pretty minimal.
I’ve never run this prune.
https://docs.openshift.com/container-platform/3.6/admin_guide/pruning_resources.html
Is there some log that would help highlight exactly what the issue is?
Thanks,
Joel
On Sat, 21 Oct 2017 at 2:23 pm, Clayton Coleman <ccole...@redhat.com> wr
What version are you running? How many nodes, pods, and namespaces?
Excessive memory use can be caused by not running prune or having an
automated process that creates lots of an object. Excessive CPU use can be
caused by an errant client or component stuck in a hot loop repeatedly
taking the
uerying K8S DNS endpoint like
> myhzapp1-hzsvc.demo.endpoints.cluster.local
> to get VIP/IP of pods.
>
> And got Failures, trying to understand the root cause. is there a way to
> see these K8S DNS logs?
>
>
> On 4 Oct 2017, at 22:02, Clayton Coleman <ccole...@redhat.com&g
OpenShift doesn't run a DNS pod - each node and each master can answer DNS
queries. Logging for failed DNS queries is available on the node process
(origin-node) in the system journal at --loglevel=3 and above
On Wed, Oct 4, 2017 at 2:33 PM, Barış Aydınöz wrote:
> Hi
One more thing - numeric uids must be used in a dockerfile if you want
to use nonroot SCC. Openshift can't trust string users. Setting a
numeric id is always recommended.
> On Sep 13, 2017, at 11:33 AM, Marcello Lorenzi wrote:
>
> HI All,
> we have created some images with
I execute the container but i received an entrypoint permission
denied.
Marcello
On Wed, Sep 13, 2017 at 5:42 PM, Clayton Coleman <ccole...@redhat.com>
wrote:
> You would define that in your pod spec, or give the service accounts
> in your namespace access to the "nonroot&quo
Did you set
openshift_deployment_type: origin
In your inventory/vars?
On Aug 29, 2017, at 5:15 PM, Jamie Duncan wrote:
Hi, everyone.
I'm setting up Origin 3.6 on CentOS 7.3.1611 using the CentOS PaaS SIG
repos using the interactive installer.
The issue I'm hitting is:
but
>> I believe that most Origin users are running on CentOS/Fedora.
>>
>>
>> On Thu, Aug 24, 2017 at 6:23 AM, Clayton Coleman <ccole...@redhat.com>
>> wrote:
>>
>>> I suspect that changing deployment type will hit issues on upgrade.
>>>
I suspect that changing deployment type will hit issues on upgrade.
In particular, systemd service names may change on nodes and masters
and not get cleaned up. I'm not sure what other subtle issues would
be hit.
> On Aug 23, 2017, at 4:26 PM, Lionel Orellana wrote:
>
> I
g that may be possible in the future) so that future
versions of OpenShift may run directly on top of a Kube version. Today I
would say it's probably very difficult and not recommended without a lot of
expertise in both the OpenShift and Kube codebases.
>
>
>
>
> Rgds,
> Sanjeev
>
Not today. We hope to do so at some point in the future, but today
openshift requires additional compiled in control points that only work
when installing origin directly from the binaries we build.
On Aug 22, 2017, at 6:36 AM, Yu Wei wrote:
Hi,
Now we have existing k8s
ile="0.99",resource="pods",verb="LIST"}
NaN
Prometheus query sum without (instance)
(apiserver_request_latencies_summary{verb!="WATCH",resource="pods",quantile="0.99"})/1000
Note that get is unusually high, we're not positive it's not bei
Lau <and...@andrewklau.com> wrote:
etcd data is on dedicated drives and aws reports idle and burst capacity
around 90%
On Sun, 13 Aug 2017 at 00:28 Clayton Coleman <ccole...@redhat.com> wrote:
> Check how much IO is being used by etcd and how much you have provisioned.
>
>
> > On Au
Check how much IO is being used by etcd and how much you have provisioned.
> On Aug 12, 2017, at 5:32 AM, Andrew Lau wrote:
>
> Post upgrade to 3.6 I'm noticing the API server seems to be responding a lot
> slower and my etcd metrics etcd_http_failed_total is returning a
https://docs.openshift.org/latest/dev_guide/getting_traffic_into_cluster.html#overview
covers
how to decide what to use.
UDP will not be possible via the routers.
On Aug 1, 2017, at 12:11 PM, Yu Wei wrote:
Hi guys,
How could I expose services using TCP/UDP protocols to
The uid assigned is not random. It is the first uid of a range assigned to
the namespace. The value is stored on the namespace as an annotation. The
SCC looks at that range when interpreting MustRunAsRange. You can set the
annotation yourself as you see fit
On Jul 26, 2017, at 2:50 PM, Isuru
Ranges are not possible yet for normal services (proxied) in
Kubernetes. You can create a "headless" service without a proxy that
will have a DNS name that resolves to all the pods
> On Jul 14, 2017, at 8:46 AM, Javier Palacios wrote:
>
>
> Hello,
>
> We have a service
We've discussed it, there are other near term priorities.
On Jul 13, 2017, at 10:36 AM, Fox, Kevin M wrote:
Is there any intention to contribute it to k8s?
Thanks,
Kevin
--
*From:* dev-boun...@lists.openshift.redhat.com [
When you restart, what log messages are printed in origin-master?
On Jul 11, 2017, at 10:19 PM, Werner, Mark wrote:
I am really struggling to get Active Directory authentication to work.
The oauthConfig section of the master-config.yaml file starts out like this
and all
On Thu, Jul 6, 2017 at 6:34 AM, Nicola Ferraro wrote:
> Hi,
> I've read some discussions on fencing and pod guarantees. Most of them are
> related to stateful sets, e.g. https://github.com/
> kubernetes/community/blob/master/contributors/design-
> proposals/pod-safety.md and
oc rsync is not always appropriate, since the communication has to go
through the master. If you're doing 40gb db backups via rsync you'd want
to choose a different mechanism, at least until we add direct exec session
support in the future
On Jul 9, 2017, at 2:13 PM, Ben Parees
I think so - will need to double check what's on the list.
On Tue, Jun 27, 2017 at 7:39 PM, Andrew Lau wrote:
> Will there be another 1.5 release now that https://github.com/
> openshift/origin/pull/14801 has merged?
>
> On Wed, 24 May 2017 at 00:00 Philippe Lafoucrière <
Generally this happens when you put a proxy in front of your Masters with a
short connection timeout. Exec and portforward are tunneled though the
master via a SPDY or Websocket connection upgrade - if your proxy is
sophisticated enough you can set different timeouts there.
On Jun 23, 2017, at
> On Jun 22, 2017, at 7:24 AM, Jeremiah Menetrey
> wrote:
>
> Hello,
>
> I am using an openshift origin cluster and defined a few dozen objects
> grouped in several yaml files.
> Now I would like to "package" them into a single template such that
> everything can
If you're looking for a "am I authenticated" script element, generally I
would recommend doing:
$ oc get user/~ -o name --token "$(oc whoami -t)"
On Wed, Jun 21, 2017 at 12:30 PM, Clayton Coleman <ccole...@redhat.com>
wrote:
> If your script looks like:
>
>
If your script looks like:
$ oc get service foo --token "$(oc whoami -t)"
and whoami -t fails you're going to get something you didn't expect as
output.
On Wed, Jun 21, 2017 at 9:38 AM, Ben Parees <bpar...@redhat.com> wrote:
>
>
> On Wed, Jun 21, 2017 at 9:31 A
The reason today it does not do that so you can use it in scripting
effectively. It's expected you're using that immediately in another
command which would display that error.
On Jun 21, 2017, at 7:49 AM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
Just to be clear, my
nfo> wrote:
> 2017-06-16 16:04 GMT+02:00 Clayton Coleman <ccole...@redhat.com>:
>
>> If you configure it yourself it's in the code
>>
>
> In the code ? OpenShift Go source code or Ansible role source code?
>
_
ject).
>
> But then doing a oc describe is/ruby-ex the two approaches seem to give
> slightly different outcomes. What's the difference between the two methods?
>
> On 06/06/2017 13:25, Clayton Coleman wrote:
>
> Tag tries to guess at whether you mean an image stream ref
Tag tries to guess at whether you mean an image stream ref or a regular
image ref. In your case, it saw the SRC arg as 172.30.1.1 (registry)
development (namespace) and (name) ruby22-centos7 and assumed you meant a
docker image (which that is). However, it then tries to import the image
and
HAProxy doesn't currently support HTTP/2 connections - so unless you've
done something custom, you shouldn't even be able to connect to HAProxy as
http/2
On Fri, May 26, 2017 at 4:10 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
> Hi, could you take a look at this
pods - thought about using 6 (2 wordpress, 2 mysql, 2 memcache)
>
> תודה,
> *חץ בן חמו*
> אתם מוזמנים לבקר בבלוג היעוץ <http://linvirtstor.net/> או בבלוג הפרטי שלי
> <http://benhamo.org>
>
> On Tue, May 23, 2017 at 8:59 PM, Clayton Coleman <ccole...@redhat
How many nodes and pods are you planning to run?
On Tue, May 23, 2017 at 1:43 PM, Hetz Ben Hamo wrote:
> Hi,
>
> I've read the docs about openshift memory requirements and I wanted to ask
> something..
>
> I'm planning to build a system which will host a web site (wordpress
>
t 10:03 Subhendu Ghosh <sghosh...@gmail.com> wrote:
> I guess I was looking for node configuration playbooks that could be used
> for blue green node roll out.
>
> Wondering how far Commisare will get to. Seems like an ideal use case.
>
> On Apr 11, 2017 18:08, "
Thanks for reporting, looking into it
On Apr 22, 2017, at 12:29 AM, Andrew Lau wrote:
I believe this is a significant bug that needs attention
https://github.com/openshift/origin/issues/13862
___
users mailing list
Yeah - federation is effectively alpha upstream still (the apis are beta,
but lots of work still to do), and Maru is working to get some of the
things stabilized so it meets our bar of what can be considered supportable.
Beyond just workload federation, other types of federation will be
important
1.4 added the ability to specify insecureEdgeTerminationPolicy for
passthrough.
On Wed, Apr 19, 2017 at 2:31 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
> Hi,
>
> It seem impossible to register a route with both "passthrough" tls
> termination and standard http.
> The
Just letting it soak for a bit longer to ensure we have more testing.
On Tue, Apr 18, 2017 at 1:20 PM, Lars Milland wrote:
> Hi
>
>
>
> With the RedHat edition of OpenShift 3.5 now released, will there also be
> an OpenShift Origin 1.5.0 release created with RPM’s updated and
You can also use oadm migrate image-* to migrate where images point. Dry
run should list all of the impacted apps
On Apr 17, 2017, at 9:44 AM, Andy Goldstein wrote:
I'm not aware of a tool, but the code that we use to identify images for
pruning could be a good starting
great.
>
> I would not run it on infrastructure nodes yet though. Clayton Coleman
> said recently, when I asked about some OverlayFS-SELinux issues, that it
> is likely only going to be supported with the coming RHEL.
7.4 has the fixes - we've been running the OpenShift test suite
against o
On Apr 4, 2017, at 12:48 PM, Tako Schotanus wrote:
So I know you can use "openshift.default.svc.cluster.local" for accessing
the OpenShift's console API internally from within a Pod.
We actually use that to create a new project for the same user, but now we
want to redirect
It is in new-app. When the template broker is enabled in 3.6 you'll be
able to parameterize that as an admin and have the catalog obey it.
On Mar 31, 2017, at 11:49 PM, Andrew Lau wrote:
>From earlier, it seems it's hard coded into the web console
Jeff, do you know if we might have accidentally deleted this?
On Mar 21, 2017, at 5:29 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
Hi,
Someone removed the v1.3.3 tag for this metrics image:
https://hub.docker.com/r/openshift/origin-metrics-hawkular-metrics/tags/
It
Yes, you need to grant it a very high level of access via its service
account, and remember that anyone you allow to make calls to it can create
anything in any namespace (take over the cluster). So do not expose it to
end users, or grant access to more than one namespace if you do.
On Mar 23,
This should cover the rekey scenario, you may have to limit to the master
https://docs.openshift.com/container-platform/3.3/install_config/redeploying_certificates.html
On Mar 16, 2017, at 5:33 AM, Francisco Pérez Fernández
wrote:
Hi,
My OpenShift cluster is down, on
Copying some folks from the storage team.
On Mon, Mar 13, 2017 at 11:39 AM, Stéphane Klein <
cont...@stephane-klein.info> wrote:
> Nobody have this error with OpenShift 1.4.1?
>
> 2017-02-27 21:21 GMT+01:00 Stéphane Klein :
>
>> Hi,
>>
>> after OpenShift upgrade from
Which centos? There's a couple of known overlay bugs that may be at
fault, one with unix domain sockets not working at all, one with
selinux and file systems. There are a few others known.
We aren't officially supporting overlay until 7.4, mostly due to those
and other bugs.
> On Mar 10, 2017,
We generally describe this as pod scheduling affinity and anti affinity
(the part where three of one service are deployed to the same node).
Openshift 1.0-1.4 uses cluster wide defaults for this, while 1.5 will have
alpha support for per pod level rules to let you say, for instance, "never
have
Alpha 3 is out on GitHub. This will be the last alpha for 1.5.0 - the next
tag will be the release candidate.
https://github.com/openshift/origin/releases/tag/v1.5.0-alpha.3
We plan to branch master soon and create a release-1.5 branch that will
lead to v1.5.0.
>> output of `oc describe scc`, and I did not find any unexpected access to
>> elevated privileges for a default serviceaccount. The project were I'm
>> currently seeing the problem is not mentioned at all. Also, I've seen the
>> problem happen with pods that are managed by the
Adding the list back
-- Forwarded message --
From: Clayton Coleman <ccole...@redhat.com>
Date: Mon, Feb 6, 2017 at 1:42 PM
Subject: Re: Pods randomly running as root
To: Alex Wauck <alexwa...@exosite.com>
Cc: users <us...@redhat.com>
Do the pods running as
o not. They only have
> docker-selinux-1.9.1 available, since the 1.10.3 package seems to have been
> removed from the CentOS extras repo.
>
> We are running OpenShift 1.2.1, since I haven't had time to upgrade it.
>
> On Mon, Feb 6, 2017 at 8:31 AM, Clayton Coleman <ccole...@red
Are you running them directly (launching a pod)? Or running them under
another controller resource.
On Feb 6, 2017, at 2:00 AM, Alex Wauck wrote:
Recently, I began to notice that some of my pods on OpenShift run as root
instead of a random UID. There does not seem to be
Yes, you can create an appropriate SCC without the chroot drop. I would
recommend ensuring the SCC matches the use case you want to solve (having
more SCC's is not a problem).
On Mon, Jan 30, 2017 at 1:02 PM, Jonathan Yu wrote:
> Re-sending to
I believe there was an env var that needed to be set for reencrypt and the
registry-console that told the backend what the route's name was.
Something like CONSOLE_URL or similar.
On Fri, Jan 27, 2017 at 3:06 PM, Josh Baird wrote:
> Hi,
>
> Our infra nodes are fronted by
The tag is up and images have been pushed. RPMs will follow soon. I have
not yet updated the release notes which should be up tomorrow.
On Wed, Jan 18, 2017 at 5:09 PM, Grant Shipley wrote:
> Stay tuned... I hear that 1.4 will be tagged shortly.
>
> On Wed, Jan 18, 2017
We would probably need help getting git-lfs packaged first. That's really
the biggest blocker to enabling it by default.
On Jan 16, 2017, at 9:40 AM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
@Clayton, does it sound reasonable to you to ask for LFS support in s2i?
If
Is git-lfs packaged in epel ben?
On Jan 12, 2017, at 4:10 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
On Thu, Jan 12, 2017 at 3:54 PM, Ben Parees wrote:
> that qualifies as client-side logic (the plugin is executing the logic on
> the client
If you do see behavior with ceph locks like that please file a bug - most
of the serious issues were fixed in 1.3 but we definitely want to ensure no
such issues are still occurring.
On Jan 12, 2017, at 6:40 AM, James Wilkins
wrote:
Out of interest, assuming your
launching the pods (like any others)
> On Jan 11, 2017, at 11:17 PM, Rich Megginson <rmegg...@redhat.com> wrote:
>
>> On 01/11/2017 08:51 PM, Clayton Coleman wrote:
>>
>>
>> On Wed, Jan 11, 2017 at 4:21 PM, Matt Wringe <mwri...@redhat.com
On Wed, Jan 11, 2017 at 4:21 PM, Matt Wringe <mwri...@redhat.com> wrote:
> - Original Message -
> > From: "Clayton Coleman" <ccole...@redhat.com>
> > To: "Matt Wringe" <mwri...@redhat.com>
> > Cc: "John Mazzitelli" <
We may not have implemented label filtering on roles - please file a bug
> On Jan 11, 2017, at 2:22 PM, John Mazzitelli wrote:
>
> Just wondering if this is not supposed to work or if it's a bug.
>
> Try to delete a clusterrole using --selector and it doesn't work:
>
> =
>
>
tificate like it does
> for other components?
>
> - Original Message -
> > From: "Clayton Coleman" <ccole...@redhat.com>
> > To: "John Mazzitelli" <m...@redhat.com>
> > Cc: "users" <users@lists.openshift.redhat.com>
&g
We would create a special role specifically for the agent.
On Wed, Jan 11, 2017 at 10:19 AM, John Mazzitelli wrote:
> OK, so let me ask for suggestions. The use-case is as follows:
>
> The Hawkular OpenShift Agent has one job - collect metrics from Jolokia
> and Prometheus
I'm not sure I would recommend a blue green upgrade for etcd, mostly
due to the extra complexity involved in membership change. Also, the
larger the instance size the longer it will take to snapshot to a new
node, which could have significant impacts on the cluster. You might
also put the
We're working on getting a change into Tito that will allow the proper
version to be passed in and override the spec file. Once that's done
we'll update the scripts to set the version.
> On Dec 28, 2016, at 8:46 AM, Zamir SUN wrote:
>
> I've not read the code. But from a RPM
;
> On Wed, Dec 14, 2016 at 5:17 PM, Graham Dumpleton <gdump...@redhat.com>
> wrote:
>
>>
>> On 15 Dec 2016, at 9:06 AM, Ben Parees <bpar...@redhat.com> wrote:
>>
>>
>>
>> On Wed, Dec 14, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.com
he command line, but I'm somewhat
hesitant to bring it in. Could this be something that you do with an
"oc-apply" bash wrapper?
On Wed, Dec 14, 2016 at 5:06 PM, Ben Parees <bpar...@redhat.com> wrote:
>
>
> On Wed, Dec 14, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.
Each master still needs an IP registered that then backs the Kubernetes
service that clients use to talk to the API. So verify that each master is
reporting the correct IP that is reachable from all nodes to "oc get
endpoints kubernetes -n defaults"
On Dec 7, 2016, at 9:39 AM, Den Cowboy
Prune has to connect to your registry server directly to delete blobs, and
the registry does not support certificate based auth. The most consistent
path would be to use a service account that had the appropriate permissions
and get its token with "oc serviceaccounts get-token".
On Mon, Dec 5,
It's likely, don't have an eta yet while the scope of the pick is assessed.
On Thu, Nov 24, 2016 at 5:52 PM, Lionel Orellana wrote:
> This is a pretty bad issue in Kubernetes. We are talking about deleting
> data from NFS volumes. Lucky for me I'm just doing a POC. Is this
think there is also a limit of how many events the watcher process before
it drops and I think that limit is set to 1000 events.
On Fri, Nov 18, 2016 at 11:17 PM, Clayton Coleman <ccole...@redhat.com>
wrote:
> All connections to the API server are given a timeout (and there is a
> ma
I recreate the route I hit the app again and the cert is again still
>> the same.
>>
>> On Nov 22, 2016 9:04 AM, "Clayton Coleman" <ccole...@redhat.com> wrote:
>>
>>> If you verify it is your cert you are getting, delete and recreate the
>>
If you verify it is your cert you are getting, delete and recreate the
route to double check that it's being updated properly. If that fixes it
please file a bug about route certificates not updating.
On Nov 22, 2016, at 2:31 AM, Dean Peterson wrote:
Is the built in HA
The router has a default certificate applied if no other certificate is
accepted - you may want to check that value for expiration (if your route
is misconfigured for another reason or has no endpoints).
On Nov 22, 2016, at 2:31 AM, Dean Peterson wrote:
Is the built in
The original guarantees we provided were that
1. Resource version is guaranteed to be unique (as a string) across all
instances returned by a LIST or WATCH.
* this does not mean that the value for each is going to be a unique,
increasing integer - if we add sharding in the future the resource
All connections to the API server are given a timeout (and there is a
maximum). Also, any intervening proxy could be set with a lower
connection timeout.
I can't remember whether the API server timeout should be returning an
error. But you definitely will have an upper bound on watch duration.
Copying Avesh - Avesh, this is possible with the new admission
controller you created, right? Did we backport that to 1.4?
> On Nov 7, 2016, at 1:32 AM, Andrew Lau wrote:
>
> From the doc examples, node with label disktype: magnetic / ssd
>
> Is there a way to default the
Do you have resource limits defined on your Jenkins jobs containers?
What version of OpenShift and Docker?
> On Nov 6, 2016, at 2:23 PM, Lionel Orellana wrote:
>
> Hi,
>
> A Jenkins job running on Openshift generated a PermGen expcetion. I ran the
> job a couple more times
6 at 4:58 PM, Clayton Coleman <ccole...@redhat.com> wrote:
> Fluentd runs on the host network and communicates out (today) to reach
> elastic search. Elastic search is protected by authorization that denies
> read/write access from random parties based on cluster level permissio
Fluentd runs on the host network and communicates out (today) to reach
elastic search. Elastic search is protected by authorization that denies
read/write access from random parties based on cluster level permissions.
On Thu, Nov 3, 2016 at 4:52 PM, Josh Baird wrote:
>
Engineer
>
> VSee: fr...@vsee.com <http://vsee.com/u/tmd4RB> | Cell: +65 9338 0035
>
> Join me on VSee for Free <http://vsee.com/u/tmd4RB>
>
>
>
>
> On Wed, Nov 2, 2016 at 9:24 PM, Clayton Coleman <ccole...@redhat.com>
> wrote:
>
>> Does your namespac
.com" <users@lists.openshift.redhat.com
> >
> *Subject: *Re: Openshift discovery
>
>
>
> If you "oc debug" the crashing pods, do you get a shell up?
>
>
> On Nov 3, 2016, at 9:56 AM, Srinivas Naga Kotaru (skotaru) <
> skot...@cisco.com&
, Srinivas Naga Kotaru (skotaru) <
> skot...@cisco.com> wrote:
>
> Clayton
>
>
>
> Sorry for confusion. Original problem was, Service discovery not working
> in regular openshift apps. Out of the box images as well as custom images.
>
>
>
> I was trying to bui
That RC is creating pods under service account cassandra. So you need to
give "cassandra" access to privileged
On Nov 3, 2016, at 9:23 AM, Stéphane Klein
wrote:
Hi,
This my SCC:
$ oc get scc
NAME PRIV CAPS SELINUX RUNASUSER
FSGROUP
standard docker.
Sent from my iPhone
On Nov 3, 2016, at 6:24 AM, Clayton Coleman <ccole...@redhat.com> wrote:
Alpine uses musl which has known differences from glibc in how it handles
DNS resolution. *usually* this is because multiple nameservers are listed
in resolv.conf and the first one
Alpine uses musl which has known differences from glibc in how it handles
DNS resolution. *usually* this is because multiple nameservers are listed
in resolv.conf and the first one doesn't answer queries for
*svc.cluster.local. You can check that by execing into containers and
looking at the
e hostname(s) since they will
> default to ${openshift_master_default_subdomain}?
>
> On Mon, Oct 31, 2016 at 1:04 PM, Clayton Coleman <ccole...@redhat.com>
> wrote:
>
>>
>>
>> On Oct 31, 2016, at 12:06 PM, Josh Baird <joshba...@gmail.com> wrote:
>>
On Oct 31, 2016, at 12:06 PM, Josh Baird wrote:
Hi,
I'm in the initial planning phase for a OSE 3.3 HA deployment and had a few
questions/concerns about how to properly segment routing for applications
that should only be available within our firewalls, and other
Only via the API on the masters. I do not think it is unreasonable
that you'd be able to do so via the node clients credentials, but
policy may not allow the node to gather all the info node drain and
manage-node use.
Try openshift admin manage-node ... --config=PATH_TO_NODE_CRED
> On Oct 28,
Federation is alpha upstream, but should work against openshift as is.
Official support will probably be when it is more useful cross cloud
(ingress is only really useful on GCE today).
On Oct 26, 2016, at 7:36 AM, Jason DeTiberus wrote:
On Oct 26, 2016 7:26 AM, "Andrew
On Oct 24, 2016, at 8:25 PM, Sachin Vaidya wrote:
Hi,
I tried to deply router in "--host-network=false" mode.
#sudo oadm router router-test --service-account=router --host-network=false
1) See 2 containers created where one of the Pods remains in
"ContainerCreating"
> On Oct 17, 2016, at 7:58 AM, David Strejc wrote:
>
> Is there any way how I can remove unused or old images from internal
> Open Shift docker registry?
The prune command is intended for that, although it has some
limitations described in the docs.
>
> And other
There are a number of lower level modules in use by the ansible tools
that are targeted at creating / updating config objects on OpenShift.
We've been discussing increasing and enhancing those tools to make it
even easier to manage openshift with ansible (for both platform tools
as well as for
>From a security perspective we recommend rotating frequently, but it's up
to your judgement. If someone compromised your master cert you would want
to rotate it quickly, so just keep that in mind.
On Oct 12, 2016, at 8:37 AM, Mario Rosic wrote:
Hello,
thank you, the
What version of openshift?
On Oct 10, 2016, at 7:12 AM, Dean Peterson wrote:
This is a complete showstopper, does anyone have any ideas?
On Oct 9, 2016 8:51 PM, "Dean Peterson" wrote:
> [image: Inline image 2]
>
> I get the above error when I
Network segmentation mode is in 1.3. In 1.1 or 1.2 you can also
increase the node failure detection threshold (80s by default) as high
as you want by setting the extended controller argument for it, which
will delay evictions (you could set 24h and use external tooling to
handle node down).
If
https://docs.openshift.org/latest/install_config/router/default_haproxy_router.html#preventing-connection-failures-during-restarts
Should cover this
On Oct 2, 2016, at 9:45 AM, Miloslav Vlach wrote:
Hi
I’m using the 1.2.1 Origin version. I get sometimes the
If you can prevent your eyes from bleeding through sheer strength of will -
gaze upon the setup code here:
https://github.com/openshift/vagrant-openshift/blob/master/lib/vagrant-openshift/action/install_origin_base_dependencies.rb#L262
I thought there was doc for this but I'm not seeing it in my
Which version of Docker are you running? Paul, do those propagation
settings look correct?
On Tue, Sep 27, 2016 at 3:40 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:
> Hi,
>
> We're testing OS 1.3.0 on our test cluster, and have something weird
> happening.
> The
101 - 200 of 361 matches
Mail list logo