Re: OpenShift master keeps consuming lots and memory and swapping

pretty minimal. I’ve never run this prune. https://docs.openshift.com/container-platform/3.6/admin_guide/pruning_resources.html Is there some log that would help highlight exactly what the issue is? Thanks, Joel On Sat, 21 Oct 2017 at 2:23 pm, Clayton Coleman <ccole...@redhat.com> wr

Re: OpenShift master keeps consuming lots and memory and swapping

What version are you running? How many nodes, pods, and namespaces? Excessive memory use can be caused by not running prune or having an automated process that creates lots of an object. Excessive CPU use can be caused by an errant client or component stuck in a hot loop repeatedly taking the

Re: K8S DNS LOGS

uerying K8S DNS endpoint like > myhzapp1-hzsvc.demo.endpoints.cluster.local > to get VIP/IP of pods. > > And got Failures, trying to understand the root cause. is there a way to > see these K8S DNS logs? > > > On 4 Oct 2017, at 22:02, Clayton Coleman <ccole...@redhat.com&g

Re: K8S DNS LOGS

OpenShift doesn't run a DNS pod - each node and each master can answer DNS queries. Logging for failed DNS queries is available on the node process (origin-node) in the system journal at --loglevel=3 and above On Wed, Oct 4, 2017 at 2:33 PM, Barış Aydınöz wrote: > Hi

Re: Openshift Origin and fixed user ID

One more thing - numeric uids must be used in a dockerfile if you want to use nonroot SCC. Openshift can't trust string users. Setting a numeric id is always recommended. > On Sep 13, 2017, at 11:33 AM, Marcello Lorenzi wrote: > > HI All, > we have created some images with

Re: Openshift Origin and fixed user ID

I execute the container but i received an entrypoint permission denied. Marcello On Wed, Sep 13, 2017 at 5:42 PM, Clayton Coleman <ccole...@redhat.com> wrote: > You would define that in your pod spec, or give the service accounts > in your namespace access to the "nonroot&quo

Re: Origin 3.6 on CentOS - looking for wrong package names?

Did you set openshift_deployment_type: origin In your inventory/vars? On Aug 29, 2017, at 5:15 PM, Jamie Duncan wrote: Hi, everyone. I'm setting up Origin 3.6 on CentOS 7.3.1611 using the CentOS PaaS SIG repos using the interactive installer. The issue I'm hitting is:

Re: Origin to OCP

but >> I believe that most Origin users are running on CentOS/Fedora. >> >> >> On Thu, Aug 24, 2017 at 6:23 AM, Clayton Coleman <ccole...@redhat.com> >> wrote: >> >>> I suspect that changing deployment type will hit issues on upgrade. >>>

Re: Origin to OCP

I suspect that changing deployment type will hit issues on upgrade. In particular, systemd service names may change on nodes and masters and not get cleaned up. I'm not sure what other subtle issues would be hit. > On Aug 23, 2017, at 4:26 PM, Lionel Orellana wrote: > > I

Re: Is that possible to deploy openshift on existing k8s cluster?

g that may be possible in the future) so that future versions of OpenShift may run directly on top of a Kube version. Today I would say it's probably very difficult and not recommended without a lot of expertise in both the OpenShift and Kube codebases. > > > > > Rgds, > Sanjeev >

Re: Is that possible to deploy openshift on existing k8s cluster?

Not today. We hope to do so at some point in the future, but today openshift requires additional compiled in control points that only work when installing origin directly from the binaries we build. On Aug 22, 2017, at 6:36 AM, Yu Wei wrote: Hi, Now we have existing k8s

Re: High number of 4xx requests on etcd (3.6 upgrade)

ile="0.99",resource="pods",verb="LIST"} NaN Prometheus query sum without (instance) (apiserver_request_latencies_summary{verb!="WATCH",resource="pods",quantile="0.99"})/1000 Note that get is unusually high, we're not positive it's not bei

Re: High number of 4xx requests on etcd (3.6 upgrade)

Lau <and...@andrewklau.com> wrote: etcd data is on dedicated drives and aws reports idle and burst capacity around 90% On Sun, 13 Aug 2017 at 00:28 Clayton Coleman <ccole...@redhat.com> wrote: > Check how much IO is being used by etcd and how much you have provisioned. > > > > On Au

Re: High number of 4xx requests on etcd (3.6 upgrade)

Check how much IO is being used by etcd and how much you have provisioned. > On Aug 12, 2017, at 5:32 AM, Andrew Lau wrote: > > Post upgrade to 3.6 I'm noticing the API server seems to be responding a lot > slower and my etcd metrics etcd_http_failed_total is returning a

Re: Question about router usage

https://docs.openshift.org/latest/dev_guide/getting_traffic_into_cluster.html#overview covers how to decide what to use. UDP will not be possible via the routers. On Aug 1, 2017, at 12:11 PM, Yu Wei wrote: Hi guys, How could I expose services using TCP/UDP protocols to

Re: Using Custom SCC and Service Account in Deployment

The uid assigned is not random. It is the first uid of a range assigned to the namespace. The value is stored on the namespace as an annotation. The SCC looks at that range when interpreting MustRunAsRange. You can set the annotation yourself as you see fit On Jul 26, 2017, at 2:50 PM, Isuru

Re: Expose a range of ports

Ranges are not possible yet for normal services (proxied) in Kubernetes. You can create a "headless" service without a proxy that will have a DNS name that resolves to all the pods > On Jul 14, 2017, at 8:46 AM, Javier Palacios wrote: > > > Hello, > > We have a service

Re: Why openshift requires DNS server

We've discussed it, there are other near term priorities. On Jul 13, 2017, at 10:36 AM, Fox, Kevin M wrote: Is there any intention to contribute it to k8s? Thanks, Kevin -- *From:* dev-boun...@lists.openshift.redhat.com [

Re: OpenShift Origin Active Directory Authentication

When you restart, what log messages are printed in origin-master? On Jul 11, 2017, at 10:19 PM, Werner, Mark wrote: I am really struggling to get Active Directory authentication to work. The oauthConfig section of the master-config.yaml file starts out like this and all

Re: Fencing and pod guarantees

On Thu, Jul 6, 2017 at 6:34 AM, Nicola Ferraro wrote: > Hi, > I've read some discussions on fencing and pod guarantees. Most of them are > related to stateful sets, e.g. https://github.com/ > kubernetes/community/blob/master/contributors/design- > proposals/pod-safety.md and

Re: Running sshd in a Docker Container on Openshift

oc rsync is not always appropriate, since the communication has to go through the master. If you're doing 40gb db backups via rsync you'd want to choose a different mechanism, at least until we add direct exec session support in the future On Jul 9, 2017, at 2:13 PM, Ben Parees

Re: Pods has connectivity to other pod and service only when I run an additional pod

I think so - will need to double check what's on the list. On Tue, Jun 27, 2017 at 7:39 PM, Andrew Lau wrote: > Will there be another 1.5 release now that https://github.com/ > openshift/origin/pull/14801 has merged? > > On Wed, 24 May 2017 at 00:00 Philippe Lafoucrière <

Re: oc rsh or oc get pod -w disconnection after few minutes

Generally this happens when you put a proxy in front of your Masters with a short connection timeout. Exec and portforward are tunneled though the master via a SPDY or Websocket connection upgrade - if your proxy is sophisticated enough you can set different timeouts there. On Jun 23, 2017, at

Re: Bootstrap template

> On Jun 22, 2017, at 7:24 AM, Jeremiah Menetrey > wrote: > > Hello, > > I am using an openshift origin cluster and defined a few dozen objects > grouped in several yaml files. > Now I would like to "package" them into a single template such that > everything can

Re: oc whoami bug?

If you're looking for a "am I authenticated" script element, generally I would recommend doing: $ oc get user/~ -o name --token "$(oc whoami -t)" On Wed, Jun 21, 2017 at 12:30 PM, Clayton Coleman <ccole...@redhat.com> wrote: > If your script looks like: > >

Re: oc whoami bug?

If your script looks like: $ oc get service foo --token "$(oc whoami -t)" and whoami -t fails you're going to get something you didn't expect as output. On Wed, Jun 21, 2017 at 9:38 AM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Jun 21, 2017 at 9:31 A

Re: oc whoami bug?

The reason today it does not do that so you can use it in scripting effectively. It's expected you're using that immediately in another command which would display that error. On Jun 21, 2017, at 7:49 AM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: Just to be clear, my

Re: Is CephFS supported by OpenShift?

nfo> wrote: > 2017-06-16 16:04 GMT+02:00 Clayton Coleman <ccole...@redhat.com>: > >> If you configure it yourself it's in the code >> > > In the code ? OpenShift Go source code or Ansible role source code? > _

Re: problem with oc tag

ject). > > But then doing a oc describe is/ruby-ex the two approaches seem to give > slightly different outcomes. What's the difference between the two methods? > > On 06/06/2017 13:25, Clayton Coleman wrote: > > Tag tries to guess at whether you mean an image stream ref

Re: problem with oc tag

Tag tries to guess at whether you mean an image stream ref or a regular image ref. In your case, it saw the SRC arg as 172.30.1.1 (registry) development (namespace) and (name) ruby22-centos7 and assumed you meant a docker image (which that is). However, it then tries to import the image and

Re: Possible bug with haproxy?

HAProxy doesn't currently support HTTP/2 connections - so unless you've done something custom, you shouldn't even be able to connect to HAProxy as http/2 On Fri, May 26, 2017 at 4:10 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: > Hi, could you take a look at this

Re: openshift memory requirements

pods - thought about using 6 (2 wordpress, 2 mysql, 2 memcache) > > תודה, > *חץ בן חמו* > אתם מוזמנים לבקר בבלוג היעוץ <http://linvirtstor.net/> או בבלוג הפרטי שלי > <http://benhamo.org> > > On Tue, May 23, 2017 at 8:59 PM, Clayton Coleman <ccole...@redhat

Re: openshift memory requirements

How many nodes and pods are you planning to run? On Tue, May 23, 2017 at 1:43 PM, Hetz Ben Hamo wrote: > Hi, > > I've read the docs about openshift memory requirements and I wanted to ask > something.. > > I'm planning to build a system which will host a web site (wordpress >

Re: Overlayfs support

t 10:03 Subhendu Ghosh <sghosh...@gmail.com> wrote: > I guess I was looking for node configuration playbooks that could be used > for blue green node roll out. > > Wondering how far Commisare will get to. Seems like an ideal use case. > > On Apr 11, 2017 18:08, "

Re: Critical Routing Bug v1.5.0

Thanks for reporting, looking into it On Apr 22, 2017, at 12:29 AM, Andrew Lau wrote: I believe this is a significant bug that needs attention https://github.com/openshift/origin/issues/13862 ___ users mailing list

Re: OpenShift / Kubernetes federation

Yeah - federation is effectively alpha upstream still (the apis are beta, but lots of work still to do), and Maru is working to get some of the things stabilized so it meets our bar of what can be considered supportable. Beyond just workload federation, other types of federation will be important

Re: Passthrough and insecure route

1.4 added the ability to specify insecureEdgeTerminationPolicy for passthrough. On Wed, Apr 19, 2017 at 2:31 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: > Hi, > > It seem impossible to register a route with both "passthrough" tls > termination and standard http. > The

Re: OpenShift Origin release of version 1.5.0

Just letting it soak for a bit longer to ensure we have more testing. On Tue, Apr 18, 2017 at 1:20 PM, Lars Milland wrote: > Hi > > > > With the RedHat edition of OpenShift 3.5 now released, will there also be > an OpenShift Origin 1.5.0 release created with RPM’s updated and

Re: audit users of imagestream to enable deprecation

You can also use oadm migrate image-* to migrate where images point. Dry run should list all of the impacted apps On Apr 17, 2017, at 9:44 AM, Andy Goldstein wrote: I'm not aware of a tool, but the code that we use to identify images for pruning could be a good starting

Re: Overlayfs support

great. > > I would not run it on infrastructure nodes yet though. Clayton Coleman > said recently, when I asked about some OverlayFS-SELinux issues, that it > is likely only going to be supported with the coming RHEL. 7.4 has the fixes - we've been running the OpenShift test suite against o

Re: Get OpenShift API address

On Apr 4, 2017, at 12:48 PM, Tako Schotanus wrote: So I know you can use "openshift.default.svc.cluster.local" for accessing the OpenShift's console API internally from within a Pod. We actually use that to create a new project for the same user, but now we want to redirect

Re: Global projects

It is in new-app. When the template broker is enabled in 3.6 you'll be able to parameterize that as an admin and have the catalog obey it. On Mar 31, 2017, at 11:49 PM, Andrew Lau wrote: >From earlier, it seems it's hard coded into the web console

Re: metrics 1.3.3

Jeff, do you know if we might have accidentally deleted this? On Mar 21, 2017, at 5:29 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: Hi, Someone removed the v1.3.3 tag for this metrics image: https://hub.docker.com/r/openshift/origin-metrics-hawkular-metrics/tags/ It

Re: Is it possible to use Helm package system with OpenShift?

Yes, you need to grant it a very high level of access via its service account, and remember that anyone you allow to make calls to it can create anything in any namespace (take over the cluster). So do not expose it to end users, or grant access to more than one namespace if you do. On Mar 23,

Re: openshift-master fails to start with ssl errors

This should cover the rekey scenario, you may have to limit to the master https://docs.openshift.com/container-platform/3.3/install_config/redeploying_certificates.html On Mar 16, 2017, at 5:33 AM, Francisco Pérez Fernández wrote: Hi, My OpenShift cluster is down, on

Re: Error: MountVolume.SetUp failed for volume ... Error: MountVolume.SetUp failed for volume ... with: rbd: map failed exit status 1 ... -1 did not load config file, using default settings

Copying some folks from the storage team. On Mon, Mar 13, 2017 at 11:39 AM, Stéphane Klein < cont...@stephane-klein.info> wrote: > Nobody have this error with OpenShift 1.4.1? > > 2017-02-27 21:21 GMT+01:00 Stéphane Klein : > >> Hi, >> >> after OpenShift upgrade from

Re: mariadb-container gets AVC on up-to-date centos

Which centos? There's a couple of known overlay bugs that may be at fault, one with unix domain sockets not working at all, one with selinux and file systems. There are a few others known. We aren't officially supporting overlay until 7.4, mostly due to those and other bugs. > On Mar 10, 2017,

Re: Per node pod quotas by pod service type

We generally describe this as pod scheduling affinity and anti affinity (the part where three of one service are deployed to the same node). Openshift 1.0-1.4 uses cluster wide defaults for this, while 1.5 will have alpha support for per pod level rules to let you say, for instance, "never have

OpenShift Origin v1.5.0-alpha.3 released

Alpha 3 is out on GitHub. This will be the last alpha for 1.5.0 - the next tag will be the release candidate. https://github.com/openshift/origin/releases/tag/v1.5.0-alpha.3 We plan to branch master soon and create a release-1.5 branch that will lead to v1.5.0.

Re: Pods randomly running as root

>> output of `oc describe scc`, and I did not find any unexpected access to >> elevated privileges for a default serviceaccount. The project were I'm >> currently seeing the problem is not mentioned at all. Also, I've seen the >> problem happen with pods that are managed by the

Fwd: Pods randomly running as root

Adding the list back -- Forwarded message -- From: Clayton Coleman <ccole...@redhat.com> Date: Mon, Feb 6, 2017 at 1:42 PM Subject: Re: Pods randomly running as root To: Alex Wauck <alexwa...@exosite.com> Cc: users <us...@redhat.com> Do the pods running as

Re: Pods randomly running as root

o not. They only have > docker-selinux-1.9.1 available, since the 1.10.3 package seems to have been > removed from the CentOS extras repo. > > We are running OpenShift 1.2.1, since I haven't had time to upgrade it. > > On Mon, Feb 6, 2017 at 8:31 AM, Clayton Coleman <ccole...@red

Re: Pods randomly running as root

Are you running them directly (launching a pod)? Or running them under another controller resource. On Feb 6, 2017, at 2:00 AM, Alex Wauck wrote: Recently, I began to notice that some of my pods on OpenShift run as root instead of a random UID. There does not seem to be

Re: Can I create a new scc with chroot capability?

Yes, you can create an appropriate SCC without the chroot drop. I would recommend ensuring the SCC matches the use case you want to solve (having more SCC's is not a problem). On Mon, Jan 30, 2017 at 1:02 PM, Jonathan Yu wrote: > Re-sending to

Re: Using external SSL termination with docker-registry/registry-console

I believe there was an env var that needed to be set for reencrypt and the registry-console that told the backend what the route's name was. Something like CONSOLE_URL or similar. On Fri, Jan 27, 2017 at 3:06 PM, Josh Baird wrote: > Hi, > > Our infra nodes are fronted by

Re: Origin 1.4

The tag is up and images have been pushed. RPMs will follow soon. I have not yet updated the release notes which should be up tomorrow. On Wed, Jan 18, 2017 at 5:09 PM, Grant Shipley wrote: > Stay tuned... I hear that 1.4 will be tagged shortly. > > On Wed, Jan 18, 2017

Re: S2I and git-lfs

We would probably need help getting git-lfs packaged first. That's really the biggest blocker to enabling it by default. On Jan 16, 2017, at 9:40 AM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: @Clayton, does it sound reasonable to you to ask for LFS support in s2i? If

Re: S2I and git-lfs

Is git-lfs packaged in epel ben? On Jan 12, 2017, at 4:10 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: On Thu, Jan 12, 2017 at 3:54 PM, Ben Parees wrote: > ​that qualifies as client-side logic (the plugin is executing the logic on > the client

Re: ceph pv

If you do see behavior with ceph locks like that please file a bug - most of the serious issues were fixed in 1.3 but we definitely want to ensure no such issues are still occurring. On Jan 12, 2017, at 6:40 AM, James Wilkins wrote: Out of interest, assuming your

Re: cluster-reader and secrets

launching the pods (like any others) > On Jan 11, 2017, at 11:17 PM, Rich Megginson <rmegg...@redhat.com> wrote: > >> On 01/11/2017 08:51 PM, Clayton Coleman wrote: >> >> >> On Wed, Jan 11, 2017 at 4:21 PM, Matt Wringe <mwri...@redhat.com

Re: cluster-reader and secrets

On Wed, Jan 11, 2017 at 4:21 PM, Matt Wringe <mwri...@redhat.com> wrote: > - Original Message - > > From: "Clayton Coleman" <ccole...@redhat.com> > > To: "Matt Wringe" <mwri...@redhat.com> > > Cc: "John Mazzitelli" <

Re: cannot delete role using --selector

We may not have implemented label filtering on roles - please file a bug > On Jan 11, 2017, at 2:22 PM, John Mazzitelli wrote: > > Just wondering if this is not supposed to work or if it's a bug. > > Try to delete a clusterrole using --selector and it doesn't work: > > = > >

Re: cluster-reader and secrets

tificate like it does > for other components? > > - Original Message - > > From: "Clayton Coleman" <ccole...@redhat.com> > > To: "John Mazzitelli" <m...@redhat.com> > > Cc: "users" <users@lists.openshift.redhat.com> &g

Re: cluster-reader and secrets

We would create a special role specifically for the agent. On Wed, Jan 11, 2017 at 10:19 AM, John Mazzitelli wrote: > OK, so let me ask for suggestions. The use-case is as follows: > > The Hawkular OpenShift Agent has one job - collect metrics from Jolokia > and Prometheus

Re: Blue/Green control plane upgrade

I'm not sure I would recommend a blue green upgrade for etcd, mostly due to the extra complexity involved in membership change. Also, the larger the instance size the longer it will take to snapshot to a new node, which could have significant impacts on the cluster. You might also put the

Re: make build-rpms generates rpms with version 0.0.1

We're working on getting a change into Tito that will allow the proper version to be passed in and override the spec file. Once that's done we'll update the scripts to set the version. > On Dec 28, 2016, at 8:46 AM, Zamir SUN wrote: > > I've not read the code. But from a RPM

Re: oc .env files

; > On Wed, Dec 14, 2016 at 5:17 PM, Graham Dumpleton <gdump...@redhat.com> > wrote: > >> >> On 15 Dec 2016, at 9:06 AM, Ben Parees <bpar...@redhat.com> wrote: >> >> >> >> On Wed, Dec 14, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.com

Re: oc .env files

he command line, but I'm somewhat hesitant to bring it in. Could this be something that you do with an "oc-apply" bash wrapper? On Wed, Dec 14, 2016 at 5:06 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Dec 14, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.

Re: OpenShift origin cluster in VLAN

Each master still needs an IP registered that then backs the Kubernetes service that clients use to talk to the API. So verify that each master is reporting the correct IP that is reachable from all nodes to "oc get endpoints kubernetes -n defaults" On Dec 7, 2016, at 9:39 AM, Den Cowboy

Re: authentication for oadm prune in cron job

Prune has to connect to your registry server directly to delete blobs, and the registry does not support certificate based auth. The most consistent path would be to use a service account that had the appropriate permissions and get its token with "oc serviceaccounts get-token". On Mon, Dec 5,

Re: PV manual reclamation and recyling

It's likely, don't have an eta yet while the scope of the pick is assessed. On Thu, Nov 24, 2016 at 5:52 PM, Lionel Orellana wrote: > This is a pretty bad issue in Kubernetes. We are talking about deleting > data from NFS volumes. Lucky for me I'm just doing a POC. Is this

Re: anyone see watcher channels close unexpectedly?

think there is also a limit of how many events the watcher process before it drops and I think that limit is set to 1000 events. On Fri, Nov 18, 2016 at 11:17 PM, Clayton Coleman <ccole...@redhat.com> wrote: > All connections to the API server are given a timeout (and there is a > ma

Re: TLS certificate stays the same after renewing

I recreate the route I hit the app again and the cert is again still >> the same. >> >> On Nov 22, 2016 9:04 AM, "Clayton Coleman" <ccole...@redhat.com> wrote: >> >>> If you verify it is your cert you are getting, delete and recreate the >>

Re: TLS certificate stays the same after renewing

If you verify it is your cert you are getting, delete and recreate the route to double check that it's being updated properly. If that fixes it please file a bug about route certificates not updating. On Nov 22, 2016, at 2:31 AM, Dean Peterson wrote: Is the built in HA

Re: TLS certificate stays the same after renewing

The router has a default certificate applied if no other certificate is accepted - you may want to check that value for expiration (if your route is misconfigured for another reason or has no endpoints). On Nov 22, 2016, at 2:31 AM, Dean Peterson wrote: Is the built in

Re: is resourceVersion unique?

The original guarantees we provided were that 1. Resource version is guaranteed to be unique (as a string) across all instances returned by a LIST or WATCH. * this does not mean that the value for each is going to be a unique, increasing integer - if we add sharding in the future the resource

Re: anyone see watcher channels close unexpectedly?

All connections to the API server are given a timeout (and there is a maximum). Also, any intervening proxy could be set with a lower connection timeout. I can't remember whether the API server timeout should be returning an error. But you definitely will have an upper bound on watch duration.

Re: default node selectors

Copying Avesh - Avesh, this is possible with the new admission controller you created, right? Did we backport that to 1.4? > On Nov 7, 2016, at 1:32 AM, Andrew Lau wrote: > > From the doc examples, node with label disktype: magnetic / ssd > > Is there a way to default the

Re: Container PermGen expcetion kills entire node

Do you have resource limits defined on your Jenkins jobs containers? What version of OpenShift and Docker? > On Nov 6, 2016, at 2:23 PM, Lionel Orellana wrote: > > Hi, > > A Jenkins job running on Openshift generated a PermGen expcetion. I ran the > job a couple more times

Re: Network segmentation

6 at 4:58 PM, Clayton Coleman <ccole...@redhat.com> wrote: > Fluentd runs on the host network and communicates out (today) to reach > elastic search. Elastic search is protected by authorization that denies > read/write access from random parties based on cluster level permissio

Re: Network segmentation

Fluentd runs on the host network and communicates out (today) to reach elastic search. Elastic search is protected by authorization that denies read/write access from random parties based on cluster level permissions. On Thu, Nov 3, 2016 at 4:52 PM, Josh Baird wrote: >

Re: Wrong resource consumption on scheduler

Engineer > > VSee: fr...@vsee.com <http://vsee.com/u/tmd4RB> | Cell: +65 9338 0035 > > Join me on VSee for Free <http://vsee.com/u/tmd4RB> > > > > > On Wed, Nov 2, 2016 at 9:24 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> Does your namespac

Re: Openshift discovery

.com" <users@lists.openshift.redhat.com > > > *Subject: *Re: Openshift discovery > > > > If you "oc debug" the crashing pods, do you get a shell up? > > > On Nov 3, 2016, at 9:56 AM, Srinivas Naga Kotaru (skotaru) < > skot...@cisco.com&

Re: Openshift discovery

, Srinivas Naga Kotaru (skotaru) < > skot...@cisco.com> wrote: > > Clayton > > > > Sorry for confusion. Original problem was, Service discovery not working > in regular openshift apps. Out of the box images as well as custom images. > > > > I was trying to bui

Re: How to use SCC and HostPath ?

That RC is creating pods under service account cassandra. So you need to give "cassandra" access to privileged On Nov 3, 2016, at 9:23 AM, Stéphane Klein wrote: Hi, This my SCC: $ oc get scc NAME PRIV CAPS SELINUX RUNASUSER FSGROUP

Re: Openshift discovery

standard docker. Sent from my iPhone On Nov 3, 2016, at 6:24 AM, Clayton Coleman <ccole...@redhat.com> wrote: Alpine uses musl which has known differences from glibc in how it handles DNS resolution. *usually* this is because multiple nameservers are listed in resolv.conf and the first one

Re: Openshift discovery

Alpine uses musl which has known differences from glibc in how it handles DNS resolution. *usually* this is because multiple nameservers are listed in resolv.conf and the first one doesn't answer queries for *svc.cluster.local. You can check that by execing into containers and looking at the

Re: Segmentation of internal/external applications

e hostname(s) since they will > default to ${openshift_master_default_subdomain}? > > On Mon, Oct 31, 2016 at 1:04 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> >> >> On Oct 31, 2016, at 12:06 PM, Josh Baird <joshba...@gmail.com> wrote: >>

Re: Segmentation of internal/external applications

On Oct 31, 2016, at 12:06 PM, Josh Baird wrote: Hi, I'm in the initial planning phase for a OSE 3.3 HA deployment and had a few questions/concerns about how to properly segment routing for applications that should only be available within our firewalls, and other

Re: Node triggered evacuation

Only via the API on the masters. I do not think it is unreasonable that you'd be able to do so via the node clients credentials, but policy may not allow the node to gather all the info node drain and manage-node use. Try openshift admin manage-node ... --config=PATH_TO_NODE_CRED > On Oct 28,

Re: multi cloudprovider

Federation is alpha upstream, but should work against openshift as is. Official support will probably be when it is more useful cross cloud (ingress is only really useful on GCE today). On Oct 26, 2016, at 7:36 AM, Jason DeTiberus wrote: On Oct 26, 2016 7:26 AM, "Andrew

Re: Deploying router

On Oct 24, 2016, at 8:25 PM, Sachin Vaidya wrote: Hi, I tried to deply router in "--host-network=false" mode. #sudo oadm router router-test --service-account=router --host-network=false 1) See 2 containers created where one of the Pods remains in "ContainerCreating"

Re: How to manage images within Open Shift internal docker registry / HA of docker registry

> On Oct 17, 2016, at 7:58 AM, David Strejc wrote: > > Is there any way how I can remove unused or old images from internal > Open Shift docker registry? The prune command is intended for that, although it has some limitations described in the docs. > > And other

Re: Managing OpenShift Configuration with Puppet/Ansible… what are your best practices?

There are a number of lower level modules in use by the ansible tools that are targeted at creating / updating config objects on OpenShift. We've been discussing increasing and enhancing those tools to make it even easier to manage openshift with ansible (for both platform tools as well as for

Re: Cluster-Birthday: 1 year old, many certificates expiring - how to update?

>From a security perspective we recommend rotating frequently, but it's up to your judgement. If someone compromised your master cert you would want to rotate it quickly, so just keep that in mind. On Oct 12, 2016, at 8:37 AM, Mario Rosic wrote: Hello, thank you, the

Re: Authentication error no matter what I do

What version of openshift? On Oct 10, 2016, at 7:12 AM, Dean Peterson wrote: This is a complete showstopper, does anyone have any ideas? On Oct 9, 2016 8:51 PM, "Dean Peterson" wrote: > [image: Inline image 2] > > I get the above error when I

Re: Complete cluster meltdown due to "Kubelet stopped posting node status"

Network segmentation mode is in 1.3. In 1.1 or 1.2 you can also increase the node failure detection threshold (80s by default) as high as you want by setting the extended controller argument for it, which will delay evictions (you could set 24h and use external tooling to handle node down). If

Re: Openshift Router

https://docs.openshift.org/latest/install_config/router/default_haproxy_router.html#preventing-connection-failures-during-restarts Should cover this On Oct 2, 2016, at 9:45 AM, Miloslav Vlach wrote: Hi I’m using the 1.2.1 Origin version. I get sometimes the

Re: Enabling emptyDir quota on atomic hosts

If you can prevent your eyes from bleeding through sheer strength of will - gaze upon the setup code here: https://github.com/openshift/vagrant-openshift/blob/master/lib/vagrant-openshift/action/install_origin_base_dependencies.rb#L262 I thought there was doc for this but I'm not seeing it in my

Re: Secrets not available anymore with 1.3.0

Which version of Docker are you running? Paul, do those propagation settings look correct? On Tue, Sep 27, 2016 at 3:40 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com> wrote: > Hi, > > We're testing OS 1.3.0 on our test cluster, and have something weird > happening. > The

<    1   2   3   4   >