ulimit core size for specific pod(container) in Openshift
Hi, Is there a way in openshift to configure ulimit core size(as 0) for a specific docker container ? In docker, there is a argument like --core size=0 to "docker run" by which you can have core size for a specific docker container. Is there some configuration available in openshift template for same? Note: Updating "kernel.core_pattern as |/bin/false" helps but if affects the Host (and other containers) as well. Also, tried out these(as part of docker build), but all the below three fails to stop core getting generated. 1. echo 'DumpCore=no' | tee -a /etc/systemd/system.conf 2. echo '* hardcore0' | tee -a /etc/security/limits.conf 3. echo 'ulimit -c 0' | tee -a /etc/profile Please let me know whether any way exists in openshift / any suggestion with above approaches? Thanks, Saravana ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: How to make 172.30.0.1 (kubernetes service) health checked?
In OpenShift 3.9, when a master goes down the endpoints object should be updated within 15s (the TTL on the record for the master). You can check the value of "oc get endpoints -n default kubernetes" - if you still see the master IP in that list after 15s then something else is wrong. On Wed, Jun 27, 2018 at 9:33 AM, Joel Pearson wrote: > Hi, > > I'm running OpenShift 3.9 on AWS with masters in HA mode using Classic > ELB's doing TCP load balancing. If I restart masters, from outside the > cluster the ELB does the right thing and takes a master out of service. > However, if something tries to talk to the kubernetes API inside the > cluster, it seems that kubernetes is unaware the master is missing, and I > get failures when I'm serially restarting masters. > > Is there some way that I can point the kubernetes service to use the load > balancer? Maybe I should update the kubernetes endpoint object to use the > ELB IP address instead of the actual master addresses? Is this a valid > approach? Is there some way with openshift-ansible I can tell the > kubernetes service to use the load balancer when it creates the kubernetes > service? > > Thanks, > > Joel > > > apiVersion: v1 > kind: Service > metadata: > creationTimestamp: '2018-06-27T06:30:50Z' > labels: > component: apiserver > provider: kubernetes > name: kubernetes > namespace: default > resourceVersion: '45' > selfLink: /api/v1/namespaces/default/services/kubernetes > uid: a224fd75-79d3-11e8-bd57-0a929ba50438 > spec: > clusterIP: 172.30.0.1 > ports: > - name: https > port: 443 > protocol: TCP > targetPort: 443 > - name: dns > port: 53 > protocol: UDP > targetPort: 8053 > - name: dns-tcp > port: 53 > protocol: TCP > targetPort: 8053 > sessionAffinity: ClientIP > sessionAffinityConfig: > clientIP: > timeoutSeconds: 10800 > type: ClusterIP > status: > loadBalancer: {} > > > apiVersion: v1 > kind: Endpoints > metadata: > creationTimestamp: '2018-06-27T06:30:50Z' > name: kubernetes > namespace: default > resourceVersion: '83743' > selfLink: /api/v1/namespaces/default/endpoints/kubernetes > uid: a22a0283-79d3-11e8-bd57-0a929ba50438 > subsets: > - addresses: > - ip: 10.2.12.53 > - ip: 10.2.12.72 > - ip: 10.2.12.91 > ports: > - name: dns > port: 8053 > protocol: UDP > - name: dns-tcp > port: 8053 > protocol: TCP > - name: https > port: 443 > protocol: TCP > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Log tracing on configmaps modifications - or other resources
If you have api audit logging on (see docs for master-config) you would see who edited the config map and what time. On Jun 27, 2018, at 1:59 PM, leo David wrote: Hello everyone, I'm encountering this situation on OS Origin 3.9, in which someone whith full acces in a particular namespace modified a ConfigMap and broke a service. Is there a way to trace who / when edited a resource in OpenShift - as security concerns ? Thank you very much ! -- *Leo David* * DevOps* *Syncrasy LTD* www.syncrasy.io ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Log tracing on configmaps modifications - or other resources
Hello everyone, I'm encountering this situation on OS Origin 3.9, in which someone whith full acces in a particular namespace modified a ConfigMap and broke a service. Is there a way to trace who / when edited a resource in OpenShift - as security concerns ? Thank you very much ! -- *Leo David* * DevOps* *Syncrasy LTD* www.syncrasy.io ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
List the options openshift_node_labels
Hi dear, Where find the list options the configuration for openshift_node_group_name . and openshift_node_labels to OpenShift Origin? -- Atenciosamente, Rafael Tomelin skype: rafael.tomelin E-mail: rafael.tome...@gmail.com RHCE - Red Hat Certified Engineer PPT-205 - Puppet Certified Professional 2017 Zabbix- ZABBIX Certified Specialist LPI3 ITIL v3 ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
How to make 172.30.0.1 (kubernetes service) health checked?
Hi, I'm running OpenShift 3.9 on AWS with masters in HA mode using Classic ELB's doing TCP load balancing. If I restart masters, from outside the cluster the ELB does the right thing and takes a master out of service. However, if something tries to talk to the kubernetes API inside the cluster, it seems that kubernetes is unaware the master is missing, and I get failures when I'm serially restarting masters. Is there some way that I can point the kubernetes service to use the load balancer? Maybe I should update the kubernetes endpoint object to use the ELB IP address instead of the actual master addresses? Is this a valid approach? Is there some way with openshift-ansible I can tell the kubernetes service to use the load balancer when it creates the kubernetes service? Thanks, Joel apiVersion: v1 kind: Service metadata: creationTimestamp: '2018-06-27T06:30:50Z' labels: component: apiserver provider: kubernetes name: kubernetes namespace: default resourceVersion: '45' selfLink: /api/v1/namespaces/default/services/kubernetes uid: a224fd75-79d3-11e8-bd57-0a929ba50438 spec: clusterIP: 172.30.0.1 ports: - name: https port: 443 protocol: TCP targetPort: 443 - name: dns port: 53 protocol: UDP targetPort: 8053 - name: dns-tcp port: 53 protocol: TCP targetPort: 8053 sessionAffinity: ClientIP sessionAffinityConfig: clientIP: timeoutSeconds: 10800 type: ClusterIP status: loadBalancer: {} apiVersion: v1 kind: Endpoints metadata: creationTimestamp: '2018-06-27T06:30:50Z' name: kubernetes namespace: default resourceVersion: '83743' selfLink: /api/v1/namespaces/default/endpoints/kubernetes uid: a22a0283-79d3-11e8-bd57-0a929ba50438 subsets: - addresses: - ip: 10.2.12.53 - ip: 10.2.12.72 - ip: 10.2.12.91 ports: - name: dns port: 8053 protocol: UDP - name: dns-tcp port: 8053 protocol: TCP - name: https port: 443 protocol: TCP ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users