Re: [kubernetes-users] Re: NetworkPolicy ingress restrictions don't seem to be working in GKE

It is not yet supported in GKE, unfortunately. We are all anxious to offer something as soon as possible. Tim On Mon, Apr 24, 2017 at 1:39 AM, wrote: > On Thursday, January 26, 2017 at 5:36:36 PM UTC, m...@ub.io wrote: >> Hello, >> >> What network plugin does GKE

[kubernetes-users] Recovering from GKE Master upgrade failure

Last week I attempted to upgrade my Google Container Engine cluster master from 1.6.0 to 1.6.1 via the web console. Now the status detail shows `Master upgrade to 1.6.1` failed, and kubectl is unable to connect to the cluster for any command that I've tried. Is there a method to roll back the

Re: [kubernetes-users] Failed to connect to external service from pod

Thanks for response, Tim. 1. What network driver are you using? kubenet? CNI + flannel? CNI + weave? CNI + calico? CNI+flannel. flannel pod output on this particular node: [root@k8s manifests]# kubectl logs -f po/kube-flannel-ds-bn66x -n kube-system -c kube-flannel I0424 06:33:46.210053

Re: [kubernetes-users] Failed to connect to external service from pod

On Mon, Apr 24, 2017 at 8:59 AM, Rijie Song wrote: > Thanks for response, Tim. > > 1. What network driver are you using? kubenet? CNI + flannel? CNI + > weave? CNI + calico? > > CNI+flannel. I don't have first-hand up-to-date flannel notes... > flannel pod output on

Re: [kubernetes-users] Failed to connect to external service from pod

So you can reach one Service (DNS) but not another? I would start with doing some tcpdump to see what packets are moving around. On Mon, Apr 24, 2017 at 10:59 AM, Tim Hockin wrote: > On Mon, Apr 24, 2017 at 8:59 AM, Rijie Song wrote: >> Thanks for

Re: [kubernetes-users] Failed to connect to external service from pod

On Mon, Apr 24, 2017 at 8:59 AM, Rijie Song wrote: > Thanks for response, Tim. > > 1. What network driver are you using? kubenet? CNI + flannel? CNI + > weave? CNI + calico? > > CNI+flannel. > > flannel pod output on this particular node: > > [root@k8s manifests]#

Re: [kubernetes-users] GKE cluster autoscaler vs Autoscaling in Managed instance groups

Thanks Fillip for info . On Monday, April 24, 2017 at 1:24:00 PM UTC+5:30, Filip Grzadkowski wrote: > > Please see our FAQ: > > > https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#should-i-use-cpu-usage-based-node-autoscaler-with-kubernetes > > (see the question

Re: [kubernetes-users] GKE cluster autoscaler vs Autoscaling in Managed instance groups

Please see our FAQ: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#should-i-use-cpu-usage-based-node-autoscaler-with-kubernetes (see the question linked above and 2 next ones) -- Filip On Mon, Apr 24, 2017 at 6:36 AM, 'David Oppenheimer' via Kubernetes user

[kubernetes-users] Re: NetworkPolicy ingress restrictions don't seem to be working in GKE

On Thursday, January 26, 2017 at 5:36:36 PM UTC, m...@ub.io wrote: > Hello, > > What network plugin does GKE use? In my tests, the Namespace has > `net.beta.kubernetes.io/network-policy` annotation set to `[...]: > "DefaultDeny"}}}` and there's a few NetworkPolicy entries, but all network >

[kubernetes-users] Failed to connect to external service from pod

Hi all, Kindly help me review this issue. Thanks! *[ Description ]* *I am newbie to k8s, recently setup k8s cluster on top of CentOS 7.3 with kubeadm 1.6.1. * *Master: k8s* *Minions: host01, host02, host03* *In one of pods(po/tulip-saas-xnode), I tried to make connection from pod to

[kubernetes-users] Re: Failed to connect to external service from pod

BTW, 172.172.10.0/24 is host subnet. pod network is 172.10.0.0/16. Inside Pod: [root@tulip-saas-xnode-3216045024-ctctp /]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.10.2.1 0.0.0.0 UG

Re: [kubernetes-users] Failed to connect to external service from pod

They should come out the bridge and to the node directly. On Mon, Apr 24, 2017 at 7:11 PM, Roger Song wrote: > Thanks Tim, I will try to look inside. > > In fact, /12 was created by kubeadm. > > In CNI+flannel, what's the expected route that the packets going from >

Re: [kubernetes-users] Recovering from GKE Master upgrade failure

Can you send me your project number and cluster name (privately so that you don't post to the whole list). I'll find someone to take a look. In the mean time, I don't think that there is any action you can take other than creating a new cluster. I'm so sorry for the inconvenience. On Mon, Apr 24,

Re: [kubernetes-users] Failed to connect to external service from pod

What network driver are you using? kubenet? CNI + flannel? CNI + weave? CNI + calico? What is your Service cluster IP range? Can you ping from the pod to its own Node IP? Can you ping from the pod to a different Node IP? On Mon, Apr 24, 2017 at 6:29 AM, Roger Song

Re: [kubernetes-users] Failed to connect to external service from pod

Thanks Tim, I will try to look inside. In fact, /12 was created by kubeadm. In CNI+flannel, what's the expected route that the packets going from container to node network? On Tuesday, April 25, 2017 at 2:03:15 AM UTC+8, Tim Hockin wrote: > > So you can reach one Service (DNS) but not