ulimit core size for specific pod(container) in Openshift

2018-06-27 Thread Saravanakumar Arumugam 



Hi,

Is there a way in openshift to configure ulimit core size(as 0) for a 
specific docker container ?



In docker, there is a argument like --core size=0 to "docker run" by 
which you can have core size for a specific docker container.


Is there some configuration available in openshift template for same?


Note:
Updating "kernel.core_pattern as |/bin/false" helps but if affects the 
Host (and other containers) as well.



Also, tried out these(as part of docker build), but all the below three 
fails to stop core getting generated.

1.
echo 'DumpCore=no' | tee -a /etc/systemd/system.conf
2.
echo '*   hardcore0' | tee -a 
/etc/security/limits.conf

3.
echo 'ulimit -c 0' | tee -a /etc/profile

Please let me know whether any way exists in openshift / any suggestion 
with above approaches?



Thanks,
Saravana

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: How to make 172.30.0.1 (kubernetes service) health checked?

2018-06-27 Thread Clayton Coleman 
In OpenShift 3.9, when a master goes down the endpoints object should be
updated within 15s (the TTL on the record for the master).  You can check
the value of "oc get endpoints -n default kubernetes" - if you still see
the master IP in that list after 15s then something else is wrong.

On Wed, Jun 27, 2018 at 9:33 AM, Joel Pearson  wrote:

> Hi,
>
> I'm running OpenShift 3.9 on AWS with masters in HA mode using Classic
> ELB's doing TCP load balancing.  If I restart masters, from outside the
> cluster the ELB does the right thing and takes a master out of service.
> However, if something tries to talk to the kubernetes API inside the
> cluster, it seems that kubernetes is unaware the master is missing, and I
> get failures when I'm serially restarting masters.
>
> Is there some way that I can point the kubernetes service to use the load
> balancer?  Maybe I should update the kubernetes endpoint object to use the
> ELB IP address instead of the actual master addresses?  Is this a valid
> approach?  Is there some way with openshift-ansible I can tell the
> kubernetes service to use the load balancer when it creates the kubernetes
> service?
>
>  Thanks,
>
> Joel
>
>
> apiVersion: v1
> kind: Service
> metadata:
>   creationTimestamp: '2018-06-27T06:30:50Z'
>   labels:
> component: apiserver
> provider: kubernetes
>   name: kubernetes
>   namespace: default
>   resourceVersion: '45'
>   selfLink: /api/v1/namespaces/default/services/kubernetes
>   uid: a224fd75-79d3-11e8-bd57-0a929ba50438
> spec:
>   clusterIP: 172.30.0.1
>   ports:
> - name: https
>   port: 443
>   protocol: TCP
>   targetPort: 443
> - name: dns
>   port: 53
>   protocol: UDP
>   targetPort: 8053
> - name: dns-tcp
>   port: 53
>   protocol: TCP
>   targetPort: 8053
>   sessionAffinity: ClientIP
>   sessionAffinityConfig:
> clientIP:
>   timeoutSeconds: 10800
>   type: ClusterIP
> status:
>   loadBalancer: {}
>
>
> apiVersion: v1
> kind: Endpoints
> metadata:
>   creationTimestamp: '2018-06-27T06:30:50Z'
>   name: kubernetes
>   namespace: default
>   resourceVersion: '83743'
>   selfLink: /api/v1/namespaces/default/endpoints/kubernetes
>   uid: a22a0283-79d3-11e8-bd57-0a929ba50438
> subsets:
>   - addresses:
>   - ip: 10.2.12.53
>   - ip: 10.2.12.72
>   - ip: 10.2.12.91
> ports:
>   - name: dns
> port: 8053
> protocol: UDP
>   - name: dns-tcp
> port: 8053
> protocol: TCP
>   - name: https
> port: 443
> protocol: TCP
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Log tracing on configmaps modifications - or other resources

2018-06-27 Thread Clayton Coleman 
If you have api audit logging on (see docs for master-config) you would see
who edited the config map and what time.

On Jun 27, 2018, at 1:59 PM, leo David  wrote:

Hello everyone,
I'm encountering this situation on OS Origin 3.9, in which someone whith
full acces in a particular namespace modified a ConfigMap and broke a
service.
Is there a way to trace who / when edited a resource in OpenShift - as
security concerns ?
Thank you very much !

-- 
*Leo David*
*  DevOps*
 *Syncrasy LTD*
www.syncrasy.io

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Log tracing on configmaps modifications - or other resources

2018-06-27 Thread leo David 
Hello everyone,
I'm encountering this situation on OS Origin 3.9, in which someone whith
full acces in a particular namespace modified a ConfigMap and broke a
service.
Is there a way to trace who / when edited a resource in OpenShift - as
security concerns ?
Thank you very much !

-- 
*Leo David*
*  DevOps*
 *Syncrasy LTD*
www.syncrasy.io
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

List the options openshift_node_labels

2018-06-27 Thread Rafael Tomelin 
Hi dear,

Where find the list options the configuration for openshift_node_group_name
. and openshift_node_labels to OpenShift Origin?
-- 

Atenciosamente,

Rafael Tomelin

skype: rafael.tomelin

E-mail: rafael.tome...@gmail.com

RHCE  - Red Hat Certified Engineer
PPT-205 - Puppet Certified Professional 2017
Zabbix- ZABBIX Certified Specialist
LPI3
ITIL v3
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How to make 172.30.0.1 (kubernetes service) health checked?

2018-06-27 Thread Joel Pearson 
Hi,

I'm running OpenShift 3.9 on AWS with masters in HA mode using Classic
ELB's doing TCP load balancing.  If I restart masters, from outside the
cluster the ELB does the right thing and takes a master out of service.
However, if something tries to talk to the kubernetes API inside the
cluster, it seems that kubernetes is unaware the master is missing, and I
get failures when I'm serially restarting masters.

Is there some way that I can point the kubernetes service to use the load
balancer?  Maybe I should update the kubernetes endpoint object to use the
ELB IP address instead of the actual master addresses?  Is this a valid
approach?  Is there some way with openshift-ansible I can tell the
kubernetes service to use the load balancer when it creates the kubernetes
service?

 Thanks,

Joel


apiVersion: v1
kind: Service
metadata:
  creationTimestamp: '2018-06-27T06:30:50Z'
  labels:
component: apiserver
provider: kubernetes
  name: kubernetes
  namespace: default
  resourceVersion: '45'
  selfLink: /api/v1/namespaces/default/services/kubernetes
  uid: a224fd75-79d3-11e8-bd57-0a929ba50438
spec:
  clusterIP: 172.30.0.1
  ports:
- name: https
  port: 443
  protocol: TCP
  targetPort: 443
- name: dns
  port: 53
  protocol: UDP
  targetPort: 8053
- name: dns-tcp
  port: 53
  protocol: TCP
  targetPort: 8053
  sessionAffinity: ClientIP
  sessionAffinityConfig:
clientIP:
  timeoutSeconds: 10800
  type: ClusterIP
status:
  loadBalancer: {}


apiVersion: v1
kind: Endpoints
metadata:
  creationTimestamp: '2018-06-27T06:30:50Z'
  name: kubernetes
  namespace: default
  resourceVersion: '83743'
  selfLink: /api/v1/namespaces/default/endpoints/kubernetes
  uid: a22a0283-79d3-11e8-bd57-0a929ba50438
subsets:
  - addresses:
  - ip: 10.2.12.53
  - ip: 10.2.12.72
  - ip: 10.2.12.91
ports:
  - name: dns
port: 8053
protocol: UDP
  - name: dns-tcp
port: 8053
protocol: TCP
  - name: https
port: 443
protocol: TCP
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users