Quick question
Is it possible to expose different routers for different routes on same
project? One approach is create different projects but we have a use case where
we want to expose different routers for different routers. We knew there is a
namespace label on every project and all the
Is controller talk to API server using hostname: port or LB VIP? We have 3 node
master setup and API servers LB with VIP. Trying to understand whether
controller use direct path to talk to API servers or go via VIP like how other
clients access
--
Srinivas Kotaru
Hi
How to set rightway timezone info in containers/POD? Hypervisors and VM’s using
GMT time zone. However it was observed image build node time zone is taking
into account, rather where the container has been running.
Is it true image build host timezone always embedded as TZ inside container?
018 at 8:14 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Want to validate a statement.
Just assume, we have a only one node with 60 GB memory. Pod A scheduled with
request of 10 GB and no limit. After some time, it start using 55 GB ( ignore
s
Want to validate a statement.
Just assume, we have a only one node with 60 GB memory. Pod A scheduled with
request of 10 GB and no limit. After some time, it start using 55 GB ( ignore
systems reserves for now). system now has only left with 5 GB free. If new podB
scheduled with request of
Is it possible to use CAP_LINUX_IMMUTABLE security context with restricted SCC?
One of our client want to use chattr +a /tmp/logs/*.log command in pod. We
don’t want to relax or give privileged SCC for any clients.
Wondering whether any way they can use this command inside pod directly or
til 3.9. We also want to move to coredns, but that
could take longer.
On Feb 15, 2018, at 6:26 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Is it possible like described in kubernetes?
http://blog.kubernetes.io/2017/04/configuring-pr
article.
Regards,
Takayoshi
On Wed, 21 Feb 2018 14:37:32 +0900,
"Srinivas Naga Kotaru (skotaru)" <skot...@cisco.com> wrote:
>
> It has just client-ca-file. We have 3 masters in each cluster. not sure
how to identify which control manager is act
r that.
On Feb 15, 2018, at 2:48 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
while I was reading below article, I tried to do the same to find out which one
is active control plane in Openshift. I could see zero end points in
kube-system name
Is it possible like described in kubernetes?
http://blog.kubernetes.io/2017/04/configuring-private-dns-zones-upstream-nameservers-kubernetes.html
We have few clients where they configured their own consul based DNS server and
not suing service discovery provided by Openshift. We build a custom
while I was reading below article, I tried to do the same to find out which one
is active control plane in Openshift. I could see zero end points in
kube-system name space. Am I missing something or not implemented in Openshift?
HI
Is it possible to get POD name given POD IP address by querying master DNS
server?
Service lookup working:
dig +short @master kubernetes.default.svc.cluster.local
172.24.0.1
PTR lookup not working:
$ dig -x @master 172.24.0.1 +short
172.24.0.1
--
Srinivas Kotaru
Hi
Is there any way we can collect metrics using Jolokia REST API end point? I
knew Openshift using jolokia for Java apps. I’m not sure this is only for
Redhat supplied images or in genera.
Am trying to collect metrics using InfluxDB/telegraf agent from Jolokia REST
API.
--
Srinivas Kotaru
Hi
What is the difference of running a dedicated Prometheus server Vs using
metrics exposed by oc get –raw metrics? If both are same in terms of accuracy,
available information, does it make sense to run again another Prometheus
server and pull cluster metrics?
Am trying to setup some metrics
Can someone comment on this?
--
Srinivas Kotaru
From: Srinivas Naga Kotaru
Date: Wednesday, May 10, 2017 at 12:25 PM
To: dev
Subject: Usage is more then Limits
Hi
Is it possible Usage is more than Limits? Observed some nodes has more Usage
Hi
Is it possible Usage is more than Limits? Observed some nodes has more Usage
then allowed Limits in our cluster. We have a Quota’s implemented, LimitRagen
enabled per project (Defaults Limits and Requests) and Cluster overcommit %
specified (10 % CPU Limits and 25 % Memory Limits as
Hi
We had an issue where one client joining consul agents from different projects
to central project where they kept all servers. All agents using local service
account but using end points approach to connect to remote consul server.
Remote consul service has ingress IP attached.
Flow:
n guarantee something stable anytime soon.
On Apr 4, 2017, at 9:04 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Is anyway we can list all the routes created from a specific router shard? We
have multiple router shards configured and want to che
Is anyway we can list all the routes created from a specific router shard? We
have multiple router shards configured and want to check or list routes from a
specific shard?
--
Srinivas Kotaru
___
dev mailing list
dev@lists.openshift.redhat.com
We using 3.4, that is latest stable.
--
Srinivas Kotaru
On 3/31/17, 10:39 AM, "Matt Wringe" <mwri...@redhat.com> wrote:
- Original Message -----
> From: "Srinivas Naga Kotaru (skotaru)" <skot...@cisco.com>
> To: "Patrick Tescher"
node.
Lastly if you want to be able to display the stats generated by Heapster or
Hawkular Openshift Agent you can set up
https://github.com/hawkular/hawkular-grafana-datasource.
--
Patrick Tescher
On Mar 29, 2017, at 10:05 AM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:sk
he stats generated by Heapster or
Hawkular Openshift Agent you can set up
https://github.com/hawkular/hawkular-grafana-datasource.
--
Patrick Tescher
On Mar 29, 2017, at 10:05 AM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Does Openshift has any mecha
ot...@cisco.com>
Cc: dev <dev@lists.openshift.redhat.com>
Subject: Re: projects join
Not at my laptop but should be an annotation on the project/namespace
On Mar 29, 2017, at 12:28 AM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Is th
Does Openshift has any mechanism to track PV/PVC usage? PV/PVC are getting
filled but there is no mechanism for us or our clients to track what is current
utilization? One way to check is , platform teams or clients has to check
usage by mounting the PV somewhere and check by using OS commands
Is there anyway or how to find out 2 projects are joined together? I joined few
projects for inter project communication but didn’t find any way to check the
status.
# oadm pod-network join-projects --to=
--
Srinivas Kotaru
___
dev mailing list
hu, Feb 23, 2017 at 5:31 PM, Clayton Coleman
<ccole...@redhat.com<mailto:ccole...@redhat.com>> wrote:
Yes, the apiserver, the controllers, and the nodes all expose metrics on their
serving port. The controllers listen on localhost only today.
You can view the api server metric
their
serving port. The controllers listen on localhost only today.
You can view the api server metrics as a suitably privileged user with "oc get
--raw /metrics", or use the appropriate credentials (treat it as an API call
for the purpose of auth
dentials (treat it as an API call
for the purpose of authentication).
On Thu, Feb 23, 2017 at 4:53 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Does API server expose any metrics like https://apiserver/metrics or any other
form?
--
Srinivas Kotaru
__
Does API server expose any metrics like https://apiserver/metrics or any other
form?
--
Srinivas Kotaru
___
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
We are seeing below 3 symptoms very frequently in our platform. Any idea or
thoughts why they occurring?
Issue 1:
Feb 14 03:38:55 cae-ga2-004 systemd[1]: Starting Docker Application Container
Engine...
Feb 14 03:38:55 cae-ga2-004 docker-current[115776]:
time="2017-02-14T03:38:55.028792370Z"
hen create the custom role:
oc create -f myrole.yaml
And grant it to anonymous users:
oadm policy add-cluster-role-to-group my-role-name system:unauthenticated
On Thu, Feb 9, 2017 at 5:18 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
That is inte
Gravidade
On Thu, Feb 9, 2017 at 8:30 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Perfect. Thank you very much Jordan. Appreciated for quick help
--
Srinivas Kotaru
From: Jordan Liggitt <jligg...@redhat.com<mailto:jligg...@redhat.com&
anonymous users:
oadm policy add-cluster-role-to-group my-role-name system:unauthenticated
On Thu, Feb 9, 2017 at 5:18 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
That is interesting, indeed what I want.
Can you share step by st
Can I use any API call without authentication? I need an API URL to put into my
monitoring agent to periodically check health. All most all API calls need
token or authentication. Although I can use a service account and use secret as
a token since it doesn’t expire, am looking for a simple
/etcc/dnsmasq/*.conf
file.
--
Srinivas Kotaru
On 2/3/17, 9:02 AM, "Srinivas Naga Kotaru (skotaru)" <skot...@cisco.com> wrote:
That is exactly my next question. If we have an automated process to update
/etc/resolve.conf file, can’t we also update dnsmasq file and eliminat
--
Srinivas Kotaru
On 2/3/17, 9:02 AM, "Srinivas Naga Kotaru (skotaru)" <skot...@cisco.com> wrote:
That is exactly my next question. If we have an automated process to update
/etc/resolve.conf file, can’t we also update dnsmasq file and eliminate
networkm
NetworkManager is mandatory requirement for OCP install and functionality?? Can
we use traditional network service rather network manager??
Srinivas Kotaru
Sent from my iPhone
___
dev mailing list
dev@lists.openshift.redhat.com
cole...@redhat.com<mailto:ccole...@redhat.com>> wrote:
On Jan 30, 2017, at 1:51 AM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Hi
Observed 2 different behaviors in my platform. not sure this is expected
behavior or not. Can you cla
Hi
Observed 2 different behaviors in my platform. not sure this is expected
behavior or not. Can you clarify for below behaviors?
1. Name resolution not working for external domains although ping and
curl commands working as expected
Examples:
# oc rsh kong-app3-792309857-1i4xk
#
We want to measure the health of OpenShift cluster from all possible ways and
report status back to clients in a single simple page. I have few things in mind
Health of:
· API servers
· etcd servers
· nodes (kubectl??)
· SDN
· PV’s
· Routers
Friday, January 13, 2017 at 12:17 PM
To: Srinivas Naga Kotaru <skot...@cisco.com>
Cc: Nakayama Kenjiro <nakayamakenj...@gmail.com>, dev
<dev@lists.openshift.redhat.com>
Subject: Re: storage labels
On Fri, Jan 13, 2017 at 2:05 PM, Srinivas Naga Kotaru (skotaru)
<sk
:59 AM
To: Srinivas Naga Kotaru <skot...@cisco.com>
Cc: Nakayama Kenjiro <nakayamakenj...@gmail.com>, dev
<dev@lists.openshift.redhat.com>
Subject: Re: storage labels
On Fri, Jan 13, 2017 at 12:59 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com
X: Y
PVC:
matchLabels:
A: B
X: Y
OK
===
PV:
labels:
A: B
X: Y
PVC:
matchLabels:
A: B
NG
===
PV:
labels:
A: B
PVC:
matchLabels:
A: B
X: Y
Regards,
Kenjiro
On Fri, Jan 13, 2017 at 6:47 AM, Srinivas Naga Kota
How to represent TB storage in PV? Is it Ti , similar to Gi?
--
Srinivas Kotaru
From: on behalf of Srinivas Naga
Kotaru
Date: Wednesday, January 11, 2017 at 11:33 AM
To: dev
Subject: storage labels
Hi
by a quota.
The corresponding PR with a sample configuration is here (its work-in-progress):
https://github.com/kubernetes/kubernetes/pull/36765
Thanks,
Derek
On Wed, Jan 4, 2017 at 2:03 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Clayton
I saw the
lasses up front in the quota. A whitelist
approach is coming later (where adding new storage classes would not require
you to change everyone's quota for that new type to be zero)
On Wed, Jan 4, 2017 at 1:35 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>>
Can we control storage at project level, similar to node selector for POD’s
scheduling?
Use case I have is, want to control different type of storage (NFS, SSD etc) at
project creation time? like project A can have only NFS type storage, Project B
can have SSD only, project C can have access
freedom/choices/possibilities of IaaS layer in container platrorm without
having any limitations. To achive this, network is very foundational and
critical.
--
Srinivas Kotaru
On 12/14/16, 10:48 AM, "Dan Winship" <d...@redhat.com> wrote:
On 12/14/2016 01:03 PM, Srin
Hi
Does ingress support firewall? We have a use case where tenant have multiple
projects for services segmentation purpose and need ports other 80/433. We are
planning to use ingress and egress features to allocated pool of IP address to
use. Client has strict requirements of controlling
allows Connection:
Upgrade headers seamlessly. Connection timeouts on the router matter, of
course.
The router documentation briefly describes it, mostly because it just works.
On Dec 6, 2016, at 6:51 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>&g
What is OpenShift strategy or plans to support web socket support at router
layer? Our clients asking web socket support since Openshift 2 days onwards. I
knew Openshift 2 has limited apache based node proxy but that is not a full web
socket support.
Would like to hear from your for OpenShift
we are continuously hearing 2 complaints from our users
not much verbose info to troubleshott/narrow down 2 commonf failures
.
1. Pod unable to come up. Why it failed, what caused?
2. Deployment failure. Why it failed ? what is the reason?
Most clints using console,
ovide a way to log in with a service account token.
On Thu, Dec 1, 2016 at 3:19 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Jordan
That helps. Thanks for quick help.
Can we use this sa account to login into console and OC clinet? If yes how? I
knew S
uster-role-to-user cluster-reader
system:serviceaccount:openshift-infra:monitor-service-account
On Thu, Dec 1, 2016 at 3:02 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
I knew we can create a service account per project and can be use
I knew we can create a service account per project and can be used as a
password less API work and automations activities. Can we create a service
account at cluster level and can be used for platform operations (monitoring,
automation, shared account for operation teams)?
Intention is to have
hift.redhat.com>
Subject: Re: master public http --> https redirection
There is an existing RFE for this to happen OOTB https://trello.com/c/qxRMizmK
Is the load balancer you are using in front of the masters able to do this
redirect?
On Thu, Dec 1, 2016 at 1:08 PM, Srinivas Naga Kotaru (skotaru
How to configure master public URl to redirect from http --> https? we want to
redirect to https when our clients hit http://public_url in thr browser.
Also OC and other clients shouldn’t face any issues with this change.
Is it possible?
--
Srinivas Kotaru
with openshift auth mechanism.
"Srinivas Naga Kotaru (skotaru)" ---12/01/2016 12:29:43 AM---Am
testing cockpit and cloudforms for OpenShift monitoring and see which one is
better for our requi
From: "Srinivas Naga Kotaru (skotaru)"
<skot...@cisco.com<mailto:skot...@cisco.
cockpit auth is linked with openshift auth mechanism.
"Srinivas Naga Kotaru (skotaru)" ---12/01/2016 12:29:43 AM---Am
testing cockpit and cloudforms for OpenShift monitoring and see which one is
better for our requi
From: "Srinivas Naga Kotaru (skotaru)"
<skot...@cisco.com
A bundle? When configured to use a non-system-roots
ca bundle, oc remembers it in the local user's kubeconfig file ($KUBECONFIG or
~/.kube/config).
Try moving (or removing) the kubeconfig file and see if that allows oc to use
the system roots to recognize the new certificates
On Nov 15, 2016
ator is taking that responsibility).
Thanks,
Derek
On Thu, Oct 27, 2016 at 5:13 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Derek
We have separate project for non-prod & prod.
I fully understood the example you quoted. It Is very clear
ration on in a project.
Thanks,
Derek
On Thu, Oct 27, 2016 at 2:32 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Derek
Thanks for helping so far. It is not clear how quota & QOS works. We are
planning ot use BestEffort for non-prod ap
rek
On Wed, Oct 26, 2016 at 2:54 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Can u answer this question? Trying to understand how do we call BestEffort pods
in terms of quota/limtrange/pod definitions perceptive?
My understand is, a pod is ca
to ensure is available
3. are able to burst up to 10 cpu cores, and 20Gi memory based on node-local
conditions
Thanks,
Derek
On Tue, Oct 25, 2016 at 5:14 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Derek/Clayton
I saw this link yesterday.
We only giving edit role to project members, not admin for specific reason.
With edit role, they won’t be able to view members of their project? Does it
need admin privileges? OSE 2.x
Below issue reproted by one of our client.
--
Srinivas Kotaru
OSE3.x has no option to display the roles &
based on node-local
conditions
Thanks,
Derek
On Tue, Oct 25, 2016 at 5:14 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Derek/Clayton
I saw this link yesterday. It was really good and helpful; I didn’t understand
the last advanced se
https://access.redhat.com/solutions/1748893
had seen KB article recently. What is the path to log file? Can we specific a
log path? Can we forward to other logging systems (Splunk or ELK) etc.?
any good documentation link would be useful
--
Srinivas Kotaru
name: UNIQUE_UUID
value: '${UNIQUE_UUID}'
Hope it helps.
--
Mateus Caruccio / Master of Puppets
GetupCloud.com - Eliminamos a Gravidade
On Tue, Oct 11, 2016 at 2:11 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Hi
Is there any way to put
Hi
Is there any way to put an environment variable which hold a unique UUID value
per pod basis? If we put an environment variable at dc or rc level, same value
propagating for all pods. That is expected behavior since all pods are creating
using same template definition
If we add environment
Hi
We ‘re building 3 big clusters, 1 specific to each data center. growth
expected to 1000 nodes each cluster over the time.
Questions:
1.
# egrep 'clusterNetworkCIDR|serviceNetworkCIDR'
/etc/origin/master/master-config.yaml
clusterNetworkCIDR: 10.1.0.0/16
serviceNetworkCIDR:
Hi
We are switching our SDN plugin from ovs-subnet --> ovs-multitenant.
Few qq
1. ovs-multitenant is ready for prod grade workloads?
2. Do we need to delete and re-create router and registry components or
not required? ( I knew we need to restart master and node services after
On 9/8/16, 12:44 PM, "Dan Winship" <d...@redhat.com> wrote:
On 09/08/2016 03:32 PM, Srinivas Naga Kotaru (skotaru) wrote:
> Containers that use UDP (Layer 4) and do not go through the Openshift
> networking layer can find other containers running in a Pod with a
Can you confirm below 2 statements?
Potential Bug: Openshift does not always clean up all containers within a Pod
when the Pod is removed. There were a few instances where one of the containers
from the Pod were left running even though the Pod was successfully removed and
the other containers
Any comments?
--
Srinivas Kotaru
From:
>
on behalf of skotaru >
Date: Wednesday, July 13, 2016 at 7:01 PM
To: dev
Kotaru
On 6/7/16, 10:58 AM, "Srinivas Naga Kotaru (skotaru)" <skot...@cisco.com> wrote:
>Am using NFS volume for registry
>
>
>
>--
>Srinivas Kotaru
>
>On 6/7/16, 10:42 AM, "Seth Jennings" <sjenn...@redhat.com> wrote:
>
>>Ye
>
>On Tue, Jun 7, 2016 at 12:29 PM, Srinivas Naga Kotaru (skotaru)
><skot...@cisco.com> wrote:
>> Can someone help here? Struck and unable to proceed next step
>>
>>
>>
>> --
>>
>> Srinivas Kotaru
>>
>>
>>
>> From: skot
Hi
Just finished installing OSE 3.2. Registry throwing below error while doing a
sample deployment.
I0606 18:40:55.315293 1 sti.go:334] Successfully built
alln-int-build-testing/cakephp-example-1:e6008a5f
I0606 18:40:55.335600 1 cleanup.go:23] Removing temporary directory
Clayton and Team
Is it possible to run all containers from a specific application to use a
dedicated OS user name ( UUID in OSE 2.X). Am not referring UID which is
typically a numeric number and control local access.
We have a requirement for database access control perceptive where every
e label on each pod in a namespace
should be possible, although that's only visible via the API.
On Jan 19, 2016, at 1:31 PM, Srinivas Naga Kotaru (skotaru)
<skot...@cisco.com<mailto:skot...@cisco.com>> wrote:
Clayton and Team
Is it possible to run all containers from a specific applicati
Hi
In OSE 2.X we have a alias concept for routes. User or admin can create an
alias ( apache vhost definition) for an application and create a DNS recored to
point to upstream load balancer. This was so flexible if user FQDN is different
than openshift created http url ( example
Brenton said you guys are working on router sharding
https://trello.com/c/DtPlixdb/49-8-router-sharding-traffic-ingress
I didn’t get quite well description. What is this feature, how it is useful,
what are the use cases and when it will be released?
Can we create separate routers for internal
Thanks Brenton sharing overview page to see what are upcoming features or
changes. Very handy ..
--
Srinivas Kotaru
On 1/15/16, 1:49 PM, "Brenton Leanhardt" <blean...@redhat.com> wrote:
>On Fri, Jan 15, 2016 at 3:53 PM, Srinivas Naga Kotaru (skotaru)
><
82 matches
Mail list logo