to deploy very basic web app (say ngnix + letsencrypt 
> + my backend) and I thought about using GCP instead of rolling my own 
> CoreOS/Atomic instance. However I'm unable to make sense out of pricing 
> plan and my estimates range from $7 (cheaper than alternatives) to $2000 
> (!).
>
> How to estimate running a few docker containers in GCP which in total 
> would take <500M and would be idle most of the time?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Load balancer drops backend while leaving frontend connected

['Tim Hockin' via Kubernetes user discussion and Q]

Which environment and which Ingress controller?

On Thu, Mar 29, 2018 at 8:42 PM Tyler Johnson 
wrote:

> Is it possible that an HTTP load balancer (auto-configured as part of an
> Ingress) could occasionally drop backend connections while leaving the
> frontend connected?
>
> I'm running a websocket backend service (the backend-service timeout is
> high) and on very rare occasions I'll see the service pod log that the
> client dropped connection, while on the client side the HTTP connection is
> still ESTABLISHED. So I'm guessing it must be the LB.
>
> Is there a recommended way to troubleshoot the LB?
>
> Any other potential scenarios that could cause this problem?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Load balancer drops backend while leaving frontend connected

[Tyler Johnson]

Is it possible that an HTTP load balancer (auto-configured as part of an 
Ingress) could occasionally drop backend connections while leaving the 
frontend connected?

I'm running a websocket backend service (the backend-service timeout is 
high) and on very rare occasions I'll see the service pod log that the 
client dropped connection, while on the client side the HTTP connection is 
still ESTABLISHED. So I'm guessing it must be the LB.

Is there a recommended way to troubleshoot the LB?

Any other potential scenarios that could cause this problem?  

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to allow firewall for containers.

['Tim Hockin' via Kubernetes user discussion and Q]

The normal answer is 10.0.0.0/8, and if you need more 192.168.0.0/16 and
172.16.0.0/12

On Thu, Mar 29, 2018 at 1:33 AM Immadi Ramalingeswararao <
immadi_ramalingeswara...@papajohns.com> wrote:

> Hi , I have my jenkins slaves running on gke dynamically on port 5. If
> I don't allow 0.0.0.0 to use port 5 jobs are getting suspended and I
> need to allow those containers to access my nexus server which is running
> on port 8080 on a different instance but same network. In firewall I have
> to allow those containers to access nexus-port 8080. But I don't want to
> keep 0.0.0.0 in source IP ranges. What is the IP range that I should allow
> to make these work. I tried Internal IPs, Cluster EndPoint in Source IP and
> targets I allowed all instances in the network. It is not working as
> expected. I need some help.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] service with host network

['Tim Hockin' via Kubernetes user discussion and Q]

What networking features do you lose?

On Thu, Mar 29, 2018, 8:59 AM  wrote:

> Hi
>
> I'd like to setup my pods to have two network, the first is the default
> k8s network and the second one the host (node) network.
>
> The reason is that I need to bind to range of UDP ports, and also for
> performance cost I rather also to bind to physical port.
>
> I don't want to use the hostNetwork: true, since i'd lose the networking
> features of k8s, and won't be able to load balance the actual service.
>
> Is this possible to define the two networks, is there an example for that?
>
> Thank you
> Guy.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Kubernetes deployment

[Gidesh Pampingal]

Hi All,

Maybe an extremely naive question, but would appreciate help .

We are running our project on GKE cluster in GCP and have weekly 
deployments where we rollout our application which is a containerized 
Springboot Java app alongwith Nginx components thats caches static assets 
which are stored in a GCS bucket. We deploy this as a Deployment with 6 
replicas for the springboot app and 12 replicas for nginx. We use Gocd as 
our CICD tool.

Springboot app occupies most of the CPU and RAM.

During every deployment we see a drop in Request per second at the Google 
Load Balancer, spike in latency and backend for a minute before going back 
to normal. Although we dont see any drop from a website point of view ie, 
page response times , page views etc. Its just the GCP stats that goes 
haywire for just a minute or so.

Maybe it is expected.

Can anyone suggest if there is a way to improve the deployment ?

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Re: kubernetes logging to splunk

[Gidesh Pampingal]

We are using GCP's log exports -> topic -> subscription and then Splunk's 
GCP add on to configure the subscriptions to get the log events.

On Saturday, March 24, 2018 at 11:13:55 AM UTC, Oğuz Yarımtepe wrote:
>
> Hi,
>
> I have a new cluster with K8s 1.9.5 I will have tomcat based apps mainly 
> and i need to send app logs to my splunk. I tried using a fluentd daemonset 
> and configmap but somehow i got errors. Anyone has a working sample?
>
> Regards.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] service with host network

[guy1976]

Hi

I'd like to setup my pods to have two network, the first is the default k8s 
network and the second one the host (node) network.

The reason is that I need to bind to range of UDP ports, and also for 
performance cost I rather also to bind to physical port.

I don't want to use the hostNetwork: true, since i'd lose the networking 
features of k8s, and won't be able to load balance the actual service.

Is this possible to define the two networks, is there an example for that?

Thank you 
Guy.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] join group

[itu...@139.com]

hello:
kubernetes-users@googlegroups.com


itu...@139.com

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] How to allow firewall for containers.

[Immadi Ramalingeswararao]

Hi , I have my jenkins slaves running on gke dynamically on port 5. If 
I don't allow 0.0.0.0 to use port 5 jobs are getting suspended and I 
need to allow those containers to access my nexus server which is running 
on port 8080 on a different instance but same network. In firewall I have 
to allow those containers to access nexus-port 8080. But I don't want to 
keep 0.0.0.0 in source IP ranges. What is the IP range that I should allow 
to make these work. I tried Internal IPs, Cluster EndPoint in Source IP and 
targets I allowed all instances in the network. It is not working as 
expected. I need some help.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Network Policy to limit open connections per pod

['Matthias Rampke' via Kubernetes user discussion and Q]

Did you check what the tracked connections were? We had to massively reduce
the timeouts on UDP tracking, but this got things under control well. Check
whether your application may be doing one DNS request per transaction /
outgoing request, this happens in many standard libraries unless you take
great care.

/MR

On Wed, Mar 28, 2018, 17:57 Jonathan Tronson  wrote:

> When the downstream service went south we rapidly went from ~25k to 500k
> in the table in less than a minute. I wouldn’t think there would be a
> reasonable number to set that to that could prevent the entire node from
> being affected. TPS was so high that catastrophe could be delayed a bit but
> not prevented by a higher number.
>
> We also noticed that when this breakdown occurs the network traffic and
> CPU utilization on our DNS servers increased tremendously.
>
> On Mar 28, 2018, at 8:44 AM, Rodrigo Campos  wrote:
>
> Just curious, but why not change the contrack limit?
>
> On Wednesday, March 28, 2018,  wrote:
>
>> Is there anything similar to a network policy that limits x open
>> connections per pod?
>>
>> During a 100k TPS load test, a subset of pods had errors connecting to a
>> downstream service and we maxed out the nf_conntrack table (500k) which
>> affected the rest of the pods on each node that had this issue - which
>> happened to be 55% of the cluster.
>>
>> Besides handling this at the application level, I wanted to protect the
>> cluster as a whole so that not one deployment can affect the entire cluster
>> in this manner.
>>
>> Thanks for any help.
>>
>> -Jonathan
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
>
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/ZlteifiQO8c/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
>
>
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.