Created
May 17, 2018 18:20
-
-
Save cmoulliard/f05b9bc762cbab9993087b1a44aa1331 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oc describe po/webconsole-84466b9d97-zthkl | |
Name: webconsole-84466b9d97-zthkl | |
Namespace: openshift-web-console | |
Node: 192.168.99.50/192.168.99.50 | |
Start Time: Thu, 17 May 2018 20:19:08 +0200 | |
Labels: app=openshift-web-console | |
pod-template-hash=4002265853 | |
webconsole=true | |
Annotations: openshift.io/scc=anyuid | |
Status: Running | |
IP: 10.128.0.232 | |
Controlled By: ReplicaSet/webconsole-84466b9d97 | |
Containers: | |
webconsole: | |
Container ID: docker://9311b5f9267e14210770135faab0b23c613f8902f73bf702e5bf4599b3bf3a56 | |
Image: docker.io/openshift/origin-web-console:v3.9.0 | |
Image ID: docker-pullable://docker.io/openshift/origin-web-console@sha256:3ded49e9ddd052ff8a4187e60a0ba8645530d118baf9dae0412baa17845a38ba | |
Port: 8443/TCP | |
Command: | |
/usr/bin/origin-web-console | |
--audit-log-path=- | |
-v=0 | |
--config=/var/webconsole-config/webconsole-config.yaml | |
State: Waiting | |
Reason: CrashLoopBackOff | |
Last State: Terminated | |
Reason: Error | |
Exit Code: 255 | |
Started: Thu, 17 May 2018 20:19:12 +0200 | |
Finished: Thu, 17 May 2018 20:19:12 +0200 | |
Ready: False | |
Restart Count: 1 | |
Requests: | |
cpu: 100m | |
memory: 100Mi | |
Liveness: exec [/bin/sh -c if [[ ! -f /tmp/webconsole-config.hash ]]; then \ | |
md5sum /var/webconsole-config/webconsole-config.yaml > /tmp/webconsole-config.hash; \ | |
elif [[ $(md5sum /var/webconsole-config/webconsole-config.yaml) != $(cat /tmp/webconsole-config.hash) ]]; then \ | |
echo 'webconsole-config.yaml has changed.'; \ | |
exit 1; \ | |
fi && curl -k -f https://0.0.0.0:8443/console/] delay=0s timeout=1s period=10s #success=1 #failure=3 | |
Readiness: http-get https://:8443/healthz delay=0s timeout=1s period=10s #success=1 #failure=3 | |
Environment: <none> | |
Mounts: | |
/var/run/secrets/kubernetes.io/serviceaccount from webconsole-token-9wjcz (ro) | |
/var/serving-cert from serving-cert (rw) | |
/var/webconsole-config from webconsole-config (rw) | |
Conditions: | |
Type Status | |
Initialized True | |
Ready False | |
PodScheduled True | |
Volumes: | |
serving-cert: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: webconsole-serving-cert | |
Optional: false | |
webconsole-config: | |
Type: ConfigMap (a volume populated by a ConfigMap) | |
Name: webconsole-config | |
Optional: false | |
webconsole-token-9wjcz: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: webconsole-token-9wjcz | |
Optional: false | |
QoS Class: Burstable | |
Node-Selectors: node-role.kubernetes.io/master=true | |
Tolerations: node.kubernetes.io/memory-pressure:NoSchedule | |
Events: | |
Type Reason Age From Message | |
---- ------ ---- ---- ------- | |
Normal Scheduled 17s default-scheduler Successfully assigned webconsole-84466b9d97-zthkl to 192.168.99.50 | |
Normal SuccessfulMountVolume 16s kubelet, 192.168.99.50 MountVolume.SetUp succeeded for volume "webconsole-config" | |
Normal SuccessfulMountVolume 16s kubelet, 192.168.99.50 MountVolume.SetUp succeeded for volume "webconsole-token-9wjcz" | |
Normal SuccessfulMountVolume 16s kubelet, 192.168.99.50 MountVolume.SetUp succeeded for volume "serving-cert" | |
Normal Pulled 13s (x2 over 14s) kubelet, 192.168.99.50 Container image "docker.io/openshift/origin-web-console:v3.9.0" already present on machine | |
Normal Created 13s (x2 over 14s) kubelet, 192.168.99.50 Created container | |
Normal Started 13s (x2 over 14s) kubelet, 192.168.99.50 Started container | |
Warning BackOff 10s (x3 over 12s) kubelet, 192.168.99.50 Back-off restarting failed container | |
oc logs po/webconsole-84466b9d97-zthkl | |
W0517 18:19:29.287513 1 start.go:93] Warning: config.clusterInfo.loggingPublicURL: Invalid value: "": required to view aggregated container logs in the console, web console start will continue. | |
W0517 18:19:29.287608 1 start.go:93] Warning: config.clusterInfo.metricsPublicURL: Invalid value: "": required to view cluster metrics in the console, web console start will continue. | |
Error: unable to load server certificate: open /var/serving-cert/tls.crt: permission denied | |
Usage: | |
origin-web-console [flags] | |
Flags: | |
--alsologtostderr log to standard error as well as files | |
--audit-log-format string Format of saved audits. "legacy" indicates 1-line text format for each event. "json" indicates structured json format. Requires the 'AdvancedAuditing' feature gate. Known formats are legacy,json. (default "json") | |
--audit-log-maxage int The maximum number of days to retain old audit log files based on the timestamp encoded in their filename. | |
--audit-log-maxbackup int The maximum number of old audit log files to retain. | |
--audit-log-maxsize int The maximum size in megabytes of the audit log file before it gets rotated. | |
--audit-log-path string If set, all requests coming to the apiserver will be logged to this file. '-' means standard out. | |
--audit-policy-file string Path to the file that defines the audit policy configuration. Requires the 'AdvancedAuditing' feature gate. With AdvancedAuditing, a profile is required to enable auditing. | |
--audit-webhook-batch-buffer-size int The size of the buffer to store events before batching and sending to the webhook. Only used in batch mode. (default 10000) | |
--audit-webhook-batch-initial-backoff duration The amount of time to wait before retrying the first failed requests. Only used in batch mode. (default 10s) | |
--audit-webhook-batch-max-size int The maximum size of a batch sent to the webhook. Only used in batch mode. (default 400) | |
--audit-webhook-batch-max-wait duration The amount of time to wait before force sending the batch that hadn't reached the max size. Only used in batch mode. (default 30s) | |
--audit-webhook-batch-throttle-burst int Maximum number of requests sent at the same moment if ThrottleQPS was not utilized before. Only used in batch mode. (default 15) | |
--audit-webhook-batch-throttle-qps float32 Maximum average number of requests per second. Only used in batch mode. (default 10) | |
--audit-webhook-config-file string Path to a kubeconfig formatted file that defines the audit webhook configuration. Requires the 'AdvancedAuditing' feature gate. | |
--audit-webhook-mode string Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the webhook to buffer and send events asynchronously. Known modes are batch,blocking. (default "batch") | |
--config string filename containing the WebConsoleConfig | |
--contention-profiling Enable lock contention profiling, if profiling is enabled | |
--enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui | |
--log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) | |
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) | |
--log_dir string If non-empty, write log files in this directory | |
--logtostderr log to standard error instead of files (default true) | |
--profiling Enable profiling via web interface host:port/debug/pprof/ (default true) | |
--stderrthreshold severity logs at or above this threshold go to stderr (default 2) | |
-v, --v Level log level for V logs | |
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging | |
F0517 18:19:29.288355 1 console.go:35] unable to load server certificate: open /var/serving-cert/tls.crt: permission denied | |
oc get scc/anyuid -o yaml | |
allowHostDirVolumePlugin: false | |
allowHostIPC: false | |
allowHostNetwork: false | |
allowHostPID: false | |
allowHostPorts: false | |
allowPrivilegedContainer: false | |
allowedCapabilities: null | |
allowedFlexVolumes: null | |
apiVersion: security.openshift.io/v1 | |
defaultAddCapabilities: null | |
fsGroup: | |
type: RunAsAny | |
groups: | |
- system:cluster-admins | |
- system:authenticated | |
kind: SecurityContextConstraints | |
metadata: | |
annotations: | |
kubernetes.io/description: anyuid provides all features of the restricted SCC | |
but allows users to run with any UID and any GID. | |
creationTimestamp: 2018-05-17T07:19:55Z | |
name: anyuid | |
resourceVersion: "25079" | |
selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/anyuid | |
uid: b2e4c454-59a2-11e8-aeee-0800278500b8 | |
priority: 10 | |
readOnlyRootFilesystem: false | |
requiredDropCapabilities: | |
- MKNOD | |
runAsUser: | |
type: RunAsAny | |
seLinuxContext: | |
type: MustRunAs | |
supplementalGroups: | |
type: RunAsAny | |
users: | |
- system:serviceaccount:openshift-web-console:webconsole | |
volumes: | |
- configMap | |
- downwardAPI | |
- emptyDir | |
- persistentVolumeClaim | |
- projected | |
- secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment