Containers and Kubernetes

Get Involved. Join the Conversation.

Posts

  • John K
    SSH console access loginAnswered3
    Topic posted September 9, 2019 by John K 
    Title:
    SSH console access login
    Content:

    I'm trying to SSH into my instance using the SSH connection string provided by the console. I uploaded my public key and changed the permission of the private key ($ chmod 600 ~./.ssh/id_rsa) but I'm still being asked for username and password. Any ideas as to what this would be or how I can get past this?

  • Karthik Murthy
    How to preserve Source IP for LoadBalancer Service OKE45.0
    Topic posted July 17, 2019 by Karthik Murthy, tagged Containers, Kubernetes 
    Title:
    How to preserve Source IP for LoadBalancer Service OKE
    Summary:
    Unable to preserve source IP for a Kubernetes service exposed as type 'LoadBalancer'
    Content:

    I have deployed a backed service and nginx ingress controller as a Load Balancer service as documented in https://docs.cloud.oracle.com/iaas/Content/ContEng/Tasks/contengsettingupingresscontroller.htm 

    I would like to know if there is any way we can preserve source IP on the backed Pod. i.e I expect to see that the source IP of my external client when the request reaches the backend pod via the loadbalancer and nginx ingress controller.

    Any help is greatly appreciated !

    Version:
    12.7
  • Ranjans
    unable to invoke the function in oci1
    Topic last edited August 22, 2019 by Ranjans Red Ribbon: 250+ Points, tagged Containers, Docker 
    Title:
    unable to invoke the function in oci
    Summary:
    unable to invoke the function in oci
    Content:

    As per Python SDK , when I am importing the config value, the function is not getting invoke and is error out . The function has been built using python .

    The following command is used to invoke the function

    fn invoke  app_py pythonfn

     

    *************************

    import json
    import io
    import oci
    from oci.config import from_file
    import sys
    from fdk import response


    config = from_file(profile_name="DEFAULT")
    print(conf)

    def handler(ctx, data: io.BytesIO=None):


        try:
            body = json.load(data)
    .................
    ....................
    ..........................

  • Ranjans
    cx_Oracle.DatabaseError: DPI-1047 while connecting to...
    Topic posted September 12, 2019 by Ranjans Red Ribbon: 250+ Points, tagged Containers, Docker 
    Title:
    cx_Oracle.DatabaseError: DPI-1047 while connecting to cx_Oracle on docker
    Content:

    Hi ,

    I have written my function in python. When I am trying to invoke the function. I am getting the below error.  I have attached the Dockerfile also. Any suggestions.

     

    fn invoke appname func1

    cx_Oracle.DatabaseError: DPI-1047: Cannot locate a 64-bit Oracle Client library: "libclntsh.so: cannot open shared object file: No such file or directory". See https://oracle.github.io/odpi/doc/installation.html#linux for helpC

     

    Document:
  • Ranjans
    connect to adwc with fn(function)
    Topic posted September 11, 2019 by Ranjans Red Ribbon: 250+ Points, tagged Containers, Docker 
    Title:
    connect to adwc with fn(function)
    Summary:
    connect to adwc with fn (function)
    Content:


    Hi Everyone,

    Can anyone ,please suggest me in the below .
    I wanted to run my python code through oracle serverless computing( through fn function)
    Therefore I am facing challenge in connecting to adwc database with fn.
    In order to connect I need a init image file in python or Dockerfile in python.
    Can anyone suggest me, how to connect to autonomous database using fn .

    Thanks 

     

  • John K
    Deploying a basic node app to the cloudAnswered65.0
    Topic posted September 6, 2019 by John KGreen Ribbon: 100+ Points, tagged Containers, Docker, Kubernetes 
    Title:
    Deploying a basic node app to the cloud
    Content:

    Apologies for the basic question but I just signed up for a trial cloud account and want to deploy a simple hello world node app to the cloud. Even Oracle's documentation seems dated as everything I find online references Application Container Cloud which I don't see in my list of trial account applications. Nor do I see anything related to Container Cloud. Does anyone have a tutorial or how-to doc that I could follow to learn how to deploy a simple node app. Thanks in advance for pointing me in the right direction.

    Image:
  • Olivier Maurice
    Security problem on FSS hosted volume3
    Topic posted May 29, 2019 by Olivier MauriceRed Ribbon: 250+ Points, tagged Kubernetes 
    Title:
    Security problem on FSS hosted volume
    Summary:
    Some pods give a security problem when accessing FSS hosted exports
    Content:

    Hi,

    Not new to Kubernetes but also not an expert. The setting: a Kubernetes cluster (OKE) with the storage behind the PV and PVC residing on File Storage Service (FSS).

    When making a deployment based on Alpine, I can perfectly mount and use the volume in the pod.

    However, when switching to some more meaningful stuff, say MySQL or my latest try Prometheus, I just cannot make it fly. None of these containers can work with the export. In all cases the PV and PVC are bound.

    This is something security - related but I just can't figure it out. I have been squashing the root or all users to 1 or something in the 65K, nothing seemed to help.
    Also defined security context on pod level, to no avail. I am missing something, but it is clear I do not know what.

     

    What I have in place:

    Storageclass

    kind: StorageClass
    apiVersion: storage.k8s.io/v1beta1
    metadata:
      name: oci-fss
    provisioner: oracle.com/oci-fss
    parameters:
      mntTargetId: ocid1.mounttarget.oc1.eu_frankfurt_1.aaaa...aa
    

    PV

    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: prometheus-pv
      namespace: monitoring
      labels:
        app: prometheus
    spec:
      storageClassName: oci-fss
      capacity:
        storage: 100Gi
      accessModes:
        - ReadWriteMany
      mountOptions:
        - nosuid
      persistentVolumeReclaimPolicy: Delete # Reclaim policies are defined below
      nfs:
        # Replace this with the IP of your FSS file system in OCI
        server: 10.100.0.3
        # Replace this with the Path of your FSS file system in OCI
        path: "/k8s-prometheus"
        readOnly: false
    

     

    PVC
    
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: prometheus-pvc
      namespace: monitoring
    spec:
      storageClassName: oci-fss
      accessModes:
        - ReadWriteMany
      resources:
        requests:
        # Although storage is provided here it is not used for FSS file systems
          storage: 100Gi
      selector:
        matchLabels:
          app: prometheus
    

     

    Deployment

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: prometheus-deployment
      namespace: monitoring
    spec:
      replicas: 1
      template:
        metadata:
          labels:
            app: prometheus-server
        spec:
          containers:
            - name: prometheus
              image: prom/prometheus:v2.2.1
              args:
                - "--config.file=/etc/prometheus/prometheus.yml"
                - "--storage.tsdb.path=/prometheus/"
              ports:
                - containerPort: 9090
              volumeMounts:
                - name: prometheus-config-volume
                  mountPath: /etc/prometheus/
                - name: prometheus-storage-volume
                  mountPath: /prometheus/
          volumes:
            - name: prometheus-config-volume
              configMap:
                defaultMode: 420
                name: prometheus-server-conf
            - name: prometheus-storage-volume
              persistentVolumeClaim:
                claimName: prometheus-pvc
                readOnly: false
    

    Log output

    level=error ts=2019-05-29T07:17:48.980589701Z caller=main.go:582 err="Opening storage failed open DB in /prometheus/: open /prometheus/199323036: permission denied"
    
    level=info ts=2019-05-29T07:17:48.980731276Z caller=main.go:584 msg="See you next time!"
    
     
    Thanks for your ideas!
     
    Olivier
    Version:
    Kubernetes v1.11.5-3
  • Joydeepta Bhattacharjee
    Kafka broker in Oracle cloud event hub connectivity through...
    Topic posted August 27, 2019 by Joydeepta BhattacharjeeRed Ribbon: 250+ Points, tagged Containers, Kubernetes 
    Title:
    Kafka broker in Oracle cloud event hub connectivity through bootstrap service
    Summary:
    Microservice to connect a Kafka topic and publish message as part of Oracle event hub cloud
    Content:

    Hi Team ,

    Can any one give me a clear information around connecting a Kafka broker in a cloud event hub. The zookeeper is embedded so not able to validate connector and brokers are active or not . When the service is trying to connect thru a public Internet Url of a Cloud Event Hub - Dedicated service it's timing out

     

  • Raju Addala
    Not able to access a webservice that is exposed as a public...
    Topic posted July 30, 2019 by Raju Addala 
    Title:
    Not able to access a webservice that is exposed as a public service
    Summary:
    Not able to access a webservice that is exposed as a public service
    Content:

    I created a simple node.js rest webservice and deployed in OCI cloud.

    RADDALA-MAC:.kube raddala$ kubectl describe services raju

    Name:                     raju

    Namespace:                default

    Labels:                   <none>

    Annotations:              service.beta.kubernetes.io/oci-load-balancer-shape: 100Mbps

    Selector:                 app=raju

    Type:                     LoadBalancer

    IP:                       10.96.100.35

    LoadBalancer Ingress:     z.y.t.u (I masked the actual address)

    Port:                     raju  3000/TCP

    TargetPort:               3000/TCP

    NodePort:                 raju  32250/TCP

    Endpoints:                <none>

    Session Affinity:         None

    External Traffic Policy:  Cluster

    Events:

      Type    Reason                Age   From                Message

      ----    ------                ----  ----                -------

      Normal  EnsuringLoadBalancer  159m  service-controller  Ensuring load balancer

      Normal  EnsuredLoadBalancer   158m  service-controller  Ensured load balancer

     

    Problem is that I not able to access this external IP address

  • Joydeepta Bhattacharjee
    Pod to Pod communication with service name Should be...15.0
    Topic last edited July 25, 2019 by Joydeepta BhattacharjeeRed Ribbon: 250+ Points, tagged Containers, Docker, Kubernetes, Tip 
    Title:
    Pod to Pod communication with service name Should be followed with Ingress Resource to realise a decouple connection
    Summary:
    Instead of accessing IP which changes with deployment I would like to access pod deployment with service created which is not working in OCI OKE setup
    Content:

    kubectl describe services kube-dns --namespace kube-system

     

    Name:              kube-dns
    Namespace:         kube-system
    Labels:            addonmanager.kubernetes.io/mode=Reconcile
                       k8s-app=kube-dns
                       kubernetes.io/cluster-service=true
                       kubernetes.io/name=KubeDNS
    Annotations:       kubectl.kubernetes.io/last-applied-configuration:
                         {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile","k8s-app":"kube-d...
    Selector:          k8s-app=kube-dns
    Type:              ClusterIP
    IP:                10.96.5.5
    Port:              dns  53/UDP
    TargetPort:        53/UDP
    Endpoints:         10.244.1.21:53,10.244.1.23:53
    Port:              dns-tcp  53/TCP
    TargetPort:        53/TCP
    Endpoints:         10.244.1.21:53,10.244.1.23:53
    Session Affinity:  None
    Events:            <none>
    [opc@test ~]$

     

    , kubectl describe svc my-api 

    [opc@test ~]$ kubectl describe svc springbootapp-demo-service
    Name:                     springbootapp-demo-service
    Namespace:                default
    Labels:                   <none>
    Annotations:              <none>
    Selector:                 app=app
    Type:                     LoadBalancer
    IP:                       10.96.157.177
    LoadBalancer Ingress:     132.145.235.116
    Port:                     <unset>  80/TCP
    TargetPort:               8035/TCP
    NodePort:                 <unset>  30963/TCP
    Endpoints:                10.244.0.26:8035,10.244.0.27:8035,10.244.0.30:8035 + 1 more...
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:                   <none>

     

    Now  when i exec(kubectl exec -it  **Pod) to a pod and wget the other pod by FQDN it's not reached. I also connected a busy-box image to debug the kube-dns networking between pods. 

    Exec to the pod takes to prompt as  kubectl exec -it nodejs-deployment-6bffdcb99c-lf8gn sh and tried to wget below end point dummy but unreachable though IP is looked up.

     wget http://springbootapp-demo-service/demo/test
    Connecting to springbootapp-demo-service(10.96.157.177:8035)

    This has been fixed now by renaming the selector lebel in deployment yml to unique name as they are in default name space