[kubernetes-users] Re: creating users /certificates for users

It's interesting that the logs are stating that it is a keyusage error. Can you get the keyusage for your generated cert and the ca.crt you used to generate it? The command to do so is: openssl x509 -in -purpose -noout -text Nathan On Wednesday, September 27, 2017 at 6:39:54 AM UTC-6,

[kubernetes-users] Re: creating users /certificates for users

Hi Nathan, Thanks for the hint. The result of the command is: Certificate purposes: SSL client : No SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME

[kubernetes-users] Re: templating language for k8s + vscode extension 

I think what you're doing is super neat, but I'm curious to hear in more detail about your complaints with Jsonnet. I find it to be quite elegant, myself. (Though, as you know, I'm quite biased at this point.) On Thursday, September 28, 2017 at 2:49:52 AM UTC-7, Mahieddine Cherif wrote: > Hi

[kubernetes-users] Re: templating language for k8s + vscode extension 

Hi Keith ksonnet like you already know is just a bunch of generated mixins on top of jsonnet, this makes its templates hard to read and write, moreover the design choices made for jsonnet didn't attract us. I mean we all know what happens when you put a programming language inside a

[kubernetes-users] Re: Failed to patch kube-apiserver daemonset with kubectl patch command

How did you start kube-apiserver? AFAIK usually it's a static pod, defined in /etc/kubernetes/manifests, and picked up by kubelet directly. So if you want to edit it, you need to edit the spec file in that directory. Changes will be applied automatically. Am Mittwoch, 27. September 2017

[kubernetes-users] How to rotate api server keypair

Hi, guys. How do you handle the API server keypair getting expired? I didn't see much discuss about this. I did a little test, and discovered after I update API server keypair, I needed to delete all secret in serviceaccount, let k8s regenerate it, and restart all pods manually ... In a big

Re: [kubernetes-users] Need some guidance/help: howto diagnose an oomkill

You can also run jstatd in a running pod and then attach JVisualVM. I haven't done it myself, but the general procedure is: - kubectl exec into the pod - Write the policy file to disk: echo 'grant codebase "file:${java.home}/../lib/tools.jar" { permission java.security.AllPermission; };' >

[kubernetes-users] templating language for k8s + vscode extension 

How does this compare to ksonnet [1]? This is based on jsonnet [2] which has a good comparison [3] with other approaches. [1] http://ksonnet.heptio.com [2] http://jsonnet.org [3] http://jsonnet.org/language/comparisons.html -- You received this message because you are subscribed to the Google