from:"Brandon Philips"

Re: [kubernetes-users] pod creation fails

2018-01-26 Thread Brandon Philips

The user you are authenticating with doesn't have proper permissions. In
particular it looks like you are trying to use a kubectl from a node which
generally aren't allowed to create deployments.

Learn more here: https://kubernetes.io/docs/admin/authorization/rbac/

Good luck.

Brandon

On Fri, Jan 26, 2018 at 2:45 PM m k  wrote:

> Greetings...
>
> I am to new kubernetes. I have set up the master & worker. While trying to
> create a pod on the worker, I get the following:
>
> Any pointers & help would be very much appreciated.
>
> Thanks,
> Murali
> -
>
> [root@soljumpstart manifest]# kubectl get pods
> No resources found.
>
> [root@soljumpstart manifest]# kubectl run example --image=httpd --port=80
> Error from server (Forbidden): deployments.extensions is forbidden: User
> "system:node:soljumpstart" cannot create deployments.extensions in the
> namespace "default"
>
> [root@soljumpstartt]# kubectl version
> Client Version: version.Info{Major:"1", Minor:"8+",
> GitVersion:"v1.8.4+2.0.1.el7",
> GitCommit:"538ac53c74231a70b7ceca01b8f8d09a735b4ffb", GitTreeState:"\"git",
> BuildDate:"2017-12-14T22:28:43Z", GoVersion:"go1.8.3", Compiler:"gc",
> Platform:"linux/amd64"}
> Server Version: version.Info{Major:"1", Minor:"8+",
> GitVersion:"v1.8.4+2.0.1.el7",
> GitCommit:"538ac53c74231a70b7ceca01b8f8d09a735b4ffb", GitTreeState:"\"git",
> BuildDate:"2017-12-14T22:28:43Z", GoVersion:"go1.8.3", Compiler:"gc",
> Platform:"linux/amd64"}
>
> [root@soljumpstart manifest]# cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 7.4 (Maipo)
>
> [root@soljumpstart manifest]# kubectl get nodes
> NAME STATUSROLES AGE   VERSION
> soljumpstart Ready 2dv1.8.4+2.0.1.el7
> yumoel1-m1-inf   Ready master2dv1.8.4+2.0.1.el7
>
> cat example.yaml
>
> ---
> apiVersion: v1
> kind: Pod
> metadata:
> name: web
> spec:
> containers:
> - name: front
>   image: httpd
>   port:
> - containerPort: 80
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>


-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Waiting for all pods to start before running the container commands

2018-01-26 Thread Brandon Philips

The general advice is to just have your applications crash loop on whatever
invariant you are waiting on.

Does that now work for some reason?

On Thu, Jan 18, 2018 at 3:41 PM Karthik  wrote:

> Hi all,
>
> I created a StatefulSet service (yb-master) with 3 pods (yb-master-0,1,2).
> The cname of the headless service seems to list the pods that are currently
> running, so right when my processes start, they are not able to resolve the
> addresses of the others (I am using podManagementPolicy: "Parallel"). But
> to establish quorum, I need to wait for all the pods to come up before
> trying to leader elect.
>
> In the above scenario, is there some mechanism to wait for all the pods to
> come up before starting any of the processes?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>


-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] what are differences between hostpath and local volume?

2017-12-14 Thread Brandon Philips

Both use local disks available on a machine. But! Imagine you have a
cluster of three machines and have a Deployment with a replica of 1. If
your pod is scheduled on node A, writes to a host path, then the pod is
destroyed. At this point the scheduler will need to create a new pod, and
this pod might be scheduled to node C which doesn't have the data. Oops!

Local volumes fix this by ensuring a pod is scheduled to the machine where
the data exists.

On Thu, Dec 14, 2017 at 12:22 AM  wrote:

> Hi, all
>
> I'm searching the simplest volume to store data with hadoop containers.
>
> so I was trying to test hostpath and local volumes.
>
> but I failed to create a local volume in my cluster (# of nodes is 3)
>
>
> What are differences between hostpath and local volumes?
>
> I read a official document but I wasn't able to understand exactrly.
>
>
> https://kubernetes.io/docs/concepts/storage/volumes/#local
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Vagrant/Ansible/VirtualBox Cluster on Mac

2017-12-14 Thread Brandon Philips

FWIW, the Tectonic Sandbox
 is
also using VirtualBox + Vagrant. Just download and `vagrant up`.

Brandon

On Thu, Dec 14, 2017 at 8:40 AM Kris Dockery  wrote:

> Matt,
>
> I'm running three VirtualBox VMs:
>
> Master: 1 vCPU, 4 GB RAM, 20 GB HDD
> Workers: 1 vCPU, 2 GB RAM, 20 GB HDD
>
> This should be plenty of CPU, RAM, and HDD space for a test cluster. You
> can adjust accordingly if you plan on testing any significant workloads.
>
> All are running CentOS 7.4 with static IP addresses in the same subnet,
> and swap disabled. From this point, I recommend reading the instructions at
> https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ very
> carefully before actually proceeding step by step. When you get to the
> point of choosing a Pod Network Plugin, I use and recommend Calico.
>
>
> Kris Dockery
> Support Engineer
> Heptio
>
> On Thu, Dec 14, 2017 at 10:27 AM, Matt Madhavan 
> wrote:
>
>> Hi Kris,
>> Thanks for the reply. Do you mind sharing the instructions please?
>>
>> Thanks
>> Matt
>>
>> On Dec 14, 2017 9:58 AM, "Kris Dockery"  wrote:
>>
>>> Hi Matt,
>>>
>>> I installed my cluster on my Mac using kubeadm. My nodes are Virtualbox
>>> VMs running CentOS 7.4. It was simple and straightforward.
>>>
>>>
>>> Kris
>>>
>>> On Thu, Dec 14, 2017 at 5:38 AM, Jay Vyas 
>>> wrote:
>>>
 Minikube is easy.
 GKE is easy and free to start out.
 For a real install you can try kubicorn, kubeadm, kops.


 On Dec 14, 2017, at 3:46 AM, 'Rohit Agarwal' via Kubernetes user
 discussion and Q&A  wrote:

 Try https://github.com/kubernetes/minikube

 On Wed, Dec 13, 2017 at 6:44 PM,  wrote:

> Hello all,
> I have been struggling to get a Kubernetes Cluster on my Mac OsX the
> past 3 weeks! No luck. Does any one have a clean solution? There are so
> many GitHub solutions but none of them work. I swear to god!
>
> Feel like going back to CF!
>
> Granted I a'int no DevOps guy,but have been an IT Application
> Architect for over 15 years and I am really smart and have offered 
> multiple
> IT solutions successfully! And I am strugling!
>
> Can some one point me to the right direction? I have access to both
> Mac and Ubuntu.
>
> Some straight forward process, with Vagrant, Ansible. Looks like
> Kubeadnin is still in flux. Things must not be this complicated! Any help
> will be appreciated.
>
> Thanks in advance!
>
> Matt
>
> --
> You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com
> .
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

 --
 You received this message because you are subscribed to the Google
 Groups "Kubernetes user discussion and Q&A" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to kubernetes-users+unsubscr...@googlegroups.com.
 To post to this group, send email to kubernetes-users@googlegroups.com.
 Visit this group at https://groups.google.com/group/kubernetes-users.
 For more options, visit https://groups.google.com/d/optout.

 --
 You received this message because you are subscribed to the Google
 Groups "Kubernetes user discussion and Q&A" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to kubernetes-users+unsubscr...@googlegroups.com.
 To post to this group, send email to kubernetes-users@googlegroups.com.
 Visit this group at https://groups.google.com/group/kubernetes-users.
 For more options, visit https://groups.google.com/d/optout.

>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Kubernetes user discussion and Q&A" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/kubernetes-users/IgQbtI70VhE/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> kubernetes-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to kubernetes-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send e

Re: [kubernetes-users] unable to mount a folder inside container(pod) to host folder in kubernetes .

2017-11-13 Thread Brandon Philips

It looks like the volumes section is not indented correctly. It should be
indented to the same level as containers as it is part of the PodSpec[1].

[1] https://v1-6.docs.kubernetes.io/docs/api-reference/v1.6/#podspec-v1-core

Brandon

On Mon, Nov 13, 2017 at 2:00 PM  wrote:

> Hi i am trying to mount the volume from container to host and throwing an
> exception to me .
> My
> yaml is like this
>
> apiVersion: extensions/v1beta1
> kind: Deployment
> metadata:
>name: vthree-f3dev-app-pod-volumes
>labels:
>  component: apiserver
>  provider: kubernetes
> spec:
>   replicas: 1
>   selector:
>   template:
> metadata:
>   labels:
> component: apiserver
> provider: kubernetes
> spec:
>   containers:
>   - name: f3dev
> image: XX
> ports:
> - containerPort: 8443
> volumeMounts:
> - mountPath: /etc/tomcat8/logs
>   name: test-volume
> env:
>   - name : VTHREE_F3DEV_APP_POD_SERVICE_CONTEXT_ROOT
> value : "f3dev"
>   - name : SOLR_SERVC_CONTEXT_ROOT
> value : "solr"
>   volumes:
>   - name: test-volume
> hostPath:
>   path: /logs/f3dev-pod-logs
>
>
>
> And i am getting error while i am trying to deploy this
>
> The Deployment "vthree-f3dev-app-pod-volumes" is invalid:
> spec.template.spec.containers[0].volumeMounts[0].name: Not found:
> "test-volume"
>
>
>
> my kubctl version
>
> kubectl --version
> Kubernetes v1.5.2
>
>
> Please suggest me where i am doing wrong .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Getting informations from my Kubernetes

2017-11-09 Thread Brandon Philips

Hello Matheus-

I would suggest you run kube-state-metrics
 and the Prometheus Node
Exporter . For example, we run
these as Daemon Sets on CoreOS Tectonic  and
then scrape the metrics using Prometheus  to get a
time series, the end result is the data you are looking for
. Then using the
Prometheus
API  you can
get a JSON timeseries.

Brandon

On Thu, Nov 9, 2017 at 10:30 AM Matheus Tramontini 
wrote:

> Hello.
> I would like to know how  I could get my server informations as like CPU,
> Memory, etc as a JSON using a R script to plot these informations with
> graphic and etc. If it's not possible, would be possible to get these
> informations with another language and convert to R after this?
> The goal is to be possible for all the DEV team to see the status of our
> kubernete server. Is there a way to distribute this information without
> everyone acessing the kubernetes dashboard?
> THanks for the help
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] [ANNOUNCE] Prometheus 2.0 Released

2017-11-08 Thread Brandon Philips

Hello Everyone-

ICYMI Prometheus, a fellow CNCF project for container monitoring, has
released their v2.0 today.

You can learn more from the release from these links:

1. CoreOS post with in-depth benchmarks

2. Project blog
 release
post
3. High-level context from the New Stack


Congrats to the entire Prometheus team for getting to this milestone!

Cheers,

Brandon

[1] https://coreos.com/blog/prometheus-2.0-released
[2] https://prometheus.io/blog/2017/11/08/announcing-prometheus-2-0/
[3] https://thenewstack.io/prometheus-2-0-bulks-local-storage/
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] K8s LoadBalancer services Metrics ?

2017-10-24 Thread Brandon Philips

You would need to have a protocol aware in between your app and your load
balancer like https://istio.io/ OR have your app export metrics to
something like Prometheus (example

).

Brandon

On Mon, Oct 23, 2017 at 10:07 AM Vinoth Narasimhan 
wrote:

> Is there a way in kubernetes to get the metrics of the K8s LoadBalancer
> services like latency,request/sec, count based on error codes ..etc
>
> In stackdriver it list only the ingress metrics
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Unable to connect to to Oracle DB which is running on host from Kuberenetes POD

2017-10-06 Thread Brandon Philips

What is the connection string you are using? You will need to use a URL
that gets forwarded out of the pod. Localhost will go to the pods localhost
for example.

You could do a test of things by using hostNetwork=true in the pod spec:
https://kubernetes.io/docs/api-reference/v1.6/#podspec-v1-core

On Fri, Oct 6, 2017 at 2:54 AM  wrote:

> Hi ,
>
>
>   I am new to kubernets and trying to containerize my app
> on K8's. I facing trouble to connect to  DB which is running on host from
> kubernetes pod. While the same is getting connected from docker container .
> Please let me know what details you required to assist me and let me know
> how to grab those details .
>
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Kubernetes Job Opportunity- Michigan

2017-09-21 Thread Brandon Philips

Aside: There is https://groups.google.com/forum/#!forum/kubernetes-jobs and
#kubernetes-careers on Slack for these sort of discussions.

Brandon

On Thu, Sep 21, 2017 at 3:32 PM Rodrigo Campos  wrote:

> Sorry, but please don't use the Kubernetes users mailing list to recruit
> people. The topic of this is to share and ask about Kubernetes specific
> problems.
>
> It's not about jobs nor about other technical tools. Please help us to
> keep it this way.
>
> On Thursday, September 21, 2017,  wrote:
>
>> I have an opening in the Infrastructure Architecture space. This person
>> will be architecting Infrastructure for Applications. On a day to day basis
>> this will be responsible for reviews, bringing in new technologies, working
>> with POC’s for vendors. There will be a lot of interaction between this
>> team and other groups (engineering, operations, vendors) so it is
>> imperative that this individual  has good communication written and oral. A
>> majority of the focus that this individual will be responsible for will be
>> for NGDC specifically around new technologies. Ideally we would like this
>> person to come from a midsized to enterprise organization (1,000 servers +)
>>
>> This individual will need strong experience with Kubernetes which is an
>> open source system for automating deployment and management of
>> containerized applications. They should be able to engineer and have
>> implementation knowledge.) This person should also have strong experience
>> with Docker. Docker helps to run and manage applications in isolated
>> containers. (Containers:  Containers do not bundle a full operating system,
>> only libraries and settings required to make software work are needed. This
>> helps to make efficient, lightweight, self-contained system and guarantees
>> that the software will always run the same, regardless of where it’s
>> deployed.) This individual will be responsible for planning, developing and
>> the implementation, and the maintenance of Containers. This will allow Ford
>> to extract through the Operating System without interrupting. This is
>> cutting edge technology in the industry.
>>
>>
>> Top 3:
>> - 1-3+ years of experience with Kubernetes and/or Docker
>> Being able to engineer and have implementation knowledge, being able to
>> develop Docker images.
>> - 3+ years of experience with Cloud technologies
>> Currently they are using Azure but open to AWS, PCF
>> General understanding of the concepts, usage and strategies.
>> - 3-5+ years of experience of engineering VMware
>> They are currently on 6.5
>>
>> Having experience with Vro, Vra
>> General understanding of the products and the capabilities
>>
>> Nice to have: Linux (Suse or Ubuntu) automation, vRealize
>>
>> If you or anyone you may know is interested in this position please email
>> jf...@teksystems.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: Kubernetes pulled image with digital instead of tag

2017-09-08 Thread Brandon Philips

An image tag is resolved to a concrete content addressable identifier. So,
1.7.9 is just an easy human understandable shortcut to the content address
of f01bde0.

The OCI spec sort of explains it here:
https://github.com/opencontainers/image-spec/blob/master/image-layout.md#indexjson-file

Brandon

On Thu, Sep 7, 2017 at 11:10 PM Yong Zhang  wrote:

> The 'digital' in title should be 'digest'
>
>
> On Friday, 8 September 2017 13:55:35 UTC+8, Yong Zhang wrote:
>>
>> Hi, all
>>
>> I have a very tricky issue here, I defined image with tag in
>> deployment.yaml like this:
>>
>> apiVersion: apps/v1beta1kind: Deploymentmetadata:
>>   name: nginx-deploymentspec:
>>   replicas: 3
>>   template:
>> metadata:
>>   labels:
>> app: nginx
>> spec:
>>   containers:
>>   - name: nginx
>> image: nginx:1.7.9
>> ports:
>> - containerPort: 80
>>
>>
>> After pods created, found images was pulled with 
>> nginx:@sha256:f01bde0e7c010304b9637f8d1ef8843082002531a77077a18aaa56e65bd100d6,
>> not expected nginx:1.7.9
>>
>> Can anyone tell me why this happening? Thanks a lot.   (Kubernetes
>> version 1.7.2)
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] RollingUpdate strategy on statefulsets

2017-09-08 Thread Brandon Philips

Can you `kubectl describe statefulset foo`? There might be details there.

Also, did you upgrade from 1.6?
https://groups.google.com/forum/#!topic/kubernetes-announce/5T8Ah5xuFz8

On Fri, Sep 8, 2017 at 5:51 AM  wrote:

> Hi,
>
> currently I am using Kubernetes (v 1.7.4) to deploy a Lagom microservices
> application. Each service is represented by a statefulset with a
> RollingUpdate update strategy.
>
> I read in this documentation (
> https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update)
> that, with a RollingUpdate strategy, there is no need to manually delete
> each pod to trigger an update. Meaning that only a patch command is enough.
> Still, I still have to do so in my case.
>
> Did any of you experience this issue before?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to get access to the Heapster's Grafana dashboard after clean Kubernetes installation using Rancher

2017-09-08 Thread Brandon Philips

Hello Parth-

This isn't a general Kuberentes question so you might get help on the
Rancher forums: https://forums.rancher.com/

Brandon

On Fri, Sep 8, 2017 at 6:21 AM Parth Gandhi  wrote:

> I have just installed 3 node kubernetes cluster using rancher. I am trying
> to access the grafana dashboard with the url that i get from cluster info
> output. However i am getting unathorized error.
>
>
> monitoring-grafana is running at
> https://mypublicIP:8080/r/projects/1a7/kubernetes:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
> 
>
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Overriding kube-dns settings using the config map

2017-09-08 Thread Brandon Philips

You can do lots of interesting things with kube-dns or a custom dns. See
this talk too: https://www.youtube.com/watch?v=VUCyrY7pHeE

Mark (cc'd) has experience doing the custom DNS setups.

Brandon

On Fri, Sep 8, 2017 at 11:54 AM  wrote:

> I see that kube-dns now has support for a config map, as well as the
> ability to override some config settings by updating the contents of the
> map:
>
>
> http://blog.kubernetes.io/2017/04/configuring-private-dns-zones-upstream-nameservers-kubernetes.html
>
> Is it possible to override all kube-dns settings using the map?  Or only
> just federations, sub domains, and upstream name servers?
>
> I've been trying to override the kube-master-url setting using the map,
> but it doesn't seem to be working.
>
> Thanks,
>
> DR
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
CTO, CoreOS, Inc
Tectonic is enterprise Kubernetes
https://coreos.com/tectonic

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] FQDN's for pods?

2017-09-05 Thread Brandon Philips

That won't do what he wants, I don't think.

$ kubectl run -i -t busybox --image=busybox --restart=Never -n
team-tectonic --overrides='{ "apiVersion": "v1", "spec": {"hostname":
"hello", "subdomain": "example"}}'
If you don't see a command prompt, try pressing enter.
/ # hostname -f
hello.example.team-tectonic.svc.cluster.local
/ #

Essentially he wants hostname and subdomain to combine and set the FQDN.
Not just the start of the FQDN. E.g. hello.example

Brandon

On Tue, Sep 5, 2017 at 1:50 PM 'Tim Hockin' via Kubernetes user discussion
and Q&A  wrote:

>
> https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records-and-hostname-based-on-pods-hostname-and-subdomain-fields
>
> ?
>
> On Tue, Sep 5, 2017 at 1:41 PM, David Rosenstrauch 
> wrote:
> > Is it possible to make Kubernetes assign fully-qualified domain names to
> > pods at launch?  I know Docker supports this using the "-h" flag (e.g.,
> > "docker run -h host1234.ourdomain.com ...") but I don't see a
> corresponding
> > way to trigger that functionality in containers launched by k8s.
> >
> > We have a requirement for this, as we have piece of software for which we
> > have a site license that we want to containerize.  However the s/w does
> the
> > site license verification by checking the domain suffix of the host it's
> > running on.  (I.e., using "hostname -f")  So if we can't get our pods and
> > services to use the domain name suffix, we won't be able to run the app
> > inside a container.
> >
> > I've searched a bit, but don't see a definitive solution to the issue.
> Any
> > suggestions much appreciated!
> >
> > Thanks,
> >
> > DR
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] [ANNOUNCE] CoreOS Tectonic 1.7.1 with Azure Support, Calico, and more

2017-08-17 Thread Brandon Philips

Hello Everyone-

CoreOS Tectonic v1.7.1 has been released! This brings new Azure support,
Calico policy, and much more. You can learn more about the release on the
blog post:

https://coreos.com/blog/announcing-tectonic-1.7.1

As part of this release the Tectonic Installer project gained stable Azure
support. If you aren't familiar, the Tectonic Installer uses Terraform to
install pure upstream Kubernetes and optionally Tectonic components, as
well. And, it currently supports installation on AWS, bare metal, and a
number of alpha platforms including VMware and OpenStack. Learn more on
Github:

https://github.com/coreos/tectonic-installer

This Tectonic Installer project has a number of work-in-progress PRs to
support Digitalocean[1] and Google Cloud[2]. If you are interested in
getting involved we would love your help:

https://github.com/coreos/tectonic-installer/#getting-started

Thank You!

Brandon

[1] https://github.com/coreos/tectonic-installer/pull/604
[2] https://github.com/coreos/tectonic-installer/pull/531

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Generally speaking, separate apps = separate clusters, right?

2017-08-11 Thread Brandon Philips

Great overview Tim! This should be an FAQ item somewhere.

On Fri, Aug 11, 2017 at 4:55 PM 'Tim Hockin' via Kubernetes user discussion
and Q&A  wrote:

> This is not an easy question to answer without opining.  I'll try.
>
> Kubernetes was designed to model Borg.  This assumes a smaller number
> of larger clusters, shared across applications and users and
> environments.  This design decision is visible in a number of places
> in the system - Namespaces, ip-per-pod, Services, PersistentVolumes.
> We really emphasized the idea that sharing is important, and the
> consumption of global resources (such as ports on a node) is rare and
> carefully guarded.  The benefits of this are myriad: amortization of
> overhead, good HA properties, efficient bin-packing, higher
> utilization, and centralization of cluster administration, just to
> name a few.
>
> What we see most often, though, is people using one cluster for one
> application (typically a number of Deployments, Services, etc. but one
> logical app).  This means that any user of non-trivial size is going
> to have multiple clusters.  This reduces the opportunities for
> efficiency and overhead amortization, and increases the administrative
> burden (and likely decreases the depth of understanding any one admin
> can reach).
>
> So, why?
>
> First, Kubernetes is, frankly, missing a few things that make the Borg
> model truly viable.  Most clouds do not have sub-VM billing abilities.
> Container security is not well trusted yet (though getting better).
> Linux's isolation primitives are not perfect (Google has hundreds or
> thousands of patches) but they are catching up.  The story around
> identity and policy and authorization and security are not where we
> want them to be.
>
> Second, it's still pretty early in the overall life of this system.
> Best practices are still being developed / discovered.  Books are
> still being written.
>
> Third, the system is still evolving rapidly.  People are not sure how
> things like multi-tenancy are going to look as they emerge.  Siloing
> is a hedge against uncertainty.
>
> Fourth, upgrades-in-place are not as easy or robust as we want them to
> be.  It's sometimes easier to just bring up a new cluster and flip the
> workload over.  That is easier when the workload is more contained.
>
> All that said, I still believe the right eventual model is shared.  I
> fully understand why people are not doing that yet, but I think that
> in a couple years time we will look back on this era as Kubernetes'
> awkward adolescence.
>
> Tim
>
> On Fri, Aug 11, 2017 at 4:38 PM,   wrote:
> > First, I'm sorry if this question has already been asked & answered. My
> search-foo may have failed me.
> >
> > We're in the process of moving to k8s and I'm not confident about how
> many clusters I should setup. I know there are many possible options, but
> I'd really appreciate feedback from people running k8s throughout their
> company.
> >
> > Nearly everything we run is containerized, and that includes our
> company-wide internal services like FreeIPA, Gitlab, Jenkins, etc. We also
> have multiple, completely separate, applications with varying
> security/auditing needs.
> >
> > Today, we schedule all of our containers via salt which only allows for
> containers to be mapped to systems in a fixed way (not great). We have a
> group of systems for each application environment and one group for
> internal services. Each group of systems may be subject to different
> network restrictions, depending on what they're running.
> >
> > The seemingly-obvious answer to replace our setup with k8s clusters is
> the following configuration:
> >
> > - Create one cluster for internal services
> > - Create one cluster per application, with environments managed by
> namespaces whenever possible
> >
> > Great, that puts us with several clusters, but a smaller number of
> clusters than our previous "system groups". And, our network rules will
> mostly remain as-is.
> >
> > However, there is another option. It seems that a mix of calico
> ingress/egress rules, namespaces, RBAC, and carefully crafted pod resource
> definitions would allow us to have a single large cluster. Maybe it's just
> my inexperience, but that path seems daunting.
> >
> > So, all that background leads me to the simple question: In general, do
> you create one cluster per application? If not, do you have some other
> general rule that's not just "when latency or redudancy require it, make a
> new cluster"?
> >
> > Thanks in advance!
> > Terence
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https

Re: [kubernetes-users] Can't view logs in python pod/container

2017-08-10 Thread Brandon Philips

Great! I would argue your application isn't behaving properly and there is
some code that expects a TTY that should be fixed.

On Thu, Aug 10, 2017 at 1:52 PM David Rosenstrauch 
wrote:

> Yep, that did the trick!
>
> Thanks,
>
> DR
>
> On 2017-08-10 4:43 pm, Brandon Philips wrote:
> > What you are doing is fine. Just do kubectl edit deployment
> > custom-django-app and add tty: true to the podspec. I bet it will
> > start working.
> >
> > On Thu, Aug 10, 2017 at 11:10 AM David Rosenstrauch
> >  wrote:
> >
> >> The Dockerfile is pretty straightforward:
> >>
> >> FROM ubuntu:16.04
> >> RUN apt-get update && apt-get install -y --no-install-recommends
> >> python3-django sqlite3 && rm -rf /var/lib/apt/lists/*
> >> WORKDIR django-apps
> >> ADD challenge1.tar.gz .
> >> WORKDIR challenge1
> >> EXPOSE 8080
> >> ENTRYPOINT python3 -u manage.py runserver 0.0.0.0:8080 [1]
> >>
> >> And then I launch it on k8s like so:
> >>
> >> kubectl run custom-django-app
> >> --image=":5000/custom-django-app"
> >> kubectl expose deployments custom-django-app --port 8080 --type
> >> NodePort
> >>
> >> Any idea where I'm going wrong?
> >>
> >> Thanks,
> >>
> >> DR
> >>
> >> On 2017-08-10 1:15 pm, Brandon Philips wrote:
> >>> Hello David-
> >>>
> >>> Can you share the code to your app? Something about the app
> >> requires a
> >>> TTY to print out logs.
> >>>
> >>> Alternatively, add `tty: True` to the PodSpec
> >>> https://kubernetes.io/docs/api-reference/v1.7/#podspec-v1-core
> >>>
> >>> Brandon
> >>>
> >>> On Wed, Aug 9, 2017 at 9:30 AM David Rosenstrauch
> >> 
> >>> wrote:
> >>>
> >>>> I'm running a python process (django server) in a pod, which
> >> writes
> >>>> its
> >>>> output to stdout, but attempting to view the logs with "kubctl
> >> logs"
> >>>> shows nothing.
> >>>>
> >>>> I'm similarly unable to view the logs when I run it as a
> >> standalone
> >>>> docker process (i.e., using "docker logs") - unless I run the
> >> docker
> >>>> container using "-dt", at which point I can see the logs just
> >> fine
> >>>> using
> >>>> "docker logs".
> >>>>
> >>>> The problems, here though, are:
> >>>>
> >>>> 1) kubectl doesn't have a flag combo of -dt that I can use to
> >> launch
> >>>> the
> >>>> container.
> >>>> 2) If I try to use kubectl to launch using just "-t", it forces
> >> me
> >>>> to
> >>>> use "-i" as well - which then puts me into interactive mode,
> >> which
> >>>> is
> >>>> not what I want.
> >>>> 3) It seems like I'm doing something wrong here - i.e., I
> >> shouldn't
> >>>> need
> >>>> to be jumping through all these hoops altogether to be getting
> >> log
> >>>> output.
> >>>>
> >>>> Can anyone please advise what's the correct way to handle this?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> DR
> >>>>
> >>>> --
> >>>> You received this message because you are subscribed to the
> >> Google
> >>>> Groups "Kubernetes user discussion and Q&A" group.
> >>>> To unsubscribe from this group and stop receiving emails from it,
> >>>> send an email to kubernetes-users+unsubscr...@googlegroups.com.
> >>>> To post to this group, send email to
> >>>> kubernetes-users@googlegroups.com.
> >>>> Visit this group at
> >>>> https://groups.google.com/group/kubernetes-users.
> >>>> For more options, visit https://groups.google.com/d/optout.
> >>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> >>> Groups "Kubernetes user discussion and Q&A" group.
> >>> To unsubscribe from this group and stop receiving emails from it,
> >> send
> >>> an email to kubernetes-users+unsubscr...@googlegroups.com.
> >>&g

Re: [kubernetes-users] Can't view logs in python pod/container

2017-08-10 Thread Brandon Philips

What you are doing is fine. Just do kubectl edit deployment  custom-django-app
and add tty: true to the podspec. I bet it will start working.

On Thu, Aug 10, 2017 at 11:10 AM David Rosenstrauch 
wrote:

> The Dockerfile is pretty straightforward:
>
> FROM ubuntu:16.04
> RUN apt-get update && apt-get install -y --no-install-recommends
> python3-django sqlite3 && rm -rf /var/lib/apt/lists/*
> WORKDIR django-apps
> ADD challenge1.tar.gz .
> WORKDIR challenge1
> EXPOSE 8080
> ENTRYPOINT python3 -u manage.py runserver 0.0.0.0:8080
>
> And then I launch it on k8s like so:
>
> kubectl run custom-django-app
> --image=":5000/custom-django-app"
> kubectl expose deployments custom-django-app --port 8080 --type NodePort
>
> Any idea where I'm going wrong?
>
> Thanks,
>
> DR
>
> On 2017-08-10 1:15 pm, Brandon Philips wrote:
> > Hello David-
> >
> > Can you share the code to your app? Something about the app requires a
> > TTY to print out logs.
> >
> > Alternatively, add `tty: True` to the PodSpec
> > https://kubernetes.io/docs/api-reference/v1.7/#podspec-v1-core
> >
> > Brandon
> >
> > On Wed, Aug 9, 2017 at 9:30 AM David Rosenstrauch 
> > wrote:
> >
> >> I'm running a python process (django server) in a pod, which writes
> >> its
> >> output to stdout, but attempting to view the logs with "kubctl logs"
> >> shows nothing.
> >>
> >> I'm similarly unable to view the logs when I run it as a standalone
> >> docker process (i.e., using "docker logs") - unless I run the docker
> >> container using "-dt", at which point I can see the logs just fine
> >> using
> >> "docker logs".
> >>
> >> The problems, here though, are:
> >>
> >> 1) kubectl doesn't have a flag combo of -dt that I can use to launch
> >> the
> >> container.
> >> 2) If I try to use kubectl to launch using just "-t", it forces me
> >> to
> >> use "-i" as well - which then puts me into interactive mode, which
> >> is
> >> not what I want.
> >> 3) It seems like I'm doing something wrong here - i.e., I shouldn't
> >> need
> >> to be jumping through all these hoops altogether to be getting log
> >> output.
> >>
> >> Can anyone please advise what's the correct way to handle this?
> >>
> >> Thanks,
> >>
> >> DR
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> >> Groups "Kubernetes user discussion and Q&A" group.
> >> To unsubscribe from this group and stop receiving emails from it,
> >> send an email to kubernetes-users+unsubscr...@googlegroups.com.
> >> To post to this group, send email to
> >> kubernetes-users@googlegroups.com.
> >> Visit this group at
> >> https://groups.google.com/group/kubernetes-users.
> >> For more options, visit https://groups.google.com/d/optout.
> >
> >  --
> > You received this message because you are subscribed to the Google
> > Groups "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to
> > kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Can't view logs in python pod/container

2017-08-10 Thread Brandon Philips

Hello David-

Can you share the code to your app? Something about the app requires a TTY
to print out logs.

Alternatively, add `tty: True` to the PodSpec
https://kubernetes.io/docs/api-reference/v1.7/#podspec-v1-core

Brandon

On Wed, Aug 9, 2017 at 9:30 AM David Rosenstrauch  wrote:

> I'm running a python process (django server) in a pod, which writes its
> output to stdout, but attempting to view the logs with "kubctl logs"
> shows nothing.
>
> I'm similarly unable to view the logs when I run it as a standalone
> docker process (i.e., using "docker logs") - unless I run the docker
> container using "-dt", at which point I can see the logs just fine using
> "docker logs".
>
> The problems, here though, are:
>
> 1) kubectl doesn't have a flag combo of -dt that I can use to launch the
> container.
> 2) If I try to use kubectl to launch using just "-t", it forces me to
> use "-i" as well - which then puts me into interactive mode, which is
> not what I want.
> 3) It seems like I'm doing something wrong here - i.e., I shouldn't need
> to be jumping through all these hoops altogether to be getting log
> output.
>
> Can anyone please advise what's the correct way to handle this?
>
> Thanks,
>
> DR
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Running kubectl on "self cluster" from a container

2017-08-03 Thread Brandon Philips

I don't quite understand what you are trying to do, but I think you need
host networking. Try adding: --net=host

Brandon

On Thu, Aug 3, 2017 at 2:19 AM Itamar O  wrote:

> Hi,
>
> I have a Jenkins slave pod running on GKE.
> In that pod, I can run kubectl commands and they seem to automagically
> operate on "self cluster" (the cluster in which the pod is running).
> But if I run `docker run -it image-with-kubectl kubectl cluster-info` I
> get the notorious
> "The connection to the server localhost:8080 was refused - did you specify
> the right host or port?"
>
> Thinking that the pod was created with a kubecfg that knows about the
> cluster, I ran `kubectl config view` inside the pod, but got an empty
> config.
>
> Trying to add `--server` to kubectl with the external master IP (that I
> get from cluster-info on my laptop) or with the internal master IP
> (cluster-info inside the pod) - I get a login prompt that I have no
> credentials for.
>
> For completeness:
> I can `docker run` in the pod because I installed docker inside and
> mounted the docker socket as a volume.
> Using k8s 1.6.4 on GKE.
>
> Any ideas?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: Create K8S with my own certificates

2017-07-24 Thread Brandon Philips

Yes, similarly the Tectonic Installer

has
docs and the ability to provide your own CA.

On Thu, Jul 20, 2017 at 9:37 PM 'Robert Bailey' via Kubernetes user
discussion and Q&A  wrote:

> kube-up.sh doesn't have a way to provide your own certificates when
> creating the cluster. Since it's a bunch of bash, you can modify the script
> to skip the certificate generation though (replace this line
> 
>  with
> a call to your own function that sets the desired environment variables).
>
> If you don't mind provisioning your own VMs, you can use kubeadm
>  to
> form a cluster on GCE which has the ability to bring your own certificates.
> You can also use kubernetes-anywhere
>  to both provision VMs
> (using terraform) and set up the cluster but I don't recall offhand if it
> allows you to use custom certificates.
>
> On Wed, Jul 5, 2017 at 12:51 AM, Eddie Mashayev <
> eddie.masha...@xplenty.com> wrote:
>
>> Anyone?
>>
>>
>> On Tuesday, July 4, 2017 at 3:47:25 PM UTC+3, Eddie Mashayev wrote:
>>>
>>> Hi,
>>>
>>> I have a question regarding *kube-up.sh* how do I use my own
>>> certificates and not the default generated by the script.
>>> Is there any better way to create K8S on GCE(*Not GKE*) other then
>>> *kube-up.sh*
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to install Kubernetes on CoreOS

2017-07-19 Thread Brandon Philips

The Tectonic Installer has under development VMware support. Please give it
a shot!

On Fri, Jul 7, 2017 at 8:24 AM  wrote:

> Thank you for your reply.
>
> At this point I am testing on 3 VM hosted on VMWare, but eventually I
> would like to install on Bare Metal.
>
> On Thursday, July 6, 2017 at 4:05:49 PM UTC-7, Brandon Philips wrote:
> > There are various install methods for Kubernetes on CoreOS Container
> Linux[1]. Where are you looking to install?
> >
> >
> > If you are looking to install on AWS, Bare Metal, or Azure try out the
> Tectonic Free Tier and the Tectonic Installer.
> >
> >
> >
> > Cheers,
> >
> >
> > Brandon
> >
> >
> > [1]
> https://coreos.com/blog/tectonic-self-driving.html#coreos-linux-is-now-container-linux
> >
> >
> > On Thu, Jul 6, 2017 at 3:51 PM  wrote:
> > I am looking for step by step installation guide for Kubernetes on
> CoreOS. Their official documentation is very difficult to follow. Are there
> better supported OS platforms than CoreOS?
> >
> >
> >
> > --
> >
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> >
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-use...@googlegroups.com.
> >
> > To post to this group, send email to kubernet...@googlegroups.com.
> >
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> >
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to install Kubernetes on CoreOS

2017-07-06 Thread Brandon Philips

There are various install methods for Kubernetes on CoreOS Container
Linux[1]. Where are you looking to install?

If you are looking to install on AWS, Bare Metal, or Azure try out the Tectonic
Free Tier  and the Tectonic Installer
.

Cheers,

Brandon

[1]
https://coreos.com/blog/tectonic-self-driving.html#coreos-linux-is-now-container-linux

On Thu, Jul 6, 2017 at 3:51 PM  wrote:

> I am looking for step by step installation guide for Kubernetes on CoreOS.
> Their official documentation is very difficult to follow. Are there better
> supported OS platforms than CoreOS?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How kubectl be authorized ?

2017-07-06 Thread Brandon Philips

Authorization can be done with
https://kubernetes.io/docs/admin/authorization/rbac/

In Tectonic we use OIDC authentication which gives you a User to key off
of. But, you can use x509 certificates with O/CN's to key off of too.

HTH,

Brandon

On Wed, Jun 28, 2017 at 2:41 AM Shafreeck Sea  wrote:

> Hi guys:
>
> I am a newbie here, maybe I am asking a trivial question.
>
> I read the docs about section of authentication and authorization, and the
> docs said :
>
> Kubernetes authorizes API requests using the API server. It evaluates all
>> of the request attributes against all policies and allows or denies the
>> request. All parts of an API request must be allowed by some policy in
>> order to proceed. This means that permissions are denied by default.
>
>
> All the permissions are denied by default, why kubectl has full
> permissions to access the apiserver ? I know it can be authenticated use
> certificate, but how about authorization?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Use minikube in windows subsystem for linux?

2017-06-21 Thread Brandon Philips

Why the additional complexity? What problem are you trying to solve?

minikube is only called for minikube.exe start to launch the vm; after that
you can use kubectl over the network.

On Wed, Jun 21, 2017 at 4:13 PM dsanders  wrote:

> It seems like it could indirectly use Hyper-V by making use of the
> docker-daemon which is running outside of WSL via TCP channel or something
> like that.
>
> WSL does support running windows executables, but that isn't without its
> problems.
>
>
>
> On Wednesday, June 21, 2017 at 5:51:17 PM UTC-5, Brandon Philips wrote:
>>
>> Wait, you want to use the Linux minikube binary to talk to Hyper-v?
>>
>> Hrm, I don't think that will work. Is there a reason you can't use
>> minikube.exe?
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Use minikube in windows subsystem for linux?

2017-06-21 Thread Brandon Philips

Wait, you want to use the Linux minikube binary to talk to Hyper-v?

Hrm, I don't think that will work. Is there a reason you can't use
minikube.exe?

On Wed, Jun 21, 2017 at 3:30 PM dsanders  wrote:

> I don't know enough about how minikube works under the hood, but it seems
> like all that would be needed would be to add a special driver type to the
> linux version to get this to work?  I'm not sure how long hyperkube will be
> around or supported (unless minikube makes use of it internally or
> something).
>
>
>
> On Wednesday, June 21, 2017 at 4:57:30 PM UTC-5, Brandon Philips wrote:
>
>> Subscribe to this bug report to track my progress;
>> https://github.com/kubernetes/minikube/issues/1627
>>
>> On Wed, Jun 21, 2017 at 2:53 PM Brandon Philips 
>> wrote:
>>
> Aside: NAT setups also work but Windows inexplicably doesn't have a
>>> built-in DHCP server. I had to write one in Go to get NAT + minikube to
>>> work.
>>>
>>> Anyways, I will have a guide in the next week or two.
>>>
>>> On Wed, Jun 21, 2017 at 2:51 PM Brandon Philips 
>>> wrote:
>>>
>> Hyperkube should work with some caveats.
>>>>
>>>> I have a few notes from my work but this is a good starting point:
>>>> https://github.com/kubernetes/minikube/issues/1598
>>>>
>>>> Also, you have to setup an external network switch and use that as
>>>> described here:
>>>> https://blogs.msdn.microsoft.com/wasimbloch/2017/01/23/setting-up-kubernetes-on-windows10-laptop-with-minikube/
>>>>
>>>> I hope to create a better guide soon.
>>>>
>>>> Brandon
>>>>
>>>> On Wed, Jun 21, 2017 at 10:05 AM dsanders  wrote:
>>>>
>>> I've been running Docker for Windows with the daemon running on windows
>>>>> side under Hyper-V and accessing it via Windows Subsystem for Linux with
>>>>> the linux docker command (it is basically a client to the remote docker
>>>>> daemon).  I'd like to know if I can do something similar with minikube.
>>>>> Right now, the linux version of minikube appears to not support hyperv
>>>>> driver.
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Kubernetes user discussion and Q&A" group.
>>>>>
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to kubernetes-use...@googlegroups.com.
>>>>> To post to this group, send email to kubernet...@googlegroups.com.
>>>>
>>>>
>>>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Use minikube in windows subsystem for linux?

2017-06-21 Thread Brandon Philips

Subscribe to this bug report to track my progress;
https://github.com/kubernetes/minikube/issues/1627

On Wed, Jun 21, 2017 at 2:53 PM Brandon Philips 
wrote:

> Aside: NAT setups also work but Windows inexplicably doesn't have a
> built-in DHCP server. I had to write one in Go to get NAT + minikube to
> work.
>
> Anyways, I will have a guide in the next week or two.
>
> On Wed, Jun 21, 2017 at 2:51 PM Brandon Philips <
> brandon.phil...@coreos.com> wrote:
>
>> Hyperkube should work with some caveats.
>>
>> I have a few notes from my work but this is a good starting point:
>> https://github.com/kubernetes/minikube/issues/1598
>>
>> Also, you have to setup an external network switch and use that as
>> described here:
>> https://blogs.msdn.microsoft.com/wasimbloch/2017/01/23/setting-up-kubernetes-on-windows10-laptop-with-minikube/
>>
>> I hope to create a better guide soon.
>>
>> Brandon
>>
>> On Wed, Jun 21, 2017 at 10:05 AM dsanders  wrote:
>>
>>> I've been running Docker for Windows with the daemon running on windows
>>> side under Hyper-V and accessing it via Windows Subsystem for Linux with
>>> the linux docker command (it is basically a client to the remote docker
>>> daemon).  I'd like to know if I can do something similar with minikube.
>>> Right now, the linux version of minikube appears to not support hyperv
>>> driver.
>>>
>>> Thanks in advance!
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Kubernetes user discussion and Q&A" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to kubernetes-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to kubernetes-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Use minikube in windows subsystem for linux?

2017-06-21 Thread Brandon Philips

Aside: NAT setups also work but Windows inexplicably doesn't have a
built-in DHCP server. I had to write one in Go to get NAT + minikube to
work.

Anyways, I will have a guide in the next week or two.

On Wed, Jun 21, 2017 at 2:51 PM Brandon Philips 
wrote:

> Hyperkube should work with some caveats.
>
> I have a few notes from my work but this is a good starting point:
> https://github.com/kubernetes/minikube/issues/1598
>
> Also, you have to setup an external network switch and use that as
> described here:
> https://blogs.msdn.microsoft.com/wasimbloch/2017/01/23/setting-up-kubernetes-on-windows10-laptop-with-minikube/
>
> I hope to create a better guide soon.
>
> Brandon
>
> On Wed, Jun 21, 2017 at 10:05 AM dsanders  wrote:
>
>> I've been running Docker for Windows with the daemon running on windows
>> side under Hyper-V and accessing it via Windows Subsystem for Linux with
>> the linux docker command (it is basically a client to the remote docker
>> daemon).  I'd like to know if I can do something similar with minikube.
>> Right now, the linux version of minikube appears to not support hyperv
>> driver.
>>
>> Thanks in advance!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Use minikube in windows subsystem for linux?

2017-06-21 Thread Brandon Philips

Hyperkube should work with some caveats.

I have a few notes from my work but this is a good starting point:
https://github.com/kubernetes/minikube/issues/1598

Also, you have to setup an external network switch and use that as
described here:
https://blogs.msdn.microsoft.com/wasimbloch/2017/01/23/setting-up-kubernetes-on-windows10-laptop-with-minikube/

I hope to create a better guide soon.

Brandon

On Wed, Jun 21, 2017 at 10:05 AM dsanders  wrote:

> I've been running Docker for Windows with the daemon running on windows
> side under Hyper-V and accessing it via Windows Subsystem for Linux with
> the linux docker command (it is basically a client to the remote docker
> daemon).  I'd like to know if I can do something similar with minikube.
> Right now, the linux version of minikube appears to not support hyperv
> driver.
>
> Thanks in advance!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [k8s-sig-net] Re: [kubernetes-users] Accessing kafka from outside kubernetes

2017-06-07 Thread Brandon Philips

Thanks Bowei!

On Wed, Jun 7, 2017 at 10:53 AM 'Bowei Du' via Kubernetes user discussion
and Q&A  wrote:

> The docs for the GA feature should be available with the 1.7 release
> (feature went GA this release).
>
> It looks like there is a section discussing the feature via annotations
> here:
>
> https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
>
> Bowei
>
> On Wed, Jun 7, 2017 at 10:31 AM, Brandon Philips <
> brandon.phil...@coreos.com> wrote:
>
>> Try the source ip preservation beta feature:
>> https://github.com/kubernetes/kubernetes/issues/35758
>>
>> I have no idea where the official docs for this is though. SIG Networking?
>>
>> On Wed, Jun 7, 2017 at 1:13 AM  wrote:
>>
>>> Hi Brandon,
>>>
>>> Thanks for the link! Good to hear that it will be fixed in version 1.7.
>>> I will try out the alpha version.
>>>
>>> NodePort is working fine, the only drawback of it for my use case is
>>> that it opens a port on all kubernetes nodes.
>>>
>>> Thanks for the help!
>>>
>>> On Tuesday, June 6, 2017 at 6:23:24 PM UTC+2, Brandon Philips wrote:
>>> > HostPort should be fixed in CNI and should be fixed-fixed in
>>> Kubernetes 1.7:
>>> https://github.com/kubernetes/kubernetes/issues/23920#issuecomment-299535316
>>> >
>>> >
>>> > NodePort should work though, are you experiencing issues with that?
>>> >
>>> >
>>> > Brandon
>>> >
>>> >
>>> > On Tue, Jun 6, 2017 at 7:08 AM  wrote:
>>> > Hi Brandon,
>>> >
>>> >
>>> >
>>> > Thanks for the response.
>>> >
>>> >  Kafka is publishing a message to a topic in two-step process:
>>> >
>>> > a. Connect to a broker which is a pod running on a kubernetes worker
>>> and get metadata about the topic i.e. who is the leader of the topics
>>> partitions (info stored in zookeeper)
>>> >
>>> > b. Connect to that leader and start sending data to it
>>> >
>>> >
>>> >
>>> > Say I would use port forwarding to solve phase a. However, for phase b
>>> I would need to have some port opened on the worker node where the kafka
>>> leader container is running. Since I want my publisher to connect directly
>>> to the worker node running the kafka leader.
>>> >
>>> >
>>> >
>>> > On top of that I see that the portforward.go mentions something about
>>> a  "upgraded HTTP request" for the communication. I want to be able to
>>> connect on the TCP level to the kafka node.
>>> >
>>> >
>>> >
>>> > One approach from my side was to use nodePort to open a port on the
>>> nodes where kafka is running. However, this seems not to work properly see
>>> https://github.com/kubernetes/kubernetes/issues/23920.
>>> >
>>> >
>>> >
>>> > Thanks,
>>> >
>>> > George
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Tuesday, June 6, 2017 at 2:24:19 AM UTC+2, Brandon Philips wrote:
>>> >
>>> > > Find a Kubernetes Pod by Label Selector and Port-forward Locally
>>> >
>>> > >
>>> >
>>> > >
>>> >
>>> > > Given a namespace "your-namespace" and a label query that identifies
>>> the pods you are interested in connect to a particular pod instance. If the
>>> label selector doesn't find a unique pod it will connect to the first pod
>>> by name. Ensure you replace 8080 with your pod's port.
>>> >
>>> > >
>>> >
>>> > >
>>> >
>>> > > kubectl -n your-namespace get pods -n your-namespace -l
>>> run=hello-world -o jsonpath='{.items[1].metadata.name}' | xargs -I{}
>>> kubectl -n your-namespace port-forward {} 8080
>>> >
>>> > >
>>> >
>>> > >
>>> >
>>> > > On Wed, May 31, 2017 at 1:43 AM  wrote:
>>> >
>>> > > Hello everybody,
>>> >
>>> > >
>>> >
>>> > >
>>> >
>>> > >
>>> >
>>> > > I've setup a 3 node kafka cluster running on kubernetes using
>>> stateful sets and headless se

Re: [kubernetes-users] Setting up my POD YML file to access my AppDynamics installation not working

2017-06-07 Thread Brandon Philips

Can you include the entire yaml? It is hard to tell without more context.

On Wed, Jun 7, 2017 at 10:35 AM Homer Najafi  wrote:

> Hi All,
>
>
>
> I am getting this error when I try to kubectl my yml file:
>
> [root@mx1605 ~]# kubectl create -f my-pod.yml
>
> [root@mx1605 ~]# kubectl logs my-pod
>
> *Error opening zip file or JAR manifest missing : /javaagent.jar*
>
> *Error occurred during initialization of VM*
>
> *agent library failed to init: instrument*
>
>
>
> I have this in my yml file:
>
>   env:
>
> -
>
>   name: APPD_ROOT
>
>   value: /opt/AppD/AppDynamicsAppAgent
>
>   volumeMounts:
>
> -
>
>   mountPath: /opt/AppD/AppDynamicsAppAgent
>
>   name: appd-volume
>
>   volumes:
>
> -
>
>   hostPath:
>
> path: /opt/AppD/AppDynamicsAppAgent
>
>   name: appd-volume
>
>
>
>
>
> If I run it directly via docker command it works:
>
> docker run -itd --name my-pod \
>
>  -v /opt/AppD/AppDynamicsAppAgent:/opt/AppD/AppDynamicsAppAgent \
>
>  -e APPD_ROOT=/opt/AppD/AppDynamicsAppAgent  \
>
>  my-pod:1
>
>
>
>
>
> Any idea?
>
>
>
> Thanks,
>
>
>
> Homer
>
>
>
>
>
> The information contained in this email message and any attachments is
> confidential and intended only for the addressee(s). If you are not an
> addressee, you may not copy or disclose the information, or act upon it,
> and you should delete it entirely from your email system. Please notify the
> sender that you received this email in error.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Accessing kafka from outside kubernetes

2017-06-07 Thread Brandon Philips

Try the source ip preservation beta feature:
https://github.com/kubernetes/kubernetes/issues/35758

I have no idea where the official docs for this is though. SIG Networking?

On Wed, Jun 7, 2017 at 1:13 AM  wrote:

> Hi Brandon,
>
> Thanks for the link! Good to hear that it will be fixed in version 1.7. I
> will try out the alpha version.
>
> NodePort is working fine, the only drawback of it for my use case is that
> it opens a port on all kubernetes nodes.
>
> Thanks for the help!
>
> On Tuesday, June 6, 2017 at 6:23:24 PM UTC+2, Brandon Philips wrote:
> > HostPort should be fixed in CNI and should be fixed-fixed in Kubernetes
> 1.7:
> https://github.com/kubernetes/kubernetes/issues/23920#issuecomment-299535316
> >
> >
> > NodePort should work though, are you experiencing issues with that?
> >
> >
> > Brandon
> >
> >
> > On Tue, Jun 6, 2017 at 7:08 AM  wrote:
> > Hi Brandon,
> >
> >
> >
> > Thanks for the response.
> >
> >  Kafka is publishing a message to a topic in two-step process:
> >
> > a. Connect to a broker which is a pod running on a kubernetes worker and
> get metadata about the topic i.e. who is the leader of the topics
> partitions (info stored in zookeeper)
> >
> > b. Connect to that leader and start sending data to it
> >
> >
> >
> > Say I would use port forwarding to solve phase a. However, for phase b I
> would need to have some port opened on the worker node where the kafka
> leader container is running. Since I want my publisher to connect directly
> to the worker node running the kafka leader.
> >
> >
> >
> > On top of that I see that the portforward.go mentions something about a
> "upgraded HTTP request" for the communication. I want to be able to connect
> on the TCP level to the kafka node.
> >
> >
> >
> > One approach from my side was to use nodePort to open a port on the
> nodes where kafka is running. However, this seems not to work properly see
> https://github.com/kubernetes/kubernetes/issues/23920.
> >
> >
> >
> > Thanks,
> >
> > George
> >
> >
> >
> >
> >
> > On Tuesday, June 6, 2017 at 2:24:19 AM UTC+2, Brandon Philips wrote:
> >
> > > Find a Kubernetes Pod by Label Selector and Port-forward Locally
> >
> > >
> >
> > >
> >
> > > Given a namespace "your-namespace" and a label query that identifies
> the pods you are interested in connect to a particular pod instance. If the
> label selector doesn't find a unique pod it will connect to the first pod
> by name. Ensure you replace 8080 with your pod's port.
> >
> > >
> >
> > >
> >
> > > kubectl -n your-namespace get pods -n your-namespace -l
> run=hello-world -o jsonpath='{.items[1].metadata.name}' | xargs -I{}
> kubectl -n your-namespace port-forward {} 8080
> >
> > >
> >
> > >
> >
> > > On Wed, May 31, 2017 at 1:43 AM  wrote:
> >
> > > Hello everybody,
> >
> > >
> >
> > >
> >
> > >
> >
> > > I've setup a 3 node kafka cluster running on kubernetes using stateful
> sets and headless services.
> >
> > >
> >
> > > The problem is now I want read/write data from/to the cluster from
> outside the cluster.
> >
> > >
> >
> > > I have found a couple of suggestions here
> https://stackoverflow.com/questions/41868161/kafka-in-kubernetes-cluster-how-to-publish-consume-messages-from-outside-of-kub
> .
> >
> > >
> >
> > >
> >
> > >
> >
> > > Essentially, I've found 2 options:
> >
> > >
> >
> > > 1. Use hostNetwork: true when starting the kafka container and use
> as ADVERTISED_HOST in kafka the kubernetes worker node - this has
> >
> > >
> >
> > > 2. Use Services type NodePort to expose the kafka broker port to
> the outside world - drawback here is that it will open a port on all worker
> nodes and second the request will go through the kube proxy
> >
> > >
> >
> > >
> >
> > >
> >
> > > On top of this I still need to sync my external dns system with
> the dns of the kafka worker nodes.
> >
> > >
> >
> > >
> >
> > >
> >
> > > Could anyone share their experience on how they achieved this?
> >
> > >
> >
> > >
> >
> > >
> >
> > > Thanks,
&g

Re: [kubernetes-users] Can I know when will be the Kubernetes Cron Jobs beta/GA release?

2017-06-06 Thread Brandon Philips

Hello Amalka-

We track features in the github.com/kubernetes/features repo. You can find
the issue for CronJobs here:
https://github.com/kubernetes/features/issues/19

It looks like CronJobs will, at the soonest, hit beta in 1.8:
https://github.com/kubernetes/kubernetes/issues/41039#issuecomment-305489870

This means that the soonest it could be stable is 1.9.

Cheers,

Brandon

On Mon, Jun 5, 2017 at 11:16 PM Amalka Subasinghe <
amalkasubasin...@gmail.com> wrote:

> Can I know when will be the Kubernetes Cron Jobs beta/GA release?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Accessing kafka from outside kubernetes

2017-06-06 Thread Brandon Philips

HostPort should be fixed in CNI and should be fixed-fixed in Kubernetes
1.7:
https://github.com/kubernetes/kubernetes/issues/23920#issuecomment-299535316

NodePort should work though, are you experiencing issues with that?

Brandon

On Tue, Jun 6, 2017 at 7:08 AM  wrote:

> Hi Brandon,
>
> Thanks for the response.
>  Kafka is publishing a message to a topic in two-step process:
> a. Connect to a broker which is a pod running on a kubernetes worker and
> get metadata about the topic i.e. who is the leader of the topics
> partitions (info stored in zookeeper)
> b. Connect to that leader and start sending data to it
>
> Say I would use port forwarding to solve phase a. However, for phase b I
> would need to have some port opened on the worker node where the kafka
> leader container is running. Since I want my publisher to connect directly
> to the worker node running the kafka leader.
>
> On top of that I see that the portforward.go mentions something about a
> "upgraded HTTP request" for the communication. I want to be able to connect
> on the TCP level to the kafka node.
>
> One approach from my side was to use nodePort to open a port on the nodes
> where kafka is running. However, this seems not to work properly see
> https://github.com/kubernetes/kubernetes/issues/23920.
>
> Thanks,
> George
>
>
> On Tuesday, June 6, 2017 at 2:24:19 AM UTC+2, Brandon Philips wrote:
> > Find a Kubernetes Pod by Label Selector and Port-forward Locally
> >
> >
> > Given a namespace "your-namespace" and a label query that identifies the
> pods you are interested in connect to a particular pod instance. If the
> label selector doesn't find a unique pod it will connect to the first pod
> by name. Ensure you replace 8080 with your pod's port.
> >
> >
> > kubectl -n your-namespace get pods -n your-namespace -l run=hello-world
> -o jsonpath='{.items[1].metadata.name}' | xargs -I{} kubectl -n
> your-namespace port-forward {} 8080
> >
> >
> > On Wed, May 31, 2017 at 1:43 AM  wrote:
> > Hello everybody,
> >
> >
> >
> > I've setup a 3 node kafka cluster running on kubernetes using stateful
> sets and headless services.
> >
> > The problem is now I want read/write data from/to the cluster from
> outside the cluster.
> >
> > I have found a couple of suggestions here
> https://stackoverflow.com/questions/41868161/kafka-in-kubernetes-cluster-how-to-publish-consume-messages-from-outside-of-kub
> .
> >
> >
> >
> > Essentially, I've found 2 options:
> >
> > 1. Use hostNetwork: true when starting the kafka container and use
> as ADVERTISED_HOST in kafka the kubernetes worker node - this has
> >
> > 2. Use Services type NodePort to expose the kafka broker port to the
> outside world - drawback here is that it will open a port on all worker
> nodes and second the request will go through the kube proxy
> >
> >
> >
> > On top of this I still need to sync my external dns system with the
> dns of the kafka worker nodes.
> >
> >
> >
> > Could anyone share their experience on how they achieved this?
> >
> >
> >
> > Thanks,
> >
> > George
> >
> >
> >
> > --
> >
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> >
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-use...@googlegroups.com.
> >
> > To post to this group, send email to kubernet...@googlegroups.com.
> >
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> >
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Accessing kafka from outside kubernetes

2017-06-05 Thread Brandon Philips

Find a Kubernetes Pod by Label Selector and Port-forward Locally

Given a namespace "your-namespace" and a label query that identifies the
pods you are interested in connect to a particular pod instance. If the
label selector doesn't find a unique pod it will connect to the first pod
by name. Ensure you replace 8080 with your pod's port.

kubectl -n your-namespace get pods -n your-namespace -l run=hello-world -o
jsonpath='{.items[1].metadata.name}' | xargs -I{} kubectl -n your-namespace
port-forward {} 8080

On Wed, May 31, 2017 at 1:43 AM  wrote:

> Hello everybody,
>
> I've setup a 3 node kafka cluster running on kubernetes using stateful
> sets and headless services.
> The problem is now I want read/write data from/to the cluster from outside
> the cluster.
> I have found a couple of suggestions here
> https://stackoverflow.com/questions/41868161/kafka-in-kubernetes-cluster-how-to-publish-consume-messages-from-outside-of-kub
> .
>
> Essentially, I've found 2 options:
> 1. Use hostNetwork: true when starting the kafka container and use as
> ADVERTISED_HOST in kafka the kubernetes worker node - this has
> 2. Use Services type NodePort to expose the kafka broker port to the
> outside world - drawback here is that it will open a port on all worker
> nodes and second the request will go through the kube proxy
>
> On top of this I still need to sync my external dns system with the
> dns of the kafka worker nodes.
>
> Could anyone share their experience on how they achieved this?
>
> Thanks,
> George
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Running a Kubernetes cluster using VirtualBox

2017-06-05 Thread Brandon Philips

Any reason to not use https://github.com/kubernetes/minikube?

On Wed, May 31, 2017 at 9:02 AM Mike Cico  wrote:

> Hi all,
>
> I'm experimenting with Kubernetes on my local laptop (RHEL 7), and trying
> to set up a k8s cluster using VirtualBox.  Here's my configuration so far:
>
> - kubeadm/kubectl/kubelet 1.6
> - Docker 1.12.6
> - 2 VB nodes (master and worker) running Ubuntu 16.04
> - Both nodes are configured with NAT and host-only adapters
>
> The host-only network is intended as the internal network for the nodes to
> communicate, and the NAT adapter for external access.  The 2 VMs can ping
> each other over their host-only IPs fine.  However, when I run "kubectl get
> nodes" from the master, the worker node shows as "NotReady", so it's not
> able to accept deployments.
>
> I am able to set up the master node fine, and the work is able to join the
> cluster (apparently) fine, at least with no errors:
>
> Master node setup:
>
> kubeadm init --apiserver-advertise-address=192.168.99.100
> sudo cp /etc/kubernetes/admin.conf $HOME/
> sudo chown $(id -u):$(id -g) $HOME/admin.conf
> export KUBECONFIG=$HOME/admin.conf
> kubectl apply -f weave-daemonset-k8s-1.6.yaml   # Had to download the YAML
> separately for some reason
>
>
> Worker node setup:
>
> kubeadm join --token 9dd48f.2b3e4e3732b2aa41 192.168.99.100:6443
>
>
> If I run 'kubelet' from the command-line, I see the following info (I'm
> assuming log entries) from the kubelet service.  I've highlighted what I
> think are relevant errors:
>
>
> *W0531 11:56:58.167372   12376 cni.go:157] Unable to update cni config: No
> networks found in /etc/cni/net.d*
> I0531 11:56:58.175278   12376 manager.go:143] cAdvisor running in
> container: "/user.slice"
> *W0531 11:56:58.182134   12376 manager.go:151] unable to connect to Rkt
> api service: rkt: cannot tcp Dial rkt api service: dial tcp 127.0.0.1:15441
> : getsockopt: connection refused*
> I0531 11:56:58.186323   12376 fs.go:117] Filesystem partitions:
> map[/dev/sda1:{mountpoint:/var/lib/docker/aufs major:8 minor:1 fsType:ext4
> blockSize:0}]
> I0531 11:56:58.192677   12376 manager.go:198] Machine: {NumCores:1
> CpuFrequency:2593992 MemoryCapacity:2097061888
> MachineID:ab4fad20859448f493aa428ffe811564
> SystemUUID:4F055E4A-2383-468C-A046-085F0112FE77
> BootID:74fd9c5d-3b1c-4588-9b04-c7adb5925dc1 Filesystems:[{Device:/dev/sda1
> Capacity:31571570688 Type:vfs Inodes:1966080 HasInodes:true}]
> DiskMap:map[8:0:{Name:sda Major:8 Minor:0 Size:34359738368
> Scheduler:deadline}] NetworkDevices:[{Name:datapath
> MacAddress:fe:02:7e:59:5c:29 Speed:0 Mtu:1376} {Name:dummy0
> MacAddress:3a:c5:c5:07:dc:87 Speed:0 Mtu:1500} {Name:enp0s3
> MacAddress:08:00:27:ba:e9:d0 Speed:1000 Mtu:1500} {Name:enp0s8
> MacAddress:08:00:27:6f:92:f0 Speed:1000 Mtu:1500} {Name:vxlan-6784
> MacAddress:7a:24:c6:5e:f1:48 Speed:0 Mtu:65485} {Name:weave
> MacAddress:ae:e7:0f:ef:10:c2 Speed:0 Mtu:1376}] Topology:[{Id:0
> Memory:2097061888 Cores:[{Id:0 Threads:[0] Caches:[{Size:32768 Type:Data
> Level:1} {Size:32768 Type:Instruction Level:1} {Size:262144 Type:Unified
> Level:2}]}] Caches:[{Size:3145728 Type:Unified Level:3}]}]
> CloudProvider:Unknown InstanceType:Unknown InstanceID:None}
> I0531 11:56:58.193392   12376 manager.go:204] Version:
> {KernelVersion:4.8.0-52-generic ContainerOsVersion:Ubuntu 16.04.2 LTS
> DockerVersion:1.12.6 CadvisorVersion: CadvisorRevision:}
> *W0531 11:56:58.193963   12376 server.go:350] No api server defined - no
> events will be sent to API server.*
> I0531 11:56:58.197668   12376 server.go:509] --cgroups-per-qos enabled,
> but --cgroup-root was not specified.  defaulting to /
> *I0531 11:56:58.204579   12376 cadvisor_linux.go:152] Failed to register
> cAdvisor on port 4194, retrying. Error: listen tcp :4194: bind: address
> already in use*
> *W0531 11:56:58.205325   12376 container_manager_linux.go:218] Running
> with swap on is not supported, please disable swap! This will be a fatal
> error by default starting in K8s v1.6! In the meantime, you can opt-in to
> making this a fatal error by enabling --experimental-fail-swap-on.*
> I0531 11:56:58.205461   12376 container_manager_linux.go:245] container
> manager verified user specified cgroup-root exists: /
> I0531 11:56:58.205513   12376 container_manager_linux.go:250] Creating
> Container Manager object based on Node Config: {RuntimeCgroupsName:
> SystemCgroupsName: KubeletCgroupsName: ContainerRuntime:docker
> CgroupsPerQOS:true CgroupRoot:/ CgroupDriver:cgroupfs
> ProtectKernelDefaults:false EnableCRI:true
> NodeAllocatableConfig:{KubeReservedCgroupName: SystemReservedCgroupName:
> EnforceNodeAllocatable:map[pods:{}] KubeReserved:map[] SystemReserved:map[]
> HardEvictionThresholds:[{Signal:memory.available Operator:LessThan
> Value:{Quantity:100Mi Percentage:0} GracePeriod:0s MinReclaim:}]}
> ExperimentalQOSReserved:map[]}
> *W0531 11:56:58.214810   12376 kubelet_network.go:70] Hairpin mode set to
> "promiscuous-bridge" but kubenet is not

Re: [kubernetes-users] kubernetes headless service FQDN for pods

2017-05-19 Thread Brandon Philips

Hrm, the svc.namespace resolution _should_ work. Can you test the
zk-2.zk-headless
record? See the troubleshooting tips on this page for how:
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

If you can't get those instructions to work we there are some more DNS /
networking debugging docs here
.

Aside: We just released a new project called zetcd
 which makes emulates zookeeper
on top of an etcd cluster. This makes it possible to launch an etcd cluster
on Kubernetes with the etcd Operator
 and run
zookeeper on top. This is the first release of zetcd though, but mesos and
kafka are working against it.

Cheers,

Brandon


On Fri, May 19, 2017 at 6:32 AM  wrote:

> Hello everybody,
>
> I was following the kubernetes tutorial from here
> https://kubernetes.io/docs/tutorials/stateful-application/zookeeper/. The
> tutorial is great and I was able to run it successfully.
>
> However, I tried to reproduce the steps of running zookeeper using a
> separate namespace.
> First, I tried to configure the zoo.cfg  like this:
>
> server.1=zk-0.zk-headless:2888:3888
> server.2=zk-1.zk-headless:2888:3888
> server.3=zk-2.zk-headless:2888:3888
>
> This setup didn't work. Only two nodes server.2 and server.3 were forming
> a cluster, sometimes also server.1 and server.2 but it was always that one
> of the servers didn't join the cluster.
>
> The configuration that worked for me for zoo.cfg was:
>
> server.1=zk-0.zk-headless.mynamespace.svc.cluster.local:2888:3888
> server.2=zk-1.zk-headless.mynamespace.svc.cluster.local:2888:3888
> server.3=zk-2.zk-headless.mynamespace.svc.cluster.local:2888:3888
>
> With this config all 3 zookeepers were forming a cluster and everything
> works fine.
> The question is why do I need to specify the FQDN for this example to
> work? Even in the first case were I specified statefulset.service, this
> name was resolved to only one IP. Are FQDN always
>  necessary when referencing a pod in a stateful set like in the above
> example?
>
>
> I'm running kubernetes 1.6 on AWS with one master and one worked node.
>
> Thanks,
> George
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Re: SIG-Azure proposal

2017-05-18 Thread Brandon Philips

I 100% agree they shouldn't be the primary form of user support but it is 
really common to send people to a SIG mailing list or Slack channel if 
questions start to look like a bug or feature request. I think this is OK 
as it gets user feedback into the SIG loop.

On Thursday, May 18, 2017 at 10:55:35 AM UTC-7, Joe Beda wrote:
>
> Not taking a stand here but SIGs aren't really a user support mechanism.  
> We should have other support channels that don't have the long term 
> commitment of a SIG.
>
> Totally supportive of a slack channel or mailing list for azure user 
> support/help.
>
> Joe
>
> On Thu, May 18, 2017 at 10:47 AM Brendan Burns  > wrote:
>
>> I'm very happy to see this SIG be recognized. We have a bunch of users 
>> and projects that this SIG can help support.
>>
>>
>> On Monday, May 15, 2017 at 9:08:27 AM UTC-7, Tim Hockin wrote:
>>
>>> I'd rather see a sig-node that spawns topical subgroups.  There are many 
>>> topics that cross-cultural all the clouds, and we have no such forum.
>>>
>> On May 15, 2017 8:34 AM, "Ihor Dvoretskyi"  wrote:
>>>
>> I'd be happy to see yet another member of a Cloud Providers SIGs family!
>>>
>>> On May 15, 2017 4:14 PM, "Jaice DuMars"  wrote:
>>>
>>> All,

 I'd like to revive the effort to create 

 SIG-Azure that was referenced in both this 
  PR and this 
  issue.

 *Proposed mission statement:*

 A Special Interest Group for building, deploying, maintaining, 
 supporting, and using Kubernetes on Azure Container Service.

 *Secondary statement:*

 The SIG will be responsible for designing, discussing, and maintaining 
 the Azure cloud provider and its relevant tests. The SIG will also be 
 responsible for any roadmap and release requirements for Kubernetes on 
 Azure.

 *Rationale and Raison D'être: *

 Since the time of the discussion linked above, Microsoft has become 
 strategically-focused on Kubernetes as an indispensable component in the 
 Azure ecosystem.  This was underscored by the recent acquisition of Deis 
 and GA rollout of Kubernetes in Azure Container Service.  

 The purposes of the SIG are specifically:

 - Provide a consistent and accountable interface to the Kubernetes 
 project/product management structure for features specific to the Azure 
 cloud provider, as well as a readout space for efforts undertaken in other 
 SIGs 

 - Help organize the rapidly-growing ACS Kubernetes community for 
 knowledge-sharing and feedback ~ ideally creating more engagement across 
 the project as a whole

 - Establish a clear channel for ACS-specific Kubernetes community 
 support, so it does not get misdirected into SIG-Windows

 - Building and curating documentation for Kubernetes on Azure
 - Provide a point of contact to build and maintain Azure-specific e2e 
 tests for Kubernetes

 - Coordinating requirements for Azure integrators like ACS-Engine, 
 CoreOS Tectonic for Azure

 - Raise visibility within Microsoft of opportunities to contribute and 
 give back to Kubernetes

 *SIG Disambiguation:*

 To address potential overlap concerns with SIG-Windows, this group is 
 specific to *workloads running in Azure Container Service*.  The 
 mission of SIG-Windows is complimentary not preemptory.  Also, if a 
 SIG-Cloud umbrella comes to fruition in the future, we will re-evaluate 
 the 
 need for this separate SIG at that point.  The last thing we need is SIG 
 sprawl.

 *Implementation:*

 For implementation, I will be the initial point of contact and will at 
 a minimum ensure scheduling, documentation, transparency, and facilitation 
 are consistent with Kubernetes community SIG standards. Initial (and 
 possibly provisional) leadership will be Jason Hansen 
  and Cole Mickens 
 .

 An initial meeting cadence will be bi-weekly, and after the SIG is 
 properly set up in Groups, Slack and other communications channels, the 
 initial and subsequent meeting times will be radiated to the community.

 I'd like to work out concerns ahead of the 5/18 community meeting so 
 that the SIG may be discussed and ideally approved at that time. 

 Please let me know your questions and concerns.

 Kindest regards,
 Jaice Singer DuMars
 co-lead of SIG Cluster Ops
 ~ Formerly @Deis, Now @Microsoft

 -- 
 You received this message because you are subscribed to the Google 
 Groups "Kubernetes developer/contributor discussion" group.

>>> To unsubscribe from this group and stop receiving e

[kubernetes-users] Re: SIG-Azure proposal

2017-05-18 Thread Brandon Philips

Hey Everyone-

+1 for SIG formation from me.

Someone from CoreOS can be involved in this SIG as we rely on the Azure 
cloud integrations in CoreOS Tectonic. The same folks involved in SIG AWS 
and pushing AWS features forward can help with cross-cloud SIG comms too.

Aside, as it was mentioned during the call today: I had discussed creating 
a SIG Cloud at some point in various forums. But, I have been too busy with 
all of the bootstrap governance stuff to tackle that next. Obviously 
getting governance in place is higher priority and should help make that 
decision.

Thank You,

Brandon

On Monday, May 15, 2017 at 6:14:18 AM UTC-7, Jason Singer DuMars wrote:
>
> All,
>
> I'd like to revive the effort to create 
> 
>  
> SIG-Azure that was referenced in both this 
>  PR and this 
>  issue.
>
> *Proposed mission statement:*
>
> A Special Interest Group for building, deploying, maintaining, supporting, 
> and using Kubernetes on Azure Container Service.
>
> *Secondary statement:*
>
> The SIG will be responsible for designing, discussing, and maintaining the 
> Azure cloud provider and its relevant tests. The SIG will also be 
> responsible for any roadmap and release requirements for Kubernetes on 
> Azure.
>
> *Rationale and Raison D'être: *
>
> Since the time of the discussion linked above, Microsoft has become 
> strategically-focused on Kubernetes as an indispensable component in the 
> Azure ecosystem.  This was underscored by the recent acquisition of Deis 
> and GA rollout of Kubernetes in Azure Container Service.  
>
> The purposes of the SIG are specifically:
>
> - Provide a consistent and accountable interface to the Kubernetes 
> project/product management structure for features specific to the Azure 
> cloud provider, as well as a readout space for efforts undertaken in other 
> SIGs 
>
> - Help organize the rapidly-growing ACS Kubernetes community for 
> knowledge-sharing and feedback ~ ideally creating more engagement across 
> the project as a whole
>
> - Establish a clear channel for ACS-specific Kubernetes community support, 
> so it does not get misdirected into SIG-Windows
>
> - Building and curating documentation for Kubernetes on Azure
> - Provide a point of contact to build and maintain Azure-specific e2e 
> tests for Kubernetes
>
> - Coordinating requirements for Azure integrators like ACS-Engine, CoreOS 
> Tectonic for Azure
>
> - Raise visibility within Microsoft of opportunities to contribute and 
> give back to Kubernetes
>
> *SIG Disambiguation:*
>
> To address potential overlap concerns with SIG-Windows, this group is 
> specific to *workloads running in Azure Container Service*.  The mission 
> of SIG-Windows is complimentary not preemptory.  Also, if a SIG-Cloud 
> umbrella comes to fruition in the future, we will re-evaluate the need for 
> this separate SIG at that point.  The last thing we need is SIG sprawl.
>
> *Implementation:*
>
> For implementation, I will be the initial point of contact and will at a 
> minimum ensure scheduling, documentation, transparency, and facilitation 
> are consistent with Kubernetes community SIG standards. Initial (and 
> possibly provisional) leadership will be Jason Hansen 
>  and Cole Mickens 
> .
>
> An initial meeting cadence will be bi-weekly, and after the SIG is 
> properly set up in Groups, Slack and other communications channels, the 
> initial and subsequent meeting times will be radiated to the community.
>
> I'd like to work out concerns ahead of the 5/18 community meeting so that 
> the SIG may be discussed and ideally approved at that time. 
>
> Please let me know your questions and concerns.
>
> Kindest regards,
> Jaice Singer DuMars
> co-lead of SIG Cluster Ops
> ~ Formerly @Deis, Now @Microsoft
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Flannel and master-to-slave node communication problems

2017-05-18 Thread Brandon Philips

What instructions did you follow to setup flannel? Link?

Output from `ip addr`, `route -n`, `iptables -L -t nat`, and `iptables -L`
is helpful as well.

This reminds me we need a better set of docs that lists these things out
for filing issues.

Thanks,

Brandon

On Wed, May 17, 2017 at 11:31 PM Sonic Lee  wrote:

> I have set up kubeadm 1.6.1, and trying to use flannel.
> I can set up kubeadm init and have another node join, so I have two nodes
> like this.
> NAMESTATUSAGE   VERSION
> master   Ready 23m   v1.6.1
> node1Ready 14m   v1.6.1
>
> I can set up flannel fine, and it will show that DNS is running and all,
> but when I actually deploy a nodeJS with replication of 2 I just cannot
> curl slave's pod from master node PC.
>
> Master node pod: 10.244.0.126
> Slave node pod: 10.244.1.126
>
> [master] curl 10.244.1.126:8080
> This will hang and it will ONLY work if I curl from slave node PC.
>
> Does anyone have any experience with this?
> Thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] services and namespaces

2017-05-10 Thread Brandon Philips

Sort of, see the services without selectors:
https://kubernetes.io/docs/concepts/services-networking/service/#without-selectors

On Tue, May 9, 2017 at 10:21 AM 'Ahmet Alp Balkan' via Kubernetes user
discussion and Q&A  wrote:

> Documentation on DNS records:
> https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
>
> Side-question: is it possible to create a Service that points to pods in
> namespaces different than the Service itself?
>
> On Tue, May 9, 2017 at 12:56 AM, 'David Oppenheimer' via Kubernetes user
> discussion and Q&A  wrote:
>
>> If you have service A in namespace N, then you can reach it from
>> namespace N as "A" and from any namespace as "A.N"
>>
>> On Mon, May 8, 2017 at 8:03 AM, Ashic Mahtab 
>> wrote:
>>
>>> What's the relationship between services and namespaces? I'm creating an
>>> ExternalName service called elasticsearch. If I put it in it's own
>>> namespace, an app running in a different namespace can't seem to resolve
>>> the service. Is there a way to deploy a service so that all namespaces can
>>> access it?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Kubernetes user discussion and Q&A" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to kubernetes-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to kubernetes-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to enable https and authentication for kubelet?

2017-05-04 Thread Brandon Philips

Glad you got it sorted!

On Thu, May 4, 2017 at 2:01 AM Qian Zhang  wrote:

> I have figured it out, for kube-apiserver's flags "
> --kubelet-client-certificate" and "--kubelet-client-key", I should
> generate a pair of client cert/key rather than server's.
>
>
> Regards,
> Qian Zhang
>
> On Thu, May 4, 2017 at 10:41 AM, Qian Zhang  wrote:
>
>> Thanks Brandon!
>>
>> 10255 is the "read-only" port, to disable it remove --read-only-port
>>>  from kubelet config.
>>
>>
>> Based on https://kubernetes.io/docs/admin/kubelet/, I think, to disable
>> it, I should set "--read-only-port" to 0.
>>
>> Now I have added these flags "--read-only-port=0
>> --client-ca-file=/var/lib/kubelet/ca.crt --authentication-token-webhook
>> --anonymous-auth=false" to start kubelet, the command "curl --insecure
>> https://:10250/spec/" does not work anymore (it shows an error
>> "Unauthorized") which is what I expect, and I also restarted Heapster with
>> this flag "--source=kubernetes.summary_api:
>> https://kubernetes.default?kubeletHttps=true&kubeletPort=10250&insecure=true";
>> so that it can connect to kubelet's 10250 port.
>>
>> The only issue is that kube-apiserver can not connect to kubelet anymore:
>> $ kubectl logs   --namespace=kube-system
>>
>> error: You must be logged in to the server (the server has asked for the
>> client to provide credentials)
>>
>> I have specified "
>> --kubelet-client-certificate=/etc/cfc/conf/server.cert 
>> --kubelet-client-key=/etc/cfc/conf/server.key"
>> to start kube-apiserver, maybe the files I specified here are not correct?
>>
>>
>>
>> Regards,
>> Qian Zhang
>>
>> On Thu, May 4, 2017 at 5:39 AM, Brandon Philips <
>> brandon.phil...@coreos.com> wrote:
>>
>>> Oh, there are docs here too:
>>> https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
>>>
>>> On Wed, May 3, 2017 at 1:35 PM Brandon Philips <
>>> brandon.phil...@coreos.com> wrote:
>>>
>>>> Hello Qian-
>>>>
>>>> 10255 is the "read-only" port, to disable it remove --read-only-port
>>>>  from kubelet config.
>>>>
>>>> To configure authentication on the kubelet port use --client-ca-file.
>>>> The API server has flags to authenticate using these CAs:
>>>> https://github.com/coreos/tectonic-installer/blob/master/modules/bootkube/resources/manifests/kube-apiserver.yaml#L45-L46
>>>>
>>>> Hope that helps.
>>>>
>>>> Brandon
>>>>
>>>> On Wed, May 3, 2017 at 7:38 AM Qian Zhang  wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have a Kubernetes cluster, and currently the kubelet listens on two
>>>>> ports: 10250 and 10255, if I understand correctly, 10250 serves https and
>>>>> 10255 serves http. Now I can always run the following command to access
>>>>> kubelet:
>>>>> curl http://:10255/spec/
>>>>> And and this command even for the https port:
>>>>> curl --insecure https://:10250/spec/
>>>>>
>>>>> This is not secure to me, I do not want to expose http port, so I
>>>>> think I should start kubelet with the flag "--read-only-port=0" to disable
>>>>> 10255, and for the https port (10250), I do not want anonymous user to
>>>>> access it, and in the meantime I still want kube-apiserver can access
>>>>> kubelet (e.g., when I run "kubectl logs ...", kube-apiserver can still 
>>>>> talk
>>>>> to kubelet to get logs), and I also want Heapster (running as a deployment
>>>>> in my Kubernetes cluster) can still access kubelet to get metrics. Can
>>>>> anyone please let me know what else flags I should specify to start 
>>>>> kubelet?
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Qian
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Kubernetes user discussion and Q&A" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to kubernetes-users+unsubscr...@googlegroups.com.
>>>>> To post to this group, send email to kubernetes-users@googlegroups.com
>>>&g

Re: [kubernetes-users] How to enable https and authentication for kubelet?

2017-05-03 Thread Brandon Philips

Oh, there are docs here too:
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/

On Wed, May 3, 2017 at 1:35 PM Brandon Philips 
wrote:

> Hello Qian-
>
> 10255 is the "read-only" port, to disable it remove --read-only-port  from
> kubelet config.
>
> To configure authentication on the kubelet port use --client-ca-file. The
> API server has flags to authenticate using these CAs:
> https://github.com/coreos/tectonic-installer/blob/master/modules/bootkube/resources/manifests/kube-apiserver.yaml#L45-L46
>
> Hope that helps.
>
> Brandon
>
> On Wed, May 3, 2017 at 7:38 AM Qian Zhang  wrote:
>
>> Hi,
>>
>> I have a Kubernetes cluster, and currently the kubelet listens on two
>> ports: 10250 and 10255, if I understand correctly, 10250 serves https and
>> 10255 serves http. Now I can always run the following command to access
>> kubelet:
>> curl http://:10255/spec/
>> And and this command even for the https port:
>> curl --insecure https://:10250/spec/
>>
>> This is not secure to me, I do not want to expose http port, so I think I
>> should start kubelet with the flag "--read-only-port=0" to disable 10255,
>> and for the https port (10250), I do not want anonymous user to access it,
>> and in the meantime I still want kube-apiserver can access kubelet (e.g.,
>> when I run "kubectl logs ...", kube-apiserver can still talk to kubelet to
>> get logs), and I also want Heapster (running as a deployment in my
>> Kubernetes cluster) can still access kubelet to get metrics. Can anyone
>> please let me know what else flags I should specify to start kubelet?
>>
>>
>> Thanks,
>> Qian
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to enable https and authentication for kubelet?

2017-05-03 Thread Brandon Philips

Hello Qian-

10255 is the "read-only" port, to disable it remove --read-only-port  from
kubelet config.

To configure authentication on the kubelet port use --client-ca-file. The
API server has flags to authenticate using these CAs:
https://github.com/coreos/tectonic-installer/blob/master/modules/bootkube/resources/manifests/kube-apiserver.yaml#L45-L46

Hope that helps.

Brandon

On Wed, May 3, 2017 at 7:38 AM Qian Zhang  wrote:

> Hi,
>
> I have a Kubernetes cluster, and currently the kubelet listens on two
> ports: 10250 and 10255, if I understand correctly, 10250 serves https and
> 10255 serves http. Now I can always run the following command to access
> kubelet:
> curl http://:10255/spec/
> And and this command even for the https port:
> curl --insecure https://:10250/spec/
>
> This is not secure to me, I do not want to expose http port, so I think I
> should start kubelet with the flag "--read-only-port=0" to disable 10255,
> and for the https port (10250), I do not want anonymous user to access it,
> and in the meantime I still want kube-apiserver can access kubelet (e.g.,
> when I run "kubectl logs ...", kube-apiserver can still talk to kubelet to
> get logs), and I also want Heapster (running as a deployment in my
> Kubernetes cluster) can still access kubelet to get metrics. Can anyone
> please let me know what else flags I should specify to start kubelet?
>
>
> Thanks,
> Qian
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] [ANNOUNCE] AWS ALB Ingress Controller for Kubernetes

2017-05-02 Thread Brandon Philips

Hey all,

CoreOS & Ticketmaster have been working together on an AWS ALB ingress
controller that is self-contained and easy to deploy. Specifically, one
that can be used in place of the default ELB integration and provides more
flexibility around its layer 7 routing capabilities and Route 53 DNS
records.

- GitHub project 
- AWS Blog Post

with
examples
- CoreOS Blog Post  with
context

If you want to discuss checkout the SIG AWS thread
.

Cheers,

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Access to etcd API within a GKE cluster

2017-05-02 Thread Brandon Philips

If you want to deploy etcd _on top_ of an existing Kubernetes cluster
checkout the etcd operator:
https://github.com/coreos/etcd-operator#etcd-operator

On Tue, May 2, 2017 at 2:53 PM Strickland, Michael <
michael.strickl...@nytimes.com> wrote:

> Thanks Daniel, that makes perfect sense - glad to have clarification!
>
> Michael
>
> On Tue, May 2, 2017 at 4:27 PM, 'Daniel Smith' via Kubernetes user
> discussion and Q&A  wrote:
>
>> Sorry, but the backend storage used by Kubernetes in GKE is not exposed,
>> and there are no plans to expose it in the future.
>>
>> Even if you do have direct access to etcd, I'd strongly recommend using
>> the Kubernetes API for acquiring information like this. The API has various
>> backwards compatibility guarantees, which do not apply to the storage
>> layer. E.g., we just switched to etcd3, and soon we'll be doing a flag flip
>> and start writing a binary data format.
>>
>> The other concern of course is that access to etcd == root on the cluster.
>>
>>
>>
>> On Tue, May 2, 2017 at 9:54 AM, Michael Strickland <
>> michael.strickl...@nytimes.com> wrote:
>>
>>> Hello, I'm wondering if it's possible to access the etcd API from within
>>> a container running on Google Kubernetes Engine.
>>>
>>> We're using DataDog's docker-dd-agent image to monitor metrics in the
>>> cluster, and one feature is automatic service discovery
>>>  of
>>> containers deployed in the cluster. The agent does this by querying the
>>> etcd API for a cluster to discover containers matching certain names.
>>>
>>> On our previous self-managed Kubernetes cluster, we could access this
>>> API by querying localhost:4001 on our worker nodes. However, there doesn't
>>> appear to be a direct equivalent to that on GKE, as the etcd cluster is a
>>> managed service.
>>>
>>> Is there any way to interact with etcd within a cluster, or is the API
>>> intentionally closed off?
>>>
>>> Thanks!
>>> Michael
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Kubernetes user discussion and Q&A" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to kubernetes-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to kubernetes-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/kubernetes-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/kubernetes-users/6BLcAQAvPCU/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> kubernetes-users+unsubscr...@googlegroups.com.
>>
>
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Michael Strickland
> Senior Developer, Interactive News
> The New York Times
> x7564
> +1 434-760-3896 <(434)%20760-3896>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Longer graceful termination of pods

2017-04-26 Thread Brandon Philips

over to kubernetes-sig-node

On Wed, Apr 26, 2017 at 8:44 AM  wrote:

> Hey!
>
> The kind of work that we're doing in Kubernetes is not safely
> interruptible so we've been planning to set longer
> `terminationGracePeriodSeconds` to allow pods to keep running for another
> hour after they've been scheduled for termination.
>
> As I started to experiment with longer `terminationGracePeriodSeconds` I
> discovered a bug in Kubernetes 1.6.0 that causes network in terminating
> pods to stop working. The bug makes it impossible to rely on longer
> termination grace period. There's no point in finishing the work if network
> is down.
>
> The bug: https://github.com/kubernetes/kubernetes/issues/44956
>
> I'm curious if there's someone who relies on longer terminationGracePeriod
> like us. Does it work for you?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Kubernetes setup with flannel

2017-04-19 Thread Brandon Philips

Hello Ravisalamani-

The information there is a bit out of date.

These days flannel has a Kubernetes backend so you can deploy it as a
daemonset (yaml
,
rbac
)
and if you use CNI as your network plugin

when installing Kubernetes it should just work. We are working on a better
set of guides for kubeadm, etc as well but they are a WIP
.

If you want to just get going as quickly as possible I would suggest you
take a path like Tectonic Installer
 which uses flannel by
default and installs/configures everything correctly.

Cheers,

Brandon

On Wed, Apr 19, 2017 at 10:55 AM  wrote:

> I found many links and you tube videos on kubernetes  setup. I wanted do
> the setup which uses flannel. Any idea on how to do setup with flannel.
> Please let me know following steps are good
> 1. Install docker, flannel, kubernetes binary on all instances
> 2. Setup the docker configuration with flannel. Start the docker services.
> 3. Start the etcd add the flannel configuration with vxlan back end.
> 4. Now do the kubernetes setup
>
> Does this look good?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Ingress Controller for client-side authentication HTTPS on GCE

2017-04-18 Thread Brandon Philips

There is a catalog of Ingress controllers and I know some are missing:
https://github.com/kubernetes/ingress/blob/master/docs/catalog.md

On Tue, Apr 18, 2017 at 5:30 PM Paul Mazzuca 
wrote:

> Noob to Google Container Engine and Kubernetes... Does Kubernetes have an
> ingress controller that supports client side auth for HTTPS?  I would like
> to authenticate the client by making sure that the client has a valid X509
> cert. So far, it looks like only a server side ingress controller exists as
> per the link below?  I am planning on running this on Google Container
> Engine.
>
> https://kubernetes.io/docs/concepts/services-networking/ingress/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] What happens when I stop & start kubelet?

2017-04-18 Thread Brandon Philips

To help you we need more details. Can you include the output of kubectl
describe node $NODENAME?

Also, the kubelet logs as well.

On Tue, Apr 18, 2017 at 7:16 AM  wrote:

> Hi all,
>
>
> http://stackoverflow.com/questions/43465434/what-happens-when-i-stop-start-kubelet
>
> If I stop kublet, the pod in that node will became "unknown" and
> reschedule to other node. but when I start kublet, the pod keep "unknown"
> status, and the the new pod schedule to this node always pending, kubelet
> do not start any pod. what happens when kubelet stop & start?
>
> Thanks,
> Yuhao
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] YUM repositories empty

2017-04-17 Thread Brandon Philips

Adding SIG Cluster Lifecycle.

On Thu, Apr 13, 2017 at 4:45 AM  wrote:

> Is there any problem with YUM repos for Kubernetes today, or perhaps some
> automated build/release process failed?
>
> There's still the "repodata" directory and meta files, but actual packages
> are gone. They are in fact gone for all other repositories as well, not
> just Kubernetes.
>
> I'm looking at this:
>
> https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
>
> Which I am redirected to from this:
>
> http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
>
> Thanks,
>
> Greg.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] SSL endpoints: certs w/o IP SANs ok?

2017-04-17 Thread Brandon Philips

Hello John-

Today, etcd will not enforce IP SANs but we just merged a change where it
will enforce them IF they exist. Expect this change in a future release of
etcd v3.2.[1]

I forget the exact details on why IP SANs are necessary in the
certificates. However, IIRC there are some places in Kubernetes where only
IPs are valid. Adding SIG Auth.

Brandon

[1] https://github.com/coreos/etcd/pull/7687

On Mon, Apr 17, 2017 at 10:33 AM John Morris  wrote:

> In a CoreOS cluster migrating from fleet to Kubernetes (initial planning
> stage), the CA is part of FreeIPA, which refuses to issue certs with IP
> SANs [1].  However, the CoreOS Kubernetes [2] and other documentation all
> call for issuing certs with IP SANs.  Is this a strict requirement, or can
> DNS SANs be sufficient?  (For someone more conversant with k8s, it looks
> like the answer could be found in issue #22063 [3].)
>
> IIRC, the etcd2 docs also called for IP SANs, but using fqdns in endpoint
> URLs turned out to be possible.  Hopefully this is just another case where
> the docs omit less common configurations.  It's been really nice having a
> single, org-wide CA and letting certmonger keep certs up to date for all
> services on all nodes.  Thanks-
>
> John
>
> [1]:
> https://www.redhat.com/archives/freeipa-users/2016-October/msg00053.html
> [2]: https://coreos.com/kubernetes/docs/latest/openssl.html#openssl-config
> [3]: https://github.com/kubernetes/kubernetes/issues/22063
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] pods not running

2017-04-10 Thread Brandon Philips

What do the logs say on the kube controller manager?



On Mon, Apr 10, 2017 at 2:34 AM YOUSSEF ASSATA 
wrote:

> hi please It looks like my Azure cluster is failing to mount persistent
> volumes what's the problem and here's my pods :
> thanks
>
> ᐧ
>
> 2017-04-08 21:38 GMT+01:00 YOUSSEF ASSATA :
>
> any solutions please ?
> ᐧ
>
> 2017-04-08 20:38 GMT+01:00 YOUSSEF ASSATA :
>
> thanks a lot it works well ! but in this doc there is no information about
> scaling... and now i had this probleme with seldon.io when i run
> seldon-up : seldon-up: command not found
> thanks cordially
> ᐧ
>
> 2017-04-08 1:16 GMT+01:00 Cole Mickens :
>
> That tutorial has been removed from the official site for months and
> hasn't worked for longer probably.
>
> Please use a method described in the documentation:
> https://kubernetes.io/docs/getting-started-guides/azure/
>
> On Fri, Apr 7, 2017 at 12:26 PM, YOUSSEF ASSATA 
> wrote:
>
> by following this tutorial :
> https://lukemarsden.github.io/docs/getting-started-guides/coreos/azure/
> do you have any solution ? all this just to run seldon on azure but it
> doesn't work :/
>
> 2017-04-07 21:19 GMT+02:00 Cole Mickens :
>
> How are you running this on Azure?
>
> On Fri, Apr 7, 2017 at 7:04 AM,  wrote:
>
> any solution for this please! i'm working on azure
> AME READY STATUSRESTARTS   AGE
> frontend-dj2zp   0/1   Pending   0  1d
> frontend-exv48   0/1   Pending   0  1d
> frontend-j64z1   0/1   Pending   0  1d
> nginx-2040093540-eqpf0   0/1   Pending   0  4m
> redis-master-i8iah   0/1   Pending   0  1d
> redis-slave-a67tb0/1   Pending   0  1d
> redis-slave-hdtd10/1   Pending   0  1d
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/2hY6_J6WKYo/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/2hY6_J6WKYo/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Multiple nginx ingress controllers.

2017-04-09 Thread Brandon Philips

You are looking for the Ingress Class annotation. See:
https://github.com/kubernetes/ingress/tree/master/docs/faq#how-do-i-disable-an-ingress-controller

Cheers,

Brandon

On Sun, Apr 9, 2017 at 7:57 AM  wrote:

> If anyone can point me to documentation on this I would be much
> appreciative.  How can I have two or more nginx ingress controllers running
> in the same cluster?
>
> This is the use case:
> I have on AWS an nginx ingress controller where I spin up the controller
> with annotations to front the ELB with a particular cert.  This means I
> want ( I think ) the ELB to terminate the TLS and everything behind it to
> be unencrypted HTTP.
>
> That being said I have certain application running in the cluster, such as
> Kibana as an example that I want to just run as HTTPS.  Easy enough to do
> with a normal setup, however if I have the ELB terminating the TLS this
> presents a problem.
>
> Another use case would be if I wanted to setup one ingress controller to
> be internal only meaning having a list of white listed IP's.  Another
> controller could be open to the world.
>
> Does this configuration currently exist?
>
> Thanks,
> M
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] KubeCon EU 2017 Video Playlist

2017-04-03 Thread Brandon Philips

Hello Everyone-

I saw this posted on /r/kubernetes  and 
figured many would be interested: KubeCon EU 2017 Video Playlist 
. 
If you want help navigating the list you can reference conference schedule 

.

As an attendee I want to thank everyone who made the program possible 
including co-chairs Kelsey Hightower and Michelle Noorali 

! 

Want to talk at the next KubeCon? Submit today! 


Cheers,

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How long will it be another verify on the user token after pass the last authentication?

2017-04-03 Thread Brandon Philips

Hello Winston-

I am not following your question. So, you are using webhook authn

and
want to know when it hits the webhook?

If so, my understanding is that the webhook is hit on every API request.

> When a client attempts to authenticate with the API server using a bearer
token as discussed above, the authentication webhook queries the remote
service with a review object containing the token. Kubernetes will not
challenge a request that lacks such a header.


Brandon

On Thu, Mar 23, 2017 at 11:57 PM Winston  wrote:

> Hi,
>
> Now I'm working on the authentication by webhook, and I need to know how
> long will it be another verify on the user token after pass the last
> authentication?
>
> Or, it's just that, every access to the api-server, it wiil be asked to
> verify the token, no cookies at all.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Is it possible to pass a custom AWS launch configuration in kops

2017-04-03 Thread Brandon Philips

Hey Jon-

I can't speak to kops in particular but there might be a few ideas to
workaround this:

1) If having the scripts post-install is OK then create a daemonset that
deploys the scripts and mounts in the hostPath needed
2) Use Terraform or something else that is easier to customize, maybe
checkout the tectonic installer
 as a starting point

Hope that helps!

Brandon

On Fri, Mar 24, 2017 at 5:19 AM  wrote:

> We have some custom scripts we would like to pass into the bastion servers
> in our private topology using the userdata of the launch config. However,
> we are managing the cluster with kops so any updates to the bastion
> instance group creates a new launch config. Is there a means to pass in
> additional userdata to the instance group that kops would then append to
> its own userdata to register the server?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Service Account Token

2017-04-03 Thread Brandon Philips

That service account needs to have a mountable secret attached to it for
that to work. Currently it has 0 secrets.

How did you create this namespace? What version is your cluster?

On Sat, Mar 25, 2017 at 6:33 PM  wrote:

> Hi All,
>
> I have couple of pods failing with the below error
>
> ```
> /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or
> directory.
> ```
>
>
> ```
> # kubectl get serviceAccounts
> NAME  SECRETS   AGE
> default   0 14d
> ```
>
> Thoughts on how to fix the issue?
>
> Thanks,
> Govind
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: Evicted pods policy

2017-03-22 Thread Brandon Philips

It is likely that no one has responded because we need more specifics on
why the pods are evicted. Can you describe the pods?

This doc should help you diagnose the issue:
https://kubernetes.io/docs/concepts/cluster-administration/out-of-resource/#eviction-thresholds

Brandon

On Wed, Mar 22, 2017 at 1:53 AM  wrote:

> On Tuesday, March 21, 2017 at 3:05:44 PM UTC+1, paolo.m...@sparkfabrik.com
> wrote:
> > Hello,
> >
> > This is my current situation:
> >
> > ```
> >  ❯ kubectl get pods --all-namespaces  | grep -i evicted
>
> ⏎
> > gitlab  gitlab-runner-190353586-wnhc5
> 0/1   Evicted   0  5d
> > gitlab  minio-966383792-kpp59
> 0/1   Evicted   0  6d
> > gitlab  runner-a1b569a9-project-119-concurrent-0cbfrf
> 0/3   Evicted   0  23h
> > ```
> >
> > It is normal that i still see evicted pods here ? Is there a way to auto
> purge them ?
> >
> > Thanks!
>
> Anyone ?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] kubectl can't connect to cluster after creating daemonset that logs too much

2017-03-22 Thread Brandon Philips

Can you get logs from etcd to figure out what is wrong?

On Wed, Mar 22, 2017 at 11:15 AM  wrote:

> Hi all,
> I just created a daemonset on one of my Kubernetes clusters which is just
> a busybox logging to stdout. Unfortunately I think it is logging too much
> and I now can't connect to the cluster using kubectl. When I run a command
> I get this error "Error from server: client: etcd cluster is unavailable or
> misconfigured". Any help would be greatly appreciated.
> Justin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Mutliple NIC on nodes

2017-03-20 Thread Brandon Philips

Are you using kubernetes networking in these pods or host networking?

If you are using Kubernetes networking which network solution are you using
to setup pod networking on AWS?

On Mon, Mar 20, 2017 at 11:08 PM Vadim Solovey  wrote:

> We have cluster's workers with multiple ENI (AWS network interfaces). Some
> of the pods need to bind to let's say first interface while other pods need
> to bind to 2nd interface.
>
> This is due the fact we are running a layer of about 20 proxies passing
> our traffic to the world and these proxies need to have unique external IP
> but we don't want 20 workers since each proxy pod have very small footprint.
>
>
> Vadim
>
> On 21 Mar 2017, at 0:22, Brandon Philips 
> wrote:
>
> I don't quite understand your request. Can you just rely on the Linux
> route table to handle this?
>
> On Mon, Mar 20, 2017 at 1:27 PM  wrote:
>
> Hi Guys,
>
> I've been going over the documents and couldn't find a a clear answer.
>
> We have a k8s service that require accessing an external service API, and
> it is require to be able to do so from several different public IPs.
>
> Is there a way to achieve this? Something like attaching multiple NICs to
> the nodes and instructing the pod to access the "world" through a different
> NIC per destination, or something similar?
>
> Thank you and all of the best,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Prometheus, Kubernetes with service discovery for every App

2017-03-20 Thread Brandon Philips

Use the Prometheus Operator, it will glue Prometheus to the Kubernetes
service discovery system enabling you to use label queries to find and
scrape your applications.

https://github.com/coreos/prometheus-operator

Cheers,

Brandon

On Mon, Mar 20, 2017 at 7:28 PM  wrote:

> Hello
>
> I'm trying to integrate prometheus to kubernetes with a service discovery
> to show every container deployed to prometheus metrics can you help me with
> what I need to make it works and if is posible giving me an example, I've
> been looking for examples and documentation for that but I cant find a good
> explanation for my doubt
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Mutliple NIC on nodes

2017-03-20 Thread Brandon Philips

I don't quite understand your request. Can you just rely on the Linux route
table to handle this?

On Mon, Mar 20, 2017 at 1:27 PM  wrote:

> Hi Guys,
>
> I've been going over the documents and couldn't find a a clear answer.
>
> We have a k8s service that require accessing an external service API, and
> it is require to be able to do so from several different public IPs.
>
> Is there a way to achieve this? Something like attaching multiple NICs to
> the nodes and instructing the pod to access the "world" through a different
> NIC per destination, or something similar?
>
> Thank you and all of the best,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Pod in minion cannot reach the DNS in Master. But Pod in master works fine!

2017-03-19 Thread Brandon Philips

How did you install Kubernetes?

Everything looks OK. Can you grab the logs from flannel? Anything odd
there? What is the network configuration of hte master? Where is the DNS
pod scheduled?

On Fri, Mar 17, 2017 at 6:59 AM ilter P  wrote:

> Hi,
>
> I have an kubernetes installation with 2 Nodes (Master,Minion) and i am
> following (ai,i) installation.
> Here is the versions that i am using:
>
> export KUBE_VERSION=1.5.4
> export FLANNEL_VERSION=0.7.0
> export ETCD_VERSION=3.0.14
>
> Kernel: Linux kube-ubuntu01 3.13.0-113-generic #160-Ubuntu SMP Thu Mar 9
> 09:27:29 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
> The Problem is, when we start the master itself and deploy busybox then it
> can see the DNS and we can ping the DNS service ip from pod.
> However when we bring the minion up and start a busybox pod inside minion
> then it cannot resolve DNS also cannot ping DNS service Ip.
>
> This is ifcongif output in minion:
>
> docker0   Link encap:Ethernet  HWaddr 02:42:36:15:00:5a
>   inet addr:172.16.46.1  Bcast:0.0.0.0  Mask:255.255.255.0
>   inet6 addr: fe80::42:36ff:fe15:5a/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
>   RX packets:3792 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:154 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:309901 (309.9 KB)  TX bytes:7484 (7.4 KB)
>
> eth0  Link encap:Ethernet  HWaddr 00:50:56:01:19:90
>   inet addr:10.103.12.30  Bcast:10.103.12.31  Mask:255.255.255.240
>   inet6 addr: fe80::250:56ff:fe01:1990/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:183891 errors:0 dropped:163 overruns:0 frame:0
>   TX packets:172658 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:127076052 (127.0 MB)  TX bytes:34809987 (34.8 MB)
>
> flannel.1 Link encap:Ethernet  HWaddr 7a:63:b4:90:9a:42
>   inet addr:172.16.46.0  Bcast:0.0.0.0  Mask:255.255.255.255
>   inet6 addr: fe80::7863:b4ff:fe90:9a42/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
>   RX packets:6 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:239 errors:0 dropped:8 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:528 (528.0 B)  TX bytes:21443 (21.4 KB)
>
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
>   inet6 addr: ::1/128 Scope:Host
>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>   RX packets:102 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:102 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:8040 (8.0 KB)  TX bytes:8040 (8.0 KB)
>
> veth8ff900b Link encap:Ethernet  HWaddr 7a:12:a0:8b:7e:11
>   inet6 addr: fe80::7812:a0ff:fe8b:7e11/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
>   RX packets:3792 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:162 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:362989 (362.9 KB)  TX bytes:8132 (8.1 KB)
>
> **
>
> I did Tcpdump in minion docker0 interface during the ping and got output
> like this:
>
>
> tcpdump -v -i docker0
> tcpdump: listening on docker0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 09:55:14.864015 IP (tos 0x0, ttl 64, id 34828, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 0, length
> 64
> 09:55:15.864209 IP (tos 0x0, ttl 64, id 34901, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 1, length
> 64
> 09:55:16.864375 IP (tos 0x0, ttl 64, id 34935, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 2, length
> 64
> 09:55:17.864531 IP (tos 0x0, ttl 64, id 35047, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 3, length
> 64
> 09:55:18.864685 IP (tos 0x0, ttl 64, id 35190, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 4, length
> 64
> 09:55:19.864185 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> 172.16.46.1 tell 172.16.46.2, length 28
> 09:55:19.864217 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.16.46.1
> is-at 02:42:36:15:00:5a (oui Unknown), length 28
> 09:55:19.864818 IP (tos 0x0, ttl 64, id 35256, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo request, id 2304, seq 5, length
> 64
> 09:55:20.864942 IP (tos 0x0, ttl 64, id 35381, offset 0, flags [DF], proto
> ICMP (1), length 84)
> 172.16.46.2 > 192.168.3.10: ICMP echo reque

Re: [kubernetes-users] Issues with documentation

2017-03-15 Thread Brandon Philips

The examples can be helpful:
https://github.com/kubernetes/client-go/tree/master/examples

Talking directly via net/http is fine too. Some other simpler bindings have
emerged as well too: https://github.com/ericchiang/k8s

Brandon

On Wed, Mar 15, 2017 at 3:04 AM Jaipradeesh Janarthanan 
wrote:

> The go client is poorly documented and vaguely structured -
> https://godoc.org/k8s.io/client-go . I am thinking of using `net/http`
> and talk to respective API endpoints. Are these some disadvantages this way?
>
> --
> Jai
> Engineering, DoSelect, Inc.
> dolftax.com | @dolftax 
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Backing up master etcd

2017-03-10 Thread Brandon Philips

On Wed, Mar 8, 2017 at 10:17 AM 'Daniel Smith' via Kubernetes user
discussion and Q&A  wrote:

> It's a bit of a shame that we don't have a "insert your backup code here"
> spot for this in the default setup scripts, if you're running only one etcd
> replica this is fairly important. It's worth noting that old (depending on
> churn in the cluster) backups are not likely to do too much good (meaning,
> if you restore, it will rewind the state in the cluster, probably requiring
> a cluster-wide reboot if you want to respect the "ResourceVersions never go
> backwards" constraint, and could e.g. re-run jobs that were supposed to be
> run only once), so, the best backups are frequent ones.
>

We are actively working on using the etcd Operator
 underneath
Kubernetes to enable use of its backup and recovery integrations
.

Help wanted! The bootkube incubator project has a flag
`--experimental-self-hosted-etcd` and we have just put that into CI/CD.

Join #bootkube on Kubernetes Slack if you need help or want to try it out.

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Exec a shell command on k8s master node

2017-03-09 Thread Brandon Philips

Something like this?

https://twitter.com/BrandonPhilips/status/831997779723513856
https://github.com/coreos/coreos-kubernetes/pull/835


On Thu, Mar 9, 2017 at 11:03 PM  wrote:

> How to execute a custom shell command on kubernetes master node via API?
> My use case is to list docker containers running across the cluster, pick a
> container, commit it and push it to registry from master (programatically).
> --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Migrating flannel aws-vpc from etcd coodination to kube-subnet-mgr

2017-03-07 Thread Brandon Philips

Hello Matthias-

This is not something we planned a migration for. In general trying to do
some sort of networking migration on a running Kubernetes cluster is going
to lead to a bad time.

Adding Casey and Tom in case they have any brilliant ideas.

Brandon

On Mon, Mar 6, 2017 at 7:18 AM Matthias Rampke  wrote:

> Hi,
>
> I am trying to work out how to upgrade a Kubernetes cluster to use the
> kube-subnet-mgr from flannel 0.7.0 safely. This is running with the aws-vpc
> backend, so flannel itself is only the control plane.
>
> I plan to whole-sale replace the nodes in the process, for unrelated
> reasons (this is part of a Kubernetes upgrade).
>
> While I have a mixed cluster where half the flanneld speak to etcd to
> coordinate, and half speak to kube-apiserver to coordinate, will they start
> fighting over the AWS VPC route table? If so, how can I do this upgrade?
>
> Thank you,
> MR
>
> PS: this is not CoreOS but in reworking this I've used the current
> kube-flannel.yml as a template, so our new setup is essentially that.
> Pre-migration, it is a flanneld 0.6.x running outside of Kubernetes, and
> speaking to etcd directly.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Kubectl OpenID and Server Configuration Caching

2017-02-22 Thread Brandon Philips

No worries! Glad you got it working.

Could kubectl logging been more helpful to help you identifying this error
faster? Please put up a PR or issue if you think it could have.

On Wed, Feb 22, 2017, 3:30 PM Rudy Bonefas  wrote:

> Ok, I figured out my problem.  I'm an idiot.
>
> I had a working version using some test code.  In addition to using OpenID
> from kubectl we are also using our own API proxy.  Somehow when I moved my
> test code over to our staging API proxy I turned https off in the proxy.
> Apparently (and as it should do now that I think about it), kubectl will
> NOT send a token to a server that is not running SSL.  This makes perfect
> sense to me NOW, since I wouldn't want a man in the middle attack to grab
> my token even if it expires within a 24 hour period.
>
> Thanks for you help and in indulging my stupidity
>
>
> On Tuesday, February 21, 2017 at 7:54:12 PM UTC-5, Eric Chiang wrote:
>
> Rudy,
>
> The OpenID Connect client auth provider only caches in memory[0]. It
> doesn't persist that information to disk. If you're not seeing the
> request on subsequent invocations of kubectl then you're not
> exercising the plugin. At least that's what the code would do if there
> isn't a bug.
>
> Does your kubectl still send the bearer token despite not hitting the
> well-known endpoint?
>
> Eric
>
> [0]
> https://github.com/kubernetes/client-go/blob/v2.0.0/plugin/pkg/client/auth/oidc/oidc.go
>
> On Tue, Feb 21, 2017 at 4:30 PM, Brandon Philips
>  wrote:
> > cc'ing Eric Chiang who worked on the caching code.
> >
> > On Mon, Feb 20, 2017 at 7:09 AM Rudy Bonefas  wrote:
> >>
> >> We have decided to use OpenID Connect with Kubectl and I have been in
> the
> >> process if writing an OpenID Connect server using the nimbusds java
> sdk.
> >> When kubectl first connects to my server using the
> >> /.well-known/openid-configuration endpoint, it obviously caches the
> returned
> >> configuration information somewhere because I see no subsequent calls
> to the
> >> same endpoint.  For testing purposes I would like to clear this cache
> but am
> >> unable to figure out where Kubectl is saving this information.  I've
> tried
> >> deleting the .kube/cache dir as well as the /tmp dir (I am running on
> >> Centos7) but to no avail.   Does anyone know how I can reset Kubectl to
> >> start up with a fresh set of OpenID config settings?
> >>
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Kubernetes user discussion and Q&A" group.
> >> To unsubscribe from this group and stop receiving emails from it, send
> an
>
> >> email to kubernetes-use...@googlegroups.com.
> >> To post to this group, send email to kubernet...@googlegroups.com.
>
> >> Visit this group at https://groups.google.com/group/kubernetes-users.
> >> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to define a DaemonSet to create slightly different pods?

2017-02-22 Thread Brandon Philips

Dongwon-

One approach would be configuring your systems so that the interface you
want to use is named the same on all machines. You can do this by putting
down a UDEV rule:
http://unix.stackexchange.com/questions/91085/udev-renaming-my-network-interface

So, p2p1 becomes ex0 and eth0 becomes ex0, etc

Hope that helps.

Brandon

On Wed, Feb 22, 2017 at 11:56 AM Brandon Philips 
wrote:

> adding Tom and Casey for Flannel help
>
>
> On Wed, Feb 22, 2017 at 12:11 AM Dongwon Kim 
> wrote:
>
> How can I define a single definition of DaemonSet to create slightly
> different pods from it?
> What I mean by different pods is that pods created from different commands.
> I currently make two different DaemonSet objects to create two different
> kinds of pods.
>
> Let me tell you the details.
>
> I've been modifying kube-flannel.yml, especially the definition of
> DaemonSet.
> I want to add "--iface=" to flanneld [
> "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr"]
> and I want to use two different ethernet interfaces based on node label.
>
> I have three different kinds of nodes:
> 1) a master node with two ethernet interfaces: eth0 for internal network
> and eth3 for external network
> 2) slave nodes with one ethernet interfaces: eth0 for internal network
> 3) a newly added node with one ethernet interfaces: p2p1 for internal
> network
>
> When I had 1) and 2), I was okay with the following command:
> [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--eth0"*]
> I have to add --iface option because otherwise flanneld on the master node
> automatically detects eth3 other than eth0,
> which is the reason I manually add the iface option.
>
> Now that I have 3),
> I have to make two DaemonSet definitions with different commands:
> [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--eth0"*]  for 1) and 2)
> , [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--p2p1"*] for 3)
> Label selector is used to tell which DaemonSet is used for a node.
> The entire definition is attached at the end.
>
> Is there a more elegant way of creating slightly different pods from a
> single DaemonSet definition?
> It would be nice to have only a single definition with a placeholder which
> can be substituted by the value of a specific label.
>
> Otherwise I can do this by setting flannel in a different way?
> It would be nice if we can give a list of ethernet interfaces to --iface
> option but my colleague found that only one interface/ip can be given to
> --iface option.
>
> Thanks.
>
> ---
> apiVersion: v1
> kind: ServiceAccount
> metadata:
>   name: flannel
> ---
> kind: ConfigMap
> apiVersion: v1
> metadata:
>   name: kube-flannel-cfg
>   labels:
> tier: node
> app: flannel
> data:
>   cni-conf.json: |
> {
>   "name": "cbr0",
>   "type": "flannel",
>   "delegate": {
> "isDefaultGateway": true
>   }
> }
>   net-conf.json: |
> {
>   "Network": "10.244.0.0/16",
>   "Backend": {
> "Type": "vxlan"
>   }
> }
> ---
> apiVersion: extensions/v1beta1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds
>   labels:
> tier: node
> app: flannel
> iface: eth0
> spec:
>   template:
> metadata:
>   labels:
> tier: node
> app: flannel
> iface: eth0
> spec:
>   hostNetwork: true
>   nodeSelector:
> beta.kubernetes.io/arch: amd64
> iface: eth0
>   serviceAccountName: flannel
>   containers:
>   - name: kube-flannel
> image: quay.io/coreos/flannel:v0.7.0-amd64
> command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> "--iface=eth0" ]
> securityContext:
>   privileged: true
> env:
> - name: POD_NAME
>   valueFrom:
> fieldRef:
>   fieldPath: metadata.name
> - name: POD_NAMESPACE
>   valueFrom:
> fieldRef:
>   fieldPath: metadata.namespace
> volumeMounts:
> - name: run
>   mountPath: /run
> - name: flannel-cfg
>   mountPath: /etc/kube-flannel/
>   - name: install-cni
> image: quay.io/coreos/flannel:v0.7.0-amd64
> command: [ "/bin/sh", "-c

Re: [kubernetes-users] How to define a DaemonSet to create slightly different pods?

2017-02-22 Thread Brandon Philips

adding Tom and Casey for Flannel help

On Wed, Feb 22, 2017 at 12:11 AM Dongwon Kim  wrote:

> How can I define a single definition of DaemonSet to create slightly
> different pods from it?
> What I mean by different pods is that pods created from different commands.
> I currently make two different DaemonSet objects to create two different
> kinds of pods.
>
> Let me tell you the details.
>
> I've been modifying kube-flannel.yml, especially the definition of
> DaemonSet.
> I want to add "--iface=" to flanneld [
> "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr"]
> and I want to use two different ethernet interfaces based on node label.
>
> I have three different kinds of nodes:
> 1) a master node with two ethernet interfaces: eth0 for internal network
> and eth3 for external network
> 2) slave nodes with one ethernet interfaces: eth0 for internal network
> 3) a newly added node with one ethernet interfaces: p2p1 for internal
> network
>
> When I had 1) and 2), I was okay with the following command:
> [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--eth0"*]
> I have to add --iface option because otherwise flanneld on the master node
> automatically detects eth3 other than eth0,
> which is the reason I manually add the iface option.
>
> Now that I have 3),
> I have to make two DaemonSet definitions with different commands:
> [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--eth0"*]  for 1) and 2)
> , [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> *"--iface=--p2p1"*] for 3)
> Label selector is used to tell which DaemonSet is used for a node.
> The entire definition is attached at the end.
>
> Is there a more elegant way of creating slightly different pods from a
> single DaemonSet definition?
> It would be nice to have only a single definition with a placeholder which
> can be substituted by the value of a specific label.
>
> Otherwise I can do this by setting flannel in a different way?
> It would be nice if we can give a list of ethernet interfaces to --iface
> option but my colleague found that only one interface/ip can be given to
> --iface option.
>
> Thanks.
>
> ---
> apiVersion: v1
> kind: ServiceAccount
> metadata:
>   name: flannel
> ---
> kind: ConfigMap
> apiVersion: v1
> metadata:
>   name: kube-flannel-cfg
>   labels:
> tier: node
> app: flannel
> data:
>   cni-conf.json: |
> {
>   "name": "cbr0",
>   "type": "flannel",
>   "delegate": {
> "isDefaultGateway": true
>   }
> }
>   net-conf.json: |
> {
>   "Network": "10.244.0.0/16",
>   "Backend": {
> "Type": "vxlan"
>   }
> }
> ---
> apiVersion: extensions/v1beta1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds
>   labels:
> tier: node
> app: flannel
> iface: eth0
> spec:
>   template:
> metadata:
>   labels:
> tier: node
> app: flannel
> iface: eth0
> spec:
>   hostNetwork: true
>   nodeSelector:
> beta.kubernetes.io/arch: amd64
> iface: eth0
>   serviceAccountName: flannel
>   containers:
>   - name: kube-flannel
> image: quay.io/coreos/flannel:v0.7.0-amd64
> command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr",
> "--iface=eth0" ]
> securityContext:
>   privileged: true
> env:
> - name: POD_NAME
>   valueFrom:
> fieldRef:
>   fieldPath: metadata.name
> - name: POD_NAMESPACE
>   valueFrom:
> fieldRef:
>   fieldPath: metadata.namespace
> volumeMounts:
> - name: run
>   mountPath: /run
> - name: flannel-cfg
>   mountPath: /etc/kube-flannel/
>   - name: install-cni
> image: quay.io/coreos/flannel:v0.7.0-amd64
> command: [ "/bin/sh", "-c", "set -e -x; cp -f
> /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true;
> do sleep 3600; done" ]
> volumeMounts:
> - name: cni
>   mountPath: /etc/cni/net.d
> - name: flannel-cfg
>   mountPath: /etc/kube-flannel/
>   volumes:
> - name: run
>   hostPath:
> path: /run
> - name: cni
>   hostPath:
> path: /etc/cni/net.d
> - name: flannel-cfg
>   configMap:
> name: kube-flannel-cfg
> ---
> apiVersion: extensions/v1beta1
> kind: DaemonSet
> metadata:
>   name: kube-gpu-flannel-ds
>   labels:
> tier: node
> app: flannel
> iface: p2p1
> spec:
>   template:
> metadata:
>   labels:
> tier: node
> app: flannel
> iface: p2p1
> spec:
>   hostNetwork: true
>   nodeSelector:
> beta.kubernetes.io/arch: amd64
> iface: p2p1
>   serviceAccountName: flannel
>   containers:
>   - name: kube-flannel
> image: quay.io/coreos/flannel:v0.7.0-amd64
> command: [ "/opt/bin/flanneld", "--ip-ma

Re: [kubernetes-users] Kubectl OpenID and Server Configuration Caching

2017-02-21 Thread Brandon Philips

cc'ing Eric Chiang who worked on the caching code.

On Mon, Feb 20, 2017 at 7:09 AM Rudy Bonefas  wrote:

> We have decided to use OpenID Connect with Kubectl and I have been in the
> process if writing an OpenID Connect server using the nimbusds java sdk.
> When kubectl first connects to my server using the
> /.well-known/openid-configuration endpoint, it obviously caches the
> returned configuration information somewhere because I see no subsequent
> calls to the same endpoint.  For testing purposes I would like to clear
> this cache but am unable to figure out where Kubectl is saving this
> information.  I've tried deleting the .kube/cache dir as well as the /tmp
> dir (I am running on Centos7) but to no avail.   Does anyone know how I can
> reset Kubectl to start up with a fresh set of OpenID config settings?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] PaaS based on kubernetes and docker

2017-02-17 Thread Brandon Philips

Have you looked at the existing PaaS options that exist on top of
Kubernetes like https://deis.com/?

On Fri, Feb 17, 2017 at 6:18 AM YASMINE CHEIKHROUHOU <
yasmine.cheikhrou...@enis.tn> wrote:

> Hi
> I want to develop a Cloud PaaS  based on kubernetes and dockers to
> instantiate applications as a service.
> So should i use murano or magnum am really confused
>  Thank you all
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Containers in the same pod

2017-02-16 Thread Brandon Philips

If you ever need more details see the Pod lifecycle guide:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/

Brandon

On Thu, Feb 16, 2017 at 9:40 AM YASMINE CHEIKHROUHOU <
yasmine.cheikhrou...@enis.tn> wrote:

> Thank you Sir
>
> 2017-02-16 17:23 GMT+01:00 'Tim Hockin' via Kubernetes user discussion and
> Q&A :
>
> Yes, containers in a pod start and end together, though individuals
> can crash/restart without affecting the rest.
>
> On Thu, Feb 16, 2017 at 7:47 AM, YASMINE CHEIKHROUHOU
>  wrote:
> > Hi :)
> > Did containers in the same Pod have the same lifecycle(Start together and
> > stop together)?
> > Thank you
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
>
> > email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/cDzNgwpd1ic/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
>
>
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Re: Run a job on all nodes in the cluster

2017-02-16 Thread Brandon Philips

I made a cute integration with the ol' SSH standby tool Fabric to 
accomplish something like this:

https://github.com/coreos/coreos-kubernetes/pull/835
https://twitter.com/BrandonPhilips/status/831997779723513856

Brandon

On Tuesday, January 24, 2017 at 7:54:34 AM UTC-8, Justin Garrison wrote:
>
> I have an old issue open for this.
>
> https://github.com/kubernetes/kubernetes/issues/36601
>
> On Thursday, January 19, 2017 at 2:37:02 PM UTC-8, Mayank wrote:
>>
>> Hi All
>> Is there a way to create a kubernetes job that runs on all nodes in the 
>> cluster and then finishes without creating one job per node using node 
>> selector ? Or may be this is enhancement to say run this job on all hosts 
>> with regex *.ops.net and viola 
>>
>> -Mayank
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: The Resurrection of SIG-big-data

2017-02-02 Thread Brandon Philips

+1 to this.

The etcd team has been working on an interesting project called zetcd
 which emulates the Zookeeper API ontop of
the etcd data store. When combined with the etcd Operator
 it should
create nice Kubernetes native feeling Zookeeper clusters to power some of
these Apache big data applications.

I will leave it up to them to figure out a time to present and collaborate.

Brandon

On Sat, Jan 28, 2017 at 12:54 AM 'David Oppenheimer' via Kubernetes
developer/contributor discussion  wrote:

> +1
>
> We closed the original sig-big-data because the meeting attendance varied
> between one (me) and two (me and Steve Watt). There is obviously a lot more
> community interest in this topic now and I completely agree it deserve to
> be its own SIG.
>
>
> On Sat, Jan 28, 2017 at 12:14 AM, David Aronchick 
> wrote:
>
> +100 - we have the tools, we have the talent. We can do it! (and I'm happy
> to help!)
>
> On Fri, Jan 27, 2017 at 3:08 PM, Clayton Coleman 
> wrote:
>
> Agree - sig-apps was always meant to fan out use cases to other sigs, and
> a focus on data again sounds very desirable.
>
> On Jan 27, 2017, at 6:06 PM, 'Brian Grant' via Kubernetes
> developer/contributor discussion  wrote:
>
> +1.
>
> Data analytics workloads are critical to the success of Kubernetes, and a
> group focused on building that ecosystem is needed.
>
> On Fri, Jan 27, 2017 at 1:40 PM, Eric Tune  wrote:
>
> +1
>
> On Fri, Jan 27, 2017 at 1:36 PM, Anirudh Ramanathan 
> wrote:
>
> The Kubernetes Big Data Special Interest Group
>  was
> suspended in late 2015 in favor of SIG-Apps. Today, SIG-Apps has grown in
> scope and has a broad charter dealing with everything from distributed
> databases to external controllers to package management. The focus is
> mostly on enhancing functionality in the core to support applications.
>
> Big-data applications and their support within Kubernetes is sufficiently
> different that it would be appropriate to resurrect SIG-big-data at this
> stage. SIG-big-data would focus on external applications and integrations
> with them, to allow them to run effectively on Kubernetes. Currently, we
> have an effort around Apache Spark integration
> , which the
> previous iteration of the SIG
> 
> also discussed and designated as top priority. We have several contributors
> who would like to find a single place to discuss
> , and others who
> are interested in helping us test and productionize our efforts. In the
> short term, the SIG will serve as meeting ground to help us organize our
> efforts.
>
> Our broader mission is to focus on big data frameworks on Kubernetes
> (Spark, Kafka, Hadoop, Flink, Storm, etc). It is intended to be a common
> platform to discuss the following:
>
>-
>
>Architecture and design of integrations
>-
>
>Common reusable patterns in implementation
>-
>
>Resource allocation and fairness
>
>
> Proposed weekly meeting time: 10am PT on Wednesdays
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes developer/contributor discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-dev+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/kubernetes-dev/CAKCBhs5isWWeY54BysiDM1mhhW0%3DGHwqNfNiYRoOrGCYFoaGAw%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes developer/contributor discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-dev+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/kubernetes-dev/CAOU1bzfZMUKV4DtKTiZSfmrdxRXUDO

Re: [kubernetes-users] Issue with iSCSI volumes

2017-02-02 Thread Brandon Philips

The minikube image has a very stripped down Kernel and I don't think it
support iSCSI nor does the userspace have the necessary utilities.

What are you trying to do?

Brandon

On Thu, Feb 2, 2017 at 5:53 AM Akhil Reddy 
wrote:

> Hello,
> I tried to use a iSCSI volume in the minikube environment and I am getting
> a volume mounting issue. Does minikube support iSCSI volumes. Thanks in
> advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Support for upstream version of Kubernetes

2017-01-20 Thread Brandon Philips

On Fri, Jan 20, 2017 at 11:21 AM Amlan  wrote:

> Who can provide consultancy and support for in-premise deployment of
> upstream version (community version) of Kubernetes?
>

CoreOS Tectonic uses un-patched upstream Kubernetes and we have
installation and guides for on-premise. You can get access to our
bare-metal on-premise installation tooling here:
https://coreos.com/tectonic/

If you have questions feel free to reach out directly: bran...@coreos.com

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Run a job on all nodes in the cluster

2017-01-20 Thread Brandon Philips

On Fri, Jan 20, 2017 at 1:40 PM 'Tim Hockin' via Kubernetes user discussion
and Q&A  wrote:

> Concretely the "tweak a sysctl" thing leaves machines that are
> "dirty".  Once you allow any users to do this, the machines become
> less useful for anyone else who doesn't specifically tolerate that
> tweak.  Almost every sysctl represents a tradeoff.  Optimize for
> low-latency network?  Pay higher CPU and memory costs.  And so on.
>

I am not saying it is necessarily the right solution for users; just that I
have seen people wanting to do `kubectl get nodes | while read host ; ssh
$host echo foo > /proc/sys/bar`. It would be nice to at least bring that
into the API fold and auditing.

Brandon


> On Fri, Jan 20, 2017 at 12:33 PM, 'David Oppenheimer' via Kubernetes
> user discussion and Q&A  wrote:
> > Brandon, would you like to file an issue in kubernetes/kubernetes to
> start?
> > FWIW the privileged run-to-completion node configuration script is a use
> > case we have also seen at Google, but the semantics get a bit tricky. We
> > could start with just a run-to-completion DaemonSet which I think covers
> the
> > use cases you mentioned as well as the one from Mayank.
> >
> >
> >
> > On Fri, Jan 20, 2017 at 10:26 AM, Brandon Philips
> >  wrote:
> >>
> >> I think this would be a nice thing to have. I have seen a few users
> >> wanting to do things like run a quick script against all nodes in a
> cluster
> >> that say tweaks a sysctl across the entire fleet. Or, gathers up some
> >> setting and pushes the results to some service.
> >>
> >> I think it would be worthwhile to gather other use cases and write a
> >> proposal.
> >>
> >> On Fri, Jan 20, 2017 at 1:01 AM 'David Oppenheimer' via Kubernetes user
> >> discussion and Q&A  wrote:
> >>>
> >>> Unfortunately I don't think it's possible. The documentation for
> >>> DaemonSet says the RestartPolicy must be Always. If it allowed Never
> then it
> >>> would do what you want.
> >>>
> >>>
> >>> On Thu, Jan 19, 2017 at 2:37 PM, Mayank  wrote:
> >>>>
> >>>> Hi All
> >>>> Is there a way to create a kubernetes job that runs on all nodes in
> the
> >>>> cluster and then finishes without creating one job per node using node
> >>>> selector ? Or may be this is enhancement to say run this job on all
> hosts
> >>>> with regex *.ops.net and viola
> >>>>
> >>>> -Mayank
> >>>>
> >>>> --
> >>>> You received this message because you are subscribed to the Google
> >>>> Groups "Kubernetes user discussion and Q&A" group.
> >>>> To unsubscribe from this group and stop receiving emails from it, send
> >>>> an email to kubernetes-users+unsubscr...@googlegroups.com.
> >>>> To post to this group, send email to
> kubernetes-users@googlegroups.com.
> >>>> Visit this group at https://groups.google.com/group/kubernetes-users.
> >>>> For more options, visit https://groups.google.com/d/optout.
> >>>
> >>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups
> >>> "Kubernetes user discussion and Q&A" group.
> >>> To unsubscribe from this group and stop receiving emails from it, send
> an
> >>> email to kubernetes-users+unsubscr...@googlegroups.com.
> >>> To post to this group, send email to kubernetes-users@googlegroups.com
> .
> >>> Visit this group at https://groups.google.com/group/kubernetes-users.
> >>> For more options, visit https://groups.google.com/d/optout.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Kubernetes user discussion and Q&A" group.
> >> To unsubscribe from this group and stop receiving emails from it, send
> an
> >> email to kubernetes-users+unsubscr...@googlegroups.com.
> >> To post to this group, send email to kubernetes-users@googlegroups.com.
> >> Visit this group at https://groups.google.com/group/kubernetes-users.
> >> For more options, visit https://groups.google.com/d/optout.
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and sto

Re: [kubernetes-users] Run a job on all nodes in the cluster

2017-01-20 Thread Brandon Philips

I think this would be a nice thing to have. I have seen a few users wanting
to do things like run a quick script against all nodes in a cluster that
say tweaks a sysctl across the entire fleet. Or, gathers up some setting
and pushes the results to some service.

I think it would be worthwhile to gather other use cases and write a
proposal.

On Fri, Jan 20, 2017 at 1:01 AM 'David Oppenheimer' via Kubernetes user
discussion and Q&A  wrote:

> Unfortunately I don't think it's possible. The documentation for DaemonSet
>  says the RestartPolicy must
> be Always. If it allowed Never then it would do what you want.
>
>
> On Thu, Jan 19, 2017 at 2:37 PM, Mayank  wrote:
>
> Hi All
> Is there a way to create a kubernetes job that runs on all nodes in the
> cluster and then finishes without creating one job per node using node
> selector ? Or may be this is enhancement to say run this job on all hosts
> with regex *.ops.net and viola
>
> -Mayank
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Best way to cache data on Kubernetes

2017-01-18 Thread Brandon Philips

On Wed, Jan 18, 2017 at 10:12 AM Vincent Coquart  wrote:

> We are migrating our micro service on Kubernetes.
>
> I have some questions about what is the best way to cache data on a
> Kubernetes Cluster.
>
> I see two solutions :
> - Create a Redis (or Aerospike, or Couchbase ..) cluster in a Kubernetes
> Cluster.
> - Add a memcached container in my pod.
>
> Today, I have a global cache, each micro-services have its buckets. I'm
> not sure that is right thing on Kubernetes.
>

Either architecture is fine on Kubernetes. Is there something about
Kubernetes you are concerned about with either design?

Brandon

>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] setup kubedns failed (kubernetes 1.5.1)

2016-12-19 Thread Brandon Philips

Hello Karl-

How did you deploy Kubernetes? In nearly all environments DNS should be
installed on your behalf.

Can you paste in here the final kube-dns deployment you got after
templating? Seems like something went wrong.

Brandon

On Mon, Dec 19, 2016 at 1:23 AM Karl Vito Lam  wrote:

> Hello,
>
> I am trying to setup a kubernetes cluster. I can apply the "Deployment",
> "Service" resource to the cluster successfully.
>
> Then I use the template in
> https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/kubedns-controller.yaml.base,
> but failed with the error message
>
>
> server.go:54] Failed to create a kubernetes client: invalid configuration:
> no configuration has been provided
>
>
>  Any ideas?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: nginx ingress controller configuration on Kubernetes vagrant

2016-12-15 Thread Brandon Philips

On Thu, Dec 15, 2016 at 3:30 PM Mugdho Debnath  wrote:

> This works pretty well if you move from using CoreOS to Ubuntu (or any
> other linux distro) VMs. From the bit of digging that I did, it seems that
> nginx / traefix is not opening the required port on CoreOS for some reason.
>

Odd. Adding a few folks from the CoreOS team to see why Container Linux
isn't working with this ingress setup.

Thank You,

Brandon


> On Wed, Dec 14, 2016 at 3:19 PM Yuriy Filonov 
> wrote:
>
> Unfortunately, I was not able to get an ingress controller working on
> local setup.
> Now I am using NodePort locally and load balancers in cloud.
>
> On Wed, Dec 14, 2016 at 10:57 PM,  wrote:
>
>
> I am also hitting this same issue so would be interested to know the
> solution if either of you have figured this out.
>
> Thanks
> Jack
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/ClDVAU5vKM4/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/ClDVAU5vKM4/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] What to examine to understand an existing kubernetes install?

2016-12-12 Thread Brandon Philips

Also, ensure that etcd is being backed up as you poke around and ideally in
a clustered configuration.

On Mon, Dec 12, 2016 at 8:52 AM Rodrigo Campos  wrote:

> Tim++, and see if the k8s version is not vulnerable to a security bug
> (it's been one like 1/2 months ago, can't easily search for the link on my
> phone).
>
> And particular attention to how auth is handled and see how to invalidate
> access to him, just in case.
>
>
> On Monday, December 12, 2016, 'Tim Hockin' via Kubernetes user discussion
> and Q&A  wrote:
>
> I would look at the network config, the flags on the master and kubelets,
> and the existing namespace usages
>
> On Dec 11, 2016 8:21 PM, "Bruno Bronosky" 
> wrote:
>
> If you came into a new company with a production kubernetes cluster but
> they knew nothing about it (the person who set it up was gone) what would
> you examine to get an understanding of it?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Kuburnetes on Mesos?

2016-12-09 Thread Brandon Philips

On Friday, December 9, 2016 at 11:06:51 AM UTC-8, kvch...@gmail.com wrote:
>
> On Thursday, December 8, 2016 at 9:30:03 PM UTC-8, David Oppenheimer 
> wrote: 
> > I know there are some people using Kubernetes-on-Mesos, but we haven't 
> really heard any details on the exact use cases they're addressing. (Maybe 
> someone on the mailing list who is using it will reply.) Here is the press 
> release from Mesosphere announcing it two years ago. Mesosphere is no 
> longer directly involved in the project, and it's part of the "Kubernetes 
> incubator" here. 
>

That flowchart is out of date. Kubernetes has been tested up to 2,000 nodes 
and should support 5,000 hosts and beyond with the new etcd3 
--storage-backend: http://kubernetes.io/docs/admin/kube-apiserver/

Brandon

 

> > On Thu, Dec 8, 2016 at 8:42 PM, BYEONG-GI KIM  
> wrote: 
> > 
> > Hello. 
> > 
> > 
> > I'm wonder the exact purpose to integrate Kubernetes with Mesos, since 
> Kubernetes has already supported resource management & monitoring itself as 
> mentioned at http://kubernetes.io/docs/user-guide/compute-resources/ and 
> http://kubernetes.io/docs/user-guide/monitoring/. 
> > 
> > 
> > Could you explain what the benefits can be brought by using Mesos on 
> Kubernetes? Is it for resource management automation?... I'd really want to 
> know the current limitations of Kubernetes and what is solved by via Mesos. 
> > 
> > 
> > Thanks in advance. 
> > 
> > 
> > Best regards 
> > 
> > 
> > KIM 
> > 
> > 
> > 
> > 
> > -- 
> > 
> > You received this message because you are subscribed to the Google 
> Groups "Kubernetes user discussion and Q&A" group. 
> > 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to kubernetes-use...@googlegroups.com. 
> > 
> > To post to this group, send email to kubernet...@googlegroups.com. 
> > 
> > Visit this group at https://groups.google.com/group/kubernetes-users. 
> > 
> > For more options, visit https://groups.google.com/d/optout. 
>
> - 
>
> I got this link from Racksapce: 
> https://www.socallinuxexpo.org/sites/default/files/presentations/SCALE_14_Docker_Kubernetes_Mesos_Compared_0.pdf
>  
>
> Please refer to slid number 39 and draw your own conclusion. Hope this 
> shed some light. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] remote deployment

2016-12-05 Thread Brandon Philips

On Fri, Dec 2, 2016 at 1:28 PM Ben Kochie  wrote:

> Kubernetes requires all nodes that run pods to have the kubelet running to
> manage the containers.  This also means  that everything in the cluster
> needs to be part of the same overlay network.
>

Just to be clear you don't need to be using an overlay network with
Kubernetes. Everything on the cluster does need to be on the same network
 and you can
achieve this using an overlay or many other methods like BGP announces or
host gateways.

Brandon


> On Dec 2, 2016 20:55,  wrote:
>
> > What do you mean with "remote deploying"? Is there any way to deploy
> that is not
> > remote and used today? Sorry, I really don't follow. Can you please
> elaborate? :)
>
> Sure! I mean that I don't want to use Kubernetes to deploy and monitor
> micro services on a cluster composed by machines within the same network. I
> want to find a tool to deliver micro services to machines outside my
> network. The job that I have to take care of, is moving a micro service
> from point A to point b over the internet.
> I hope this is more clear.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Re: Running Calico on GKE

2016-11-30 Thread Brandon Philips

Aside: kube-flannel takes care of dropping the CNI plugin on the root
filesystem in this way today
.
But, yes, the kubelet needs to be in CNI mode first.

On Wed, Nov 30, 2016 at 10:13 AM 'Tim Hockin' via Kubernetes user
discussion and Q&A  wrote:

> The trick is that it has to drop files in the root filesystem,
> configure a kubelet flag, and restart kubelet.  There's really no way
> to do that from daemonset.
>
> On Wed, Nov 30, 2016 at 2:15 AM, mxmxmx  wrote:
> > Thanks for your answer.
> > Thats mainly why we were sceptical about it.
> > Do you think it could be done using a DaemonSet, or is there other main
> > issues to consider ?
> >
> > Is there some public discussion to follow on this topic somewhere around
> ?
> >
> > Le mardi 29 novembre 2016 01:17:28 UTC+1, Tim Hockin a écrit :
> >>
> >> I am not sure that is true for GKE - where the whole node config is
> >> blown away on node upgrade.
> >>
> >> We are currently considering options for supporting NetworkPolicy on
> >> GKE, but we don't have a finished plan just yet.
> >>
> >> On Mon, Nov 28, 2016 at 3:56 PM, Christopher Liljenstolpe <
> c...@tigera.io>
> >> wrote:
> >> > Greetings,
> >> >
> >> > It is possible to enable Calico on GKE.  I haven't personally done it,
> >> > but
> >> > we have tested it here.  You need to enable CNI in your config, then
> >> > spin-up
> >> > a self-hosted Calico install and you should be good to go.  Calico
> will
> >> > only
> >> > be providing policy control at that point (which is what it looks like
> >> > you
> >> > want).   If you have questions, please join our slack at
> >> > slack.projectcalico.org, or e-mail me directly.
> >> >
> >> > Christopher
> >> >
> >> >
> >> > On Sunday, November 27, 2016 at 11:55:33 PM UTC-8, mxmxmx wrote:
> >> >>
> >> >> Hi guys,
> >> >>
> >> >> I would like to know if its possible to run Calico on GKE to enable
> >> >> fine-grained network policies ?
> >> >> If not, is it something planned ?
> >> >>
> >> >> Thanks for any advice !
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Kubernetes user discussion and Q&A" group.
> >> > To unsubscribe from this group and stop receiving emails from it, send
> >> > an
> >> > email to kubernetes-use...@googlegroups.com.
> >> > To post to this group, send email to kubernet...@googlegroups.com.
> >> > Visit this group at https://groups.google.com/group/kubernetes-users.
> >> > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Have anyone successfully registered more than 120 nodes with Kube-master 1.4.x?

2016-11-30 Thread Brandon Philips

ulimits are applied to processes not users. That process has a 4096 file
limit.

How are you running the API server? Systemd? Docker container? Can you
provide a gist of what you are doing so I can suggest a fix?

On Wed, Nov 30, 2016 at 1:22 PM  wrote:

> On Tuesday, November 29, 2016 at 5:30:53 PM UTC-8, Brandon Philips wrote:
> > How are you running the API server? If you are running it in a container
> your shell ulimits won't match. Find the API server PID and do:
> >
> >
> > cat /proc/$PID/limits to check
> >
> >
> > On Tue, Nov 29, 2016 at 5:11 PM  wrote:
> > On Tuesday, November 29, 2016 at 4:34:19 PM UTC-8, Daniel Smith wrote:
> >
> > > You need to increase the number of file descriptors. ulimit is the
> relevant search term.
> >
> > >
> >
> > >
> >
> > > On Tue, Nov 29, 2016 at 3:26 PM,   wrote:
> >
> > > with <= 120 nodes there is no issue, once it reaches to node 121 then
> I got an error:  /var/log/upstart/kube-apiserver.log
> >
> > >
> >
> > >
> >
> > >
> >
> > > I1129 06:35:40.1635117655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:41.1636687655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:42.1638007655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:43.1639197655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > W1129 06:35:43.9128147655 storage_extensions.go:83] third party
> resource sync failed: client: etcd cluster is unavailable or misconfigured
> >
> > >
> >
> > > I1129 06:35:44.1640487655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:45.1641657655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:46.1642777655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:47.1643997655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:48.1645247655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > I1129 06:35:49.1646647655 logs.go:41] http: Accept error: accept
> tcp [::]:8080: accept4: too many open files; retrying in 1s
> >
> > >
> >
> > > 
> >
> > >
> >
> > >
> >
> > >
> >
> > > root@ovrh:/var/log/upstart$ ulimit -a
> >
> > >
> >
> > > core file size  (blocks, -c) 0
> >
> > >
> >
> > > data seg size   (kbytes, -d) unlimited
> >
> > >
> >
> > > scheduling priority (-e) 0
> >
> > >
> >
> > > file size   (blocks, -f) unlimited
> >
> > >
> >
> > > pending signals (-i) 772117
> >
> > >
> >
> > > max locked memory   (kbytes, -l) 64
> >
> > >
> >
> > > max memory size (kbytes, -m) unlimited
> >
> > >
> >
> > > open files  (-n) 10
> >
> > >
> >
> > > pipe size(512 bytes, -p) 8
> >
> > >
> >
> > > POSIX message queues (bytes, -q) 819200
> >
> > >
> >
> > > real-time priority  (-r) 0
> >
> > >
> >
> > > stack size  (kbytes, -s) 8192
> >
> > >
> >
> > > cpu time   (seconds, -t) unlimited
> >
> > >
> >
> > > max user processes  (-u) 772117
> >
> > >
> >
> > > virtual memory  (kbytes, -v) unlimited
> >
> > >
> >
> > > file locks  (-x) unlimited
> >
> > >
> >
> > > roo

Re: [kubernetes-users] Have anyone successfully registered more than 120 nodes with Kube-master 1.4.x?

2016-11-29 Thread Brandon Philips

How are you running the API server? If you are running it in a container
your shell ulimits won't match. Find the API server PID and do:

cat /proc/$PID/limits to check

On Tue, Nov 29, 2016 at 5:11 PM  wrote:

> On Tuesday, November 29, 2016 at 4:34:19 PM UTC-8, Daniel Smith wrote:
> > You need to increase the number of file descriptors. ulimit is the
> relevant search term.
> >
> >
> > On Tue, Nov 29, 2016 at 3:26 PM,   wrote:
> > with <= 120 nodes there is no issue, once it reaches to node 121 then I
> got an error:  /var/log/upstart/kube-apiserver.log
> >
> >
> >
> > I1129 06:35:40.1635117655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:41.1636687655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:42.1638007655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:43.1639197655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > W1129 06:35:43.9128147655 storage_extensions.go:83] third party
> resource sync failed: client: etcd cluster is unavailable or misconfigured
> >
> > I1129 06:35:44.1640487655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:45.1641657655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:46.1642777655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:47.1643997655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:48.1645247655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > I1129 06:35:49.1646647655 logs.go:41] http: Accept error: accept tcp
> [::]:8080: accept4: too many open files; retrying in 1s
> >
> > 
> >
> >
> >
> > root@ovrh:/var/log/upstart$ ulimit -a
> >
> > core file size  (blocks, -c) 0
> >
> > data seg size   (kbytes, -d) unlimited
> >
> > scheduling priority (-e) 0
> >
> > file size   (blocks, -f) unlimited
> >
> > pending signals (-i) 772117
> >
> > max locked memory   (kbytes, -l) 64
> >
> > max memory size (kbytes, -m) unlimited
> >
> > open files  (-n) 10
> >
> > pipe size(512 bytes, -p) 8
> >
> > POSIX message queues (bytes, -q) 819200
> >
> > real-time priority  (-r) 0
> >
> > stack size  (kbytes, -s) 8192
> >
> > cpu time   (seconds, -t) unlimited
> >
> > max user processes  (-u) 772117
> >
> > virtual memory  (kbytes, -v) unlimited
> >
> > file locks  (-x) unlimited
> >
> > root@ovrh:/var/log/upstart$
> >
> >
> >
> > --
> >
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> >
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-use...@googlegroups.com.
> >
> > To post to this group, send email to kubernet...@googlegroups.com.
> >
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> >
> > For more options, visit https://groups.google.com/d/optout.
>
> ---
>
> I increated the "open file" value from 1024 to 10 and still had the
> same issue.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] kube-dns still up for a while and dies

2016-11-21 Thread Brandon Philips

On Mon, Nov 21, 2016 at 5:45 AM  wrote:

> E1121 13:05:10.957270   1 reflector.go:136] Failed to list
> *api.Service: Get https://10.104.25.85:443/api/v1/services: x509: failed
> to load system roots and no roots provided
>

This doesnt' seem right. Can you include the output of the kube-dns service
and pods?

kubectl get -n kube-system pod  kube-dns-v8-ujfqn -o yaml
kubectl get -n kube-system service kube-dns -o yaml

My hunch is that whatever container you are using is missing CA
certificates.

Thank You,

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] KubeCon Video Recordings Playlist on Youtube

2016-11-16 Thread Brandon Philips

Hey Everyone-

Videos from KubeCon Seattle are now available:
https://www.youtube.com/playlist?list=PLj6h78yzYM2PqgIGU1Qmi8nY7dqn9PCr4

Thank you to the speakers, KubeCon program committee, and the CNCF and LF
for putting together an overwhelmingly successful event.

Cheers,

Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Is it possible to route Kubernetes service based on Metadata ?

2016-11-15 Thread Brandon Philips

Maybe this diagram can help explain how you can use label queries to
accomplish this:

https://speakerdeck.com/philips/coreos-a-tutorial-on-hyperscale-infrastructure?slide=100

Brandon

On Tue, Nov 15, 2016 at 11:31 PM Vinoth Narasimhan 
wrote:

> Let say i have 4 pods running . 2 have them label "app=xyz" and 2 of them
> lable "app=abc" under the same service "testservice"
>
>
> I want to hit the pods services through "testservice" only to the pods
> have the label "app=xyz"
>
>
> when hit "http://testservice"; it will loadbalance across all the 4 pods .
>
> I need to specific to forward the request to the pods which has the label
> "app=xyz"
>
>
> like http://testservice.
>
>
>
>
> On Wednesday, November 16, 2016 at 12:50:01 PM UTC+5:30, Brandon Philips
> wrote:
>
> Yes, create a service with a label selector for each combination:
>
> http://kubernetes.io/docs/user-guide/labels/#label-selectors
> http://kubernetes.io/docs/user-guide/services/#defining-a-service
>
>
> On Tue, Nov 15, 2016 at 11:12 PM Vinoth Narasimhan 
> wrote:
>
> Our aim is to replace the Netflix Discovery with Kubernetes service Layer.
>
> Our team register the Microservices app with Netflix eureka with metadata
> like "tetant:xyz" and "tetant:abc" and uses Zuul to dynamic routing to the
> app based on the Metadata from headers.
>
>
> Through kubernetes services we can find the pod ip and port to forward.
>
> Is there a way like forward the service to specific pod by using the
> labels.
>
> Let say i have one service layer in kubernetes say "testservice" with
> lables "app=xyz" and "app=abc"
>
> and i stared with 4 pod with 2 of them have selector "app=xyz" and 2 of
> them have "app=abc" under the same service layer "testservice"
>
>
> Is there a way to access the service "testservice" to only the pod group
> which has "app=xyz" and "app=abc"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-use...@googlegroups.com.
> To post to this group, send email to kubernet...@googlegroups.com.
>
>
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Is it possible to route Kubernetes service based on Metadata ?

2016-11-15 Thread Brandon Philips

Yes, create a service with a label selector for each combination:

http://kubernetes.io/docs/user-guide/labels/#label-selectors
http://kubernetes.io/docs/user-guide/services/#defining-a-service


On Tue, Nov 15, 2016 at 11:12 PM Vinoth Narasimhan 
wrote:

> Our aim is to replace the Netflix Discovery with Kubernetes service Layer.
>
> Our team register the Microservices app with Netflix eureka with metadata
> like "tetant:xyz" and "tetant:abc" and uses Zuul to dynamic routing to the
> app based on the Metadata from headers.
>
>
> Through kubernetes services we can find the pod ip and port to forward.
>
> Is there a way like forward the service to specific pod by using the
> labels.
>
> Let say i have one service layer in kubernetes say "testservice" with
> lables "app=xyz" and "app=abc"
>
> and i stared with 4 pod with 2 of them have selector "app=xyz" and 2 of
> them have "app=abc" under the same service layer "testservice"
>
>
> Is there a way to access the service "testservice" to only the pod group
> which has "app=xyz" and "app=abc"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Request service from minion only forward to local deployed pod in that minion

2016-11-15 Thread Brandon Philips

All of those releases are quite old for community support. Can you try
something newer?

On Tue, Nov 15, 2016 at 10:21 PM Mootez Bessifi 
wrote:

> @Brandon Philips: Thank you very much for you answer.
> Yesterday after doing some advanced research i found out a bug
> <https://bugzilla.redhat.com/show_bug.cgi?id=1342940> declared on
> bugzilla redhat. they talk exactly for what i am facing now.
> i am working which flannel 0.6.2, etcd 2.3.7, kubernetes 1.2.0 (master
> side), kubernetes 1.2.4 (node side) and docker 1.10.3.
> they propose a workaround but it seems not very clean.
> is there a way to do it better ?
>
> 2016-11-16 2:07 GMT+03:00 Brandon Philips :
>
> It sounds like your Pod Network isn't working. How is your network setup?
>
> Read more about Kubernetes networking here:
> https://github.com/kubernetes/kubernetes/blob/master/docs/design/networking.md
>
>
>
> On Mon, Nov 14, 2016 at 11:34 PM  wrote:
>
> Hi everybody,
> sorry but i am in very strange state since last week.
> i setup a Kubernetes cluster (one master and two minions) on centos 7
> following kubernetes.io centos documentation.
> Every thing seems working fine as expected.
> After that, i tried to run some examples above my cluster (i began with
> this one http://kubernetes.io/docs/user-guide/connecting-applications/).
> When i tried to make up 2 pods into each minion and expose a service for
> them, it turned out that when i try to request the service from the master,
> nothing is returned (any response from 2 pods) and when i try to request
> the service from a minion, only the pod deployed in that minion respond but
> the other no.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/qwZthDT1U_s/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
>
>
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Request service from minion only forward to local deployed pod in that minion

2016-11-15 Thread Brandon Philips

It sounds like your Pod Network isn't working. How is your network setup?

Read more about Kubernetes networking here:
https://github.com/kubernetes/kubernetes/blob/master/docs/design/networking.md



On Mon, Nov 14, 2016 at 11:34 PM  wrote:

> Hi everybody,
> sorry but i am in very strange state since last week.
> i setup a Kubernetes cluster (one master and two minions) on centos 7
> following kubernetes.io centos documentation.
> Every thing seems working fine as expected.
> After that, i tried to run some examples above my cluster (i began with
> this one http://kubernetes.io/docs/user-guide/connecting-applications/).
> When i tried to make up 2 pods into each minion and expose a service for
> them, it turned out that when i try to request the service from the master,
> nothing is returned (any response from 2 pods) and when i try to request
> the service from a minion, only the pod deployed in that minion respond but
> the other no.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] kube-dns not able to connect to kubernetes service

2016-11-13 Thread Brandon Philips

OK, well please file an issue and cc this thread if it happens again. There
wasn't enough details in your original report to really have a hunch about
the issue. Next time please include as many of these details as you can:
https://github.com/kubernetes/kubernetes/blob/master/.github/ISSUE_TEMPLATE.md


On Sun, Nov 13, 2016 at 8:21 PM Manoj Khotele 
wrote:

> I had restarted the DNS pod, but of no use.
>
> Finally I ended up deleting the cluster and recreating another one.
>
> Fortunately this was dev cluster. Now I am evaluating and preparing a plan
> to migrate the deployments to new cluster without any downtime and without
> loosing data of statefull application.
>
> Any tips for this goal are most welcome.
>
> BR, Manoj
>
> On Mon, Nov 14, 2016, 9:37 AM Brandon Philips 
> wrote:
>
> Did you try deleting the pod? Can you try launching another pod from the
> same box and see if you can reach the API server at that IP? I forget if
> kube-dns has bash but something like this:
> http://kubernetes.io/docs/user-guide/getting-into-containers/
>
> On Tue, Nov 8, 2016 at 11:25 PM Manoj Khotele <
> manojkumar.khot...@gmail.com> wrote:
>
> Hello,
>
> I have a kubernetes v 1.3.4 cluster created on aws. It was running for
> more than 90 days.
>
> And now suddenly it has started complaining. It could be that somebody
> enforced restarting by deleting the pod.
>
> E1109 05:54:44.906919   1 reflector.go:216] pkg/dns/dns.go:154: Failed
> to list *api.Endpoints: Get
> https://10.0.0.1:443/api/v1/endpoints?resourceVersion=0: dial tcp
> 10.0.0.1:443: i/o timeout
> E1109 05:54:44.907207   1 reflector.go:216] pkg/dns/dns.go:155: Failed
> to list *api.Service: Get
> https://10.0.0.1:443/api/v1/services?resourceVersion=0: dial tcp
> 10.0.0.1:443: i/o timeout
>
> Though, I can reach to kubernetes service successfully from outside the
> k8s-cluster using basic authentication.
>
> What is going wrong? How can i recover from this problem?
>
> Best regards,
> Manoj
>
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
>
>
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
>
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kubernetes-users/1XabiMWRvyQ/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
>
>
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Is there any influencing factor has an influence on the time costed by "kubectl get" and "kubectl delete" ?

2016-11-13 Thread Brandon Philips

Add `-v 9` to get a debug log of requests and their time to complete. e.g.
`kubectl get deployments -v 9`

On Fri, Nov 4, 2016 at 12:50 AM  wrote:

> Is there any influencing factor has an influence on the time costed by
> "kubectl get" and "kubectl delete" ?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Minikube: Kubectl could not connect to kubernetes-cluster in windows 7

2016-11-13 Thread Brandon Philips

Have you tried using the hyperv driver instead?

Otherwise, see if there might be a relevant issue on the minikube repo:
https://github.com/kubernetes/minikube/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20windows

On Fri, Nov 4, 2016 at 8:57 AM Soms  wrote:

> Hi
>
> I'm trying to run Minikube v0.12.2 in windows 7.   'minikube.exe start'
> failed to start the process.  But, it created a vm named 'minikube' in the
> virtualbox. Any help appreciated.
>
> PS C:\Users\soms\Downloads> .\minikube.exe start
> Starting local Kubernetes cluster...
> Downloading Minikube ISO
>  36.00 MB / 36.00 MB [==]
> 100.00% 0s
> E1104 21:16:17.7840369252 start.go:92] Error starting host: Error
> creating new host: Error attempting to get plugin
> server address for RPC: Failed to dial the plugin server in 10s. Retrying.
> E1104 21:16:17.7850369252 start.go:98] Error starting host:  Error
> creating new host: Error attempting to get plugin
>  server address for RPC: Failed to dial the plugin server in 10s
>
> 
> An error has occurred. Would you like to opt in to sending anonymized
> crash
> information to minikube to help prevent future errors?
> To opt out of these messages, run the command:
> minikube config set WantReportErrorPrompt false
>
> 
> Please enter your response [Y/n]:
> n
> PS C:\Users\soms\Downloads>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Performance issue with an application on GKE and in Vagrant

2016-11-13 Thread Brandon Philips

My first suggested step of debugging would be running the frontend and
middleware containers in the same pod and have them connect to each other
over localhost. If that works then I would try and see if behavior changes
with kube-proxy --proxy-mode userspace as it might be something with the
iptables kube-proxy.

Good luck.

Brandon

On Tue, Nov 8, 2016 at 6:11 AM Christian Koep  wrote:

> Hi,
> so I'm running the following environment on GKE:
>
> $ gcloud container clusters list
> NAME ZONEMASTER_VERSION
>  MASTER_IP   MACHINE_TYPE   NODE_VERSION  NUM_NODES  STATUS
> HIDDEN   europe-west1-d  1.4.5 ALPHA (28 days left)
>  104.155.56.160  n1-standard-1  1.4.5 5  RUNNING
>
> I deployed a simple proof of concept app written in golang. The stack
> looks like this:
>
>
> [ browser ]
>|
>V
> [ gce lb ]
>|
>V
> [ frontend service ]
>|
>V
> [ frontend pod ]
>|
>V
> [ middleware service ]
>|
>V
> [ middleware pod ]
>|
>V
> [ db service ]
>|
>V
> [ db pod ]
>
>
> I'm experiencing a weird performance bottleneck as soon as I send http
> requests (about 50 per second) against the app. This happens only on
> Kubernetes (Vagrant and GCE). If I run this app in "plain" linked docker
> containers the bottleneck is not present.
>
> Here are the connection times to illustrate the bn:
>
> [*ok*] browser -> frontend service: microseconds
> [*weird*] frontend pod -> middleware service: seconds(!)
> [*ok*] middleware pod -> db service: microseconds
>
> So it looks like the communication between the frontend pod and the
> middleware service breaks after a few requests, resulting in errors like
>
> net/http: timeout awaiting response header
>
> and
>
> dial tcp 0.0.0.0:0->104.155.88.14:80: i/o timeout
>
>
> I'm not sure how to debug this. I don't think the application is the
> problem since there are no issues when running the app locally in docker.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

1 2 >

1 - 100 of 119 matches

Mail list logo