Ciugk

Clash Royale CLAN TAG #URR8PPP How do I get a single pod name for kuberenetes? I'm looking for a command like "gcloud config get-value project" that retrieves a project's name, but for a pod (it can retrieve any pod name that is running). I know you can get multiple pods with "kubectl get pods", but I would just like one pod name as the result. I'm having to do this all the time: kubectl get pods # add one of the pod names in next line kubectl logs -f some-pod-frontend-3931629792-g589c some-app I'm thinking along the lines of "gcloud config get-value pod". Is there a command to do that correctly? why don't you simply grep the output? – Markus Dresch 24 mins ago 2 Answers 2 You can use the grep comma...

Clash Royale CLAN TAG #URR8PPP True LoadBalancing in Kubernetes? What is a Load Balancer? Load balancing improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives NodePort is not load balancer. (I know that kube-proxy load balance the traffic among the pod once the traffic is inside the cluster) I mean, the end user hits http://NODEIP:30111 (For example) URL to access the application. Even though the traffic is load balanced among the POD, users still hits a single node i.e. the "Node" which is K8s's minion but a real Load Balancer, right? kube-proxy http://NODEIP:30111 Here also same, imagine the ingress-controller is deployed and ingress-service too. The sub-domain that we specify in ingress-service should points to "a" node in K8s cluster, then ingress-controller load balance the traffic among the pods. Here also end users hitting single nod...

Clash Royale CLAN TAG #URR8PPP How do I run a single container from the command line in a Kubernetes cluster (like docker run)? I would like to run a one-off container Pod from the command line in my Kubernetes cluster. I am looking for the equivalent of: docker run --rm -it centos /bin/bash Is there a kubectl equivalent? kubectl 1 Answer 1 It looks like the simplest way is: kubectl run tmp-shell --rm -i --tty --image centos -- /bin/bash Notes : Deployment tmp-shell kubectl run --rm Deployment --rm kubectl delete deploy/tmp-shell --rm kubectl attach $pod-name -c $pod-container -i -t If your shell does not start, check whether your cluster is out of resources ( kubectl describe nodes ). You can control the resources this deployment is requesting with --requests : kubectl describe nodes --requests --requests='': The resource requirement requests for this container. For example, 'cpu=100m...

Clash Royale CLAN TAG #URR8PPP Docker image custom nginx.conf I am fairly new to this, I don't know if I am heading in the right direction or not. I have a custom nginx.conf that works fine, I am now trying to build a docker image with it so that I can run it as a container in kuberentes. Here is my nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } stream { #define the various upstreams upstream app_1 { server 192.168.122.206:5678; } upstream app_2 { server 192.168.122.206:9000; } #map source port to upstream map $remote_port $backend_svr { 1234 "app_1"; 1235 "app_2"; } #all udp traffic received on 8000, depending on source it will be redirected server { listen 8000 udp; proxy_pass $...

Clash Royale CLAN TAG #URR8PPP kubernetes : expost service internally within VPN I've setup kubernetes cluster using kops kops create cluster --dns-zone=vpc.pharmeasy.in --dns=private --master-zones=ap-southeast-1a,ap-southeast-1b,ap-southeast-1c --zones=ap-southeast-1a,ap-southeast-1b,ap-southeast-1c --node-count 3 --topology private --networking flannel-vxlan --node-size=t2.medium --master-size=t2.micro ${NAME} Also, we have used internal LoadBalancer for Kubernetes api server. Whenever i create a service of type=LoadBalancer it creates internet-facing load balancer and is available publically. I tried created service using ClusterIp And exposed using Kubectl proxy, but it is not accessible. We already have VPN setup. We want elasticsearch and kibana dashboard available only within vpn. How to expose service internally with VPN? By clicking "Post Your Answer", you...

Clash Royale CLAN TAG #URR8PPP How to generate Certificate Signing Request (CSR) for setting up TLS in GKE I'm running a service in GKE and have an Ingress for setting up LTS. I have tried by my self-signing certificates and I could access to my site through https protocol. It looks good. Please notice that I have a static IP for Ingress and a domain name for it already. But now I'm going to create a real-certificates and trying to create a CSR and sending it to CA but I'm so confused after reading those posts: Manage TLS Certificates in a Cluster Certificates I have some questions: All I want is to make *.crt and *.key file for setting up https on my service. (I have read some blog posts telling about Let's Encrypt but I don't want to use it). Thank you for reading. 1 Answer 1 Let's go over each of your questions first: What's Pod's DNS, Pod's Ip and Service'...

Clash Royale CLAN TAG #URR8PPP Microservices in Docker Container I am using Spring Cloud for Creating Microservice Architecture. I was using the below feature from the Spring Cloud Now Lets say if I have 100 microservices, then we need 100 servers to maintain each microservices. So I thought of using Kubernetes to solve this issue by deploying each microservices in a separate docker container, so now since Kubernetes takes care of microserivice health check, autoscaling, load-balancing so do I need to again use Ribbon, Eureka and Zuul. Can anyone please help me on this 2 Answers 2 Even when you use Spring Cloud, 100 services do NOT mean 100 servers. In Spring Cloud the packaging unit is Spring Boot application and a single server may host many such Spring Boot applications. If you want, you can containerize the Spring Boot applications and other Spring Cloud infrastructure support components. But t...

Clash Royale CLAN TAG #URR8PPP Using Spring Cloud with Orchestration Tools Like Docker Swarm and Kubernetes I have a cloud-native application, which is implemented using Spring Cloud Netflix . Spring Cloud Netflix So in my application, I'm using Eureka service discovery to manage all instances of different services of the application. When each service instance wants to talk to another, it uses Eureka to fetch the required information about the target service (ip and port for example). Eureka Eureka The service orchestration can also be achieved using tools like Docker Swarm and Kubernetes , and it looks like there are some overlap between what Eureka does and what Docker Swarm and Kubernetes do. Docker Swarm Kubernetes Eureka Docker Swarm Kubernetes For example Imagine I create a service in Docker Swarm with 5 instances, and swarm insures that those 5 instances are always up and running. Additionally, each services of the application is sending a periodic heartbeat to the E...

Clash Royale CLAN TAG #URR8PPP Postgres pod suddenly dissapeared after update in gcloud We changed kubernetes node version because of this message, and because for some reason, pods were unable to be scheduled Before this message, however, there was a postgres pod running As you can see the pod is gone, for some reason, why is it so? I cannot seem to get it back, when I try kubectl get events I get that no resources cannot be found, is there anyway to revive the postgres container, or get information about it, why is it down? What could I do? kubectl logs postgres doesn't seem to work either. kubectl get events kubectl logs postgres What I want to get is where was this postgres pod running (like the location path), or if the configuration of this pod is still available, or if this is lost forever. If the pod is dead, can I still access to it's "graveyard" (that means the database data), or was this cleaned up? ...

Clash Royale CLAN TAG #URR8PPP Using runAsNonRoot in Kubernetes We’ve been planning for a long time to introduce securityContext: runAsNonRoot: true as a requirement to our pod configurations for a while now. securityContext: runAsNonRoot: true Testing this today I’ve learnt that since v1.8.4 (I think) you also have to specify a particular UID for the user running the container, e.g runAsUser: 333 . v1.8.4 runAsUser: 333 This means we not only have to tell developers to ensure their containers don’t run as root, but also specify a specific UID that they should run as, which makes this significantly more problematic for us to introduce. Have I understood this correctly? What are others doing in this area? To leverage runAsNonRoot is it now required that Docker containers run with a specific and known UID? runAsNonRoot 2 Answers 2 The Kubernetes Pod SecurityContext provides two options runAsNonRoot...