Can we launch a deployment in Kubernetes with time limit if not then is any alternative available?


Your privacy


By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.




kubernetes – kube2iam and iam-role-session-ttl argument – how can kube2iam set session validity?

kube2iam has a --iam-role-session-ttl argument that defaults to 15 minutes. The description of this option is

Length of session when assuming the roles (default 15m)

I thought the STS credentials provided by the EC2 instance metadata (via assigned EC2 instance profile and IAM role) was ultimately under control of the STS service? As in only it can set credential validity time.

How can kube2iam also set a role session TTL? Or does it mean something different to the credential validity time?

Nome DNS para o istio kubernetes

estou tendo um problema, implantei o istio no meu ambiente, criei um nome dns para acessar o serviço de fora , configurei no ingress apontando para o kiali e definiticamente nao funciona de nenhuma maneira, conhecem alguma forma?

Obrigado

Kubernetes – vSphere Cloud Provider

I’m following this doc https://cloud-provider-vsphere.sigs.k8s.io/tutorials/kubernetes-on-vsphere-with-kubeadm.html

I am using a load balancer as my ControlPlaneEndpoint, now I would like to join a new master to the cluster passing the cloud-provider flag as well, through the below method it was possible join the workers however I can’t do the same with a new Master.

kubectl -n kube-public get configmap cluster-info -o jsonpath='{.data.kubeconfig}' > discovery.yaml

# tee /etc/kubernetes/kubeadminitworker.yaml >/dev/null <<EOF
apiVersion: kubeadm.k8s.io/v1beta1
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  file:
    kubeConfigPath: /etc/kubernetes/discovery.yaml
  timeout: 5m0s
  tlsBootstrapToken: y7yaev.9dvwxx6ny4ef8vlq
kind: JoinConfiguration
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  kubeletExtraArgs:
    cloud-provider: external
EOF

Thanks

docker – Kubernetes Storage for multinode on VPS

I’m new to this site and I registered here to ask for your help as I’m having an issue that I can’t figure out and my nerves already are burning from it and my head wants to explode.

So the situation. I have a Kubernetes setup ( Did from some tutorials) basic setup on 4 VPS servers 1 Master node and 3 worker nodes. But now I have read up on Persistence volume and I don’t know from where to start.

The plan is like this: To host a website that has continuous uploads, but I need to get the data across all workers to be shared what is the best option for cluster-based is there some Kubernetes module or addon that I can use so that all 3 workers share the data and if one let’s say days the rest continues to work? Please help as I need to all the data including MySQL are scaled on all 3 worker nodes and if one worker node goes down all work is continued with worker nodes 1 and 2 until the 3 restores or gets replaced.

Please point me in the right direction as I cannot create an NFS server on the VPS.

Thank you.

docker – Kubernetes: Service connection timeout

I’m setting a lab cluster with 3 nodes (1 master, 2 workers) in 3 different networks and connected by VPN. I used Flannel for Pod network.

NAME          STATUS   ROLES                  AGE     VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION       CONTAINER-RUNTIME
vinet         Ready    <none>                 8m44s   v1.21.0   10.200.0.48    <none>        Ubuntu 18.04.4 LTS   4.15.0-140-generic   docker://20.10.5
vm-150        Ready    control-plane,master   24m     v1.21.0   10.200.0.150   <none>        Ubuntu 18.04.5 LTS   4.15.0-128-generic   docker://20.10.5
vultr.guest   Ready    <none>                 8m47s   v1.21.0   10.200.0.124   <none>        Ubuntu 18.04.5 LTS   4.15.0-132-generic   docker://20.10.5

My config includes a helloworld app (targetPort=8080, replicas=10) and a associated service (nodePort=30001). Everything fine while pods distributed in only 1 node, I can reach API endpoint by issueing: curl localhost:30001, it loaded balance as expected.

But when pods spread to 2 worker nodes, it was timeout when the request forwarded to pods in other node. For example, if I was in Node 1 and curl localhost:30001, I got the following:

root@mysamplehost:~# curl localhost:30001
You've hit hello-deploy-6575485494-snb5k
root@mysamplehost:~# curl localhost:30001
You've hit hello-deploy-6575485494-pqbwd
root@mysamplehost:~# curl localhost:30001
You've hit hello-deploy-6575485494-pjfl6
root@mysamplehost:~# curl localhost:30001
curl: (7) Failed to connect to localhost port 30001: Connection timed out

My sample deploy:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-deploy

spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-world
  minReadySeconds: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-pod
        image: ngocchien/chien_test:1.0.0
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: hello-svc
  labels:
    app: hello-world
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 30001
    protocol: TCP
  selector:
    app: hello-world

kubernetes – What decides node’s hostname when adding new node with microk8s?

I am building a cluster of machines all running the same setup:

  • Ubuntu Server 20.04.2
  • during installation I select a unique short hostname
  • when OS is installed, I add microk8s 1.20/stable via snap and add permissions following this tutorial

I decided to turn off HA by running microk8s disable ha-cluster after installation.

I run microk8s add-node on master and first two machines connect successfully, creating a cluster with three nodes, one of them being master. The problem occurs with the 4th machine. Although it connects just fine, kubelet doesn’t use the “pretty” hostname as defined in /etc/hostname but my machine’s internal IP. Everything works fine, but this results in an inconsistent and ugly node list.

Running microk8s.kubectl edit node on the master, I cherry pick the problematic machine on ip 192.168.0.134 (hostname zebra) and one of the machines which connected with its hostname as intended (rhombus):

- apiVersion: v1
  kind: Node
  metadata:
    annotations:
      node.alpha.kubernetes.io/ttl: "0"
      volumes.kubernetes.io/controller-managed-attach-detach: "true"
    creationTimestamp: "2021-04-04T18:08:15Z"
    labels:
      beta.kubernetes.io/arch: amd64
      beta.kubernetes.io/os: linux
      kubernetes.io/arch: amd64
      kubernetes.io/hostname: 192.168.0.134
      kubernetes.io/os: linux
      microk8s.io/cluster: "true"
    name: 192.168.0.134
    resourceVersion: "27486"
    selfLink: /api/v1/nodes/192.168.0.134
    uid: 09c01d87-1ae4-452f-8908-6dcb85a5999a
  spec: {}
  status:
    addresses:
    - address: 192.168.0.134
      type: InternalIP
    - address: 192.168.0.134
      type: Hostname

  ...

- apiVersion: v1
  kind: Node
  metadata:
    annotations:
      node.alpha.kubernetes.io/ttl: "0"
      volumes.kubernetes.io/controller-managed-attach-detach: "true"
    creationTimestamp: "2021-04-04T13:59:21Z"
    labels:
      beta.kubernetes.io/arch: amd64
      beta.kubernetes.io/os: linux
      kubernetes.io/arch: amd64
      kubernetes.io/hostname: rhombus
      kubernetes.io/os: linux
      microk8s.io/cluster: "true"
    name: rhombus
    resourceVersion: "27244"
    selfLink: /api/v1/nodes/rhombus
    uid: f125573a-0efb-444c-849b-f0521fe3b813
  spec: {}
  status:
    addresses:
    - address: 192.168.0.105
      type: InternalIP
    - address: rhombus
      type: Hostname

I find that the --hostname-override argument is causing this headache:

$ sudo grep -rlw "192.168.0.134" /var/snap/microk8s/2094/args
/var/snap/microk8s/2094/args/kube-proxy
/var/snap/microk8s/2094/args/kubelet
/var/snap/microk8s/2094/args/kubelet.backup
$ cat /var/snap/microk8s/2094/kubelet

...

--cluster-domain=cluster.local
--cluster-dns=10.152.183.10
--hostname-override 192.168.0.134

If I compare the file against the same one on machines without this problem, the last line is extra. Same goes for /var/snap/microk8s/current/..., I don’t know what the difference between those is.

If I try to remove that line or change the IP to zebra, the settings is ignored and written over (somehow). To do this was suggested in an answer to a related question here. Other answers suggest reset, I use microk8s reset to no difference. To verify each step along the way, I run the same commands on one of the machines which connect with their “pretty” hostname. In the end, it always retained the “pretty” hostname.

What should I change before I connect the node in other to display the correct name? Why would the same installation steps on different machines result in a different node name?

EDIT: I reinstalled OS on the machine and the issue remains.

How to extract the CPU and Memory usage of the Google Cloud Kubernetes Pod when the pod is finished running

I notice that when the job for a certain pod is finished running, and when I access this Kubernestes Engine > Workloads page. I don’t see data on CPU, Memory usage anymore. Could you please let me know if there is a way to have this information for the succeeded jobs? The tester team needs to monitor the CPU and Memory for the pobs. Thank you very much in advance.

CPUMEM_POD

kubernetes – Handling alerts triggered by boolean condition; keep alertmanager from auto-resolving until manually cleared

Assume there’s a condition at 0000 HRS, which a promql expression evaluates to true and bubbles up that condition as desired to alertmanager. The range of time for the check is over a 5m period and the condition has to exist for a total period of 60 seconds before an alert triggers. Let’s assume for the purposes of this question that the condition is met and the alert is sent.

On the next check, the condition changes to false effectively auto-resolving the alert. This is the problem for us for this specific use-case. We desire to manually resolve the alert so that we can check into the root cause instead of alertmanager autoresolving the alert.

I understand that there will likely be answers asking why we want to do this, but this situation is slightly contrived so such answers are not helpful. Essentially, we have a single alert which we do NOT want to autoresolve when the underlying condition returns to false. We need to know when this happens so we can appropriately handle it but we also need to manually resolve the alert.

I haven’t found a way to do this and I’m not really certain there is a way to do it so some guidance would be appreciated.

continuous integration – How should I think about infrastructure as code when using Kubernetes?

I’m trying to better think about our IaC configuration.

I work in a large enterprise, so our Kubernetes infra is managed by the Kubernetes team. We have our application deployments automatically deploy to this infra from our CI/CD pipelines after automated tests run, etc.

My question is – Where would something like Terraform come into play for me? I have a fair bit of deployment and test automation done for me completely via Gitlab and K8 YML specs.

Is there anything I should think about as far as TF goes to help benefit me even further? The one thing I see is maybe DyanmoDB and S3 buckets that we create. Does this automatically run as part of CI or just manually?

Thanks.