kata-hypervisor[694477]: cloud-hypervisor: 6.79924672s: WARN:virtio-devices/src/vsock/csm/connection.rs:306 -- vsock: error writing to local stream (lp=1073742542, pp=1024): StreamWrite(Os { code: 32, kind: BrokenPipe, message: "Broken pipe" })
kata-hypervisor[694477]: time="2020-08-20T21:28:13.118007Z" level=debug msg="new request" debug_console=true name=kata-agent pid=56 req="container_id:\"63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989\" exec_id:\"63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989\" " request=/grpc.AgentService/WaitProcess sandbox=63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989 source=agent
kata-hypervisor[694477]: time="2020-08-20T21:28:13.13044142Z" level=debug msg="request end" debug_console=true duration="4.275µs" name=kata-agent pid=56 request=/grpc.AgentService/WaitProcess resp= sandbox=63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989 source=agent
kata-hypervisor[694477]: time="2020-08-20T21:28:13.140517344Z" level
Eric Ernst egernst
egernst
/ clc-vmm-log.md
Created
August 20, 2020 21:30
egernst
/ access-k8s-publicip.md
Last active
June 17, 2020 22:58
Access kubernetes cluster via public IP
- not feasible to 'advertise address' using the public IP, since none of the rest of the control plane components can access (ie, public IP is NAT'd and not available on the actual noe)
- need to create a certificate so the public IP can access the cluster
sample kubeadm config:
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
certSANs:cgroups v2 makes use of shim-v2 (added by Akihiro): See 612343618dd7dad7cf023e6263d693ab37507a92
Today, this is set statically across the board for the daemon. What would be more ideal is if this could (also?) be selected on a per-runtime basis.
- - where are other runtime-specific flags set today in moby?
- - should this be "OR"d against the daemonset setting (which is specified based on v2, which ... actually breaks Kata... right?)
egernst
/ prometheus_fluentd_pod_monitor.md
Created
June 11, 2020 18:19
— forked from mcastelino/prometheus_fluentd_pod_monitor.md
Prometheus - POD Monitor for Fluentd
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: fluentd-es
labels:
k8s-app: fluentd-es
spec:
selector:
egernst
/ prometheus_fluentd_pod_monitor.md
Created
June 11, 2020 18:19
— forked from mcastelino/prometheus_fluentd_pod_monitor.md
Prometheus - POD Monitor for Fluentd
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: fluentd-es
labels:
k8s-app: fluentd-es
spec:
selector:
todo:
- - update Kibana object to set an antiaffinity (lack aarch64 support)
- - show example of using fluent-bit annotation to highlight what parser to use.
ECK provides a higher baseline for security out of the box, which makes most "quick-start" guides for utilizing as a sink for logging fail. This gist provides details on how to update fluent-bit quick-start guides to work with ECK, utilizing emptyDir for the ES PVC.
egernst
/ ipmi-sol.md
Created
March 4, 2020 17:51
— forked from krsna1729/ipmi-sol.md
ipmi serial over lan sol
egernst
/ Dockerfile
Created
February 20, 2020 05:08
simple replacement of the existing kube images which are part of static manifest.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM busybox | |
| ADD ./kube-scheduler /usr/local/bin/kube-scheduler | |
| ADD ./kube-apiserver /usr/local/bin/kube-apiserver | |
| ADD ./kube-controller-manager /usr/local/bin/kube-controller-manager |
Starting from scratch, we need a system with Go/make/gcc for building the k8s binaries, as well as etcd and ginkgo for facilitating running the tests.
wget https://dl.google.com/go/go1.13.7.linux-amd64.tar.gz
sudo tar -xvf go1.13.7.linux-amd64.tar.gz
sudo mv go /usr/local
# put into profile:
export GOROOT=/usr/local/goNewerOlder