Ultimately you need to ask what you are trying to prevent:
1. a user from accidentally blowing up the cluster
2. malicious users
3. an application breaking at runtime because it needs more resources than
it is allotted
The second one is more what we've been discussing here - being draconian up
Thanks for the link. It looks like the api-pod is not getting up at all!
Log from k8s_controllers_master-controllers-*
[vagrant@master ~]$ sudo docker logs
k8s_controllers_master-controllers-master.vnet.de_kube-system_a3c3ca56f69ed817bad799176cba5ce8_1
E0830 18:28:05.787358 1
Thanks for the feedback Jessica!
Limiting # of projects users can create is definitely one of the things
expected, however the question was mostly focused on reducing toil due to
changing resource quotas for projects. The idea with option #1 was
restricting devs to 1 project with heftier
Hi Peter,
We have the same case in one of our OpenShift deployments. We decided to
experiment with router sharding.
https://blog.openshift.com/openshift-router-sharding-for-production-and-development-traffic/
On 8/30/18 3:07 PM, David Conde wrote:
Hi Peter,
Hopefully
On Thu, Aug 30, 2018 at 8:18 AM Andrew Feller wrote:
> Has anyone found an effective way to minimize toil between developers and
> system administrators regarding project resource quotas *without
> resorting to letting people do whatever they want unrestrained*?
>
> There are only 2 ideas I can
Hi Peter,
Hopefully
https://docs.openshift.com/container-platform/3.9/architecture/networking/routes.html#whitelist
will sort you out.
Dave
On Thu, Aug 30, 2018 at 1:54 PM Peter Heitman wrote:
> In my deployment there are 5 routes - two of them are from OpenShift
> (docker-registry and
Hi
From this documentation :
https://docs.openshift.com/container-platform/3.10/architecture/networking/routes.html#route-specific-annotations
You can annotate a route with : haproxy.router.openshift.io/ip_whitelist to set
a whitelist for the route.
Never tried though, let me know if this
In my deployment there are 5 routes - two of them are from OpenShift
(docker-registry and registry-console) and three of them are specific to my
application. Of the 5, 4 of them are administrative and shouldn't be
accessed by just anyone on the Internet. One of my application's route is
required
Has anyone found an effective way to minimize toil between developers and
system administrators regarding project resource quotas *without resorting
to letting people do whatever they want unrestrained*?
There are only 2 ideas I can see to address this issue:
1. Removing self-provisioning
Hi All,
we tried to define some guidelines into the project grants for all users
for a newer OCP cluster. In our previous experience we configured the admin
role to system:authenticated group but the some users can edit the routes
and deployment configs. What is the best way to configure the roles
Marc,
could you please look over the issue [1] and pull the master pod logs and
see if you bumped into same issue mentioned by the other folks?
Also make sure the openshift-ansible release is the latest one.
Dani
[1] https://github.com/openshift/openshift-ansible/issues/9575
On Wed, Aug 29,
11 matches
Mail list logo
