Skip to content

Instantly share code, notes, and snippets.

View egernst's full-sized avatar

Eric Ernst egernst

48 followers · 8 following
View GitHub Profile
@egernst
egernst / top-failure.md
Last active April 11, 2019 00:52

In the not-dockershim and not-CRIO normal socket path case, we are handled by the cri stats provider: https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go

The 'magic' happens in the listPodStats function

Looping over each managed container, kubelet calculates the container statics at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go#L198, then calculate a running total of the pod usage at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go#L200, and then eventually return the results.

Potential issue

Initial potential issue I noticed was that we will run into is at the top of addPodCPUMemoryStats function. The

@egernst
egernst / log using 1.4
Created April 4, 2019 00:01
apply , delete, apply
07:07 eernstworkstation containerd[108474]: time="2019-04-03T17:07:07.574461449-07:00" level=info msg="StopPodSandbox for "ef332c04e14614922647a3f19a2e2bd0852636e1078949014a82c75ca07b343c" returns successfully"
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.575452 7359 qos_container_manager_linux.go:338] [ContainerManager]: Updated QoS cgroup configuration
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.849457 7359 config.go:100] Looking for [api file], have seen map[api:{} file:{}]
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.849518 7359 kubelet.go:1995] SyncLoop (housekeeping)
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.853499 7359 kubelet_pods.go:1073] Killing unwanted pod "dind"
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.853499 7359 kubelet_pods.go:1073] Killing unwanted pod "two-containers-kata"
Apr 03 17:07:07 eernstworkstation kubelet[7359]: I0403 17:07:07.853510 7359 kubelet_pods.go:1073] Kil
@egernst
egernst / issue-1480-logs.md
Created April 3, 2019 22:27 
containerd[5344]:  level=info msg="StopContainer for "68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a" with timeout 30 (s)"
containerd[5344]:  level=info msg="Stop container "68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a" with signal terminated"
kata[21889]:  level=debug msg="sending request" ID=ac5a7b5ac24812c11253594e1bed082a668d2f3fed829b6d56fe33701e3b1c4b name=grpc.SignalProcessRequest req="container_id:\"68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a\" exec_id:\"68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a\" signal:15 " source=virtcontainers subsystem=kata_agent
containerd[5344]:  level=debug msg="sending request" ID=ac5a7b5ac24812c11253594e1bed082a668d2f3fed829b6d56fe33701e3b1c4b name=grpc.SignalProcessRequest req="container_id:\"68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a\" exec_id:\"68e4eff25a68f7c434049251f4026904141b26b387e297f5e54e2be2d7381b6a\" signal:15 " source=virtcontainers subsystem=kata_agent
k
@egernst
egernst / two-pod.yaml
Created April 3, 2019 22:01
apiVersion: v1
kind: Pod
metadata:
name: two-containers-kata-guaranteed
spec:
runtimeClassName: kata
restartPolicy: Never
volumes:
- name: shared-data
@egernst
egernst / stateful.yaml
Created March 22, 2019 22:30
stateful set example
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: test-datastore
labels:
app: test
component: test-datastore
spec:
selector:
@egernst
egernst / kata_dind.md
Last active March 12, 2019 16:46
Docker in Docker with Kata

directions as provided from Atlassian developers

Create a custom kernel

Get the code

go get github.com/kata-containers/tests
cd $GOPATH/src/github.com/kata-containers/tests/.ci
@egernst
egernst / ports.md
Last active March 11, 2019 23:06
port forward and tunneling fun

Reverse Tunneling, or "how can I access that machine that is behind another network?"

Let's say we have a few test machines sitting behind a workstation router

Assuming the 'router' will forward traffic out, we can facilitate SSH'ing 'directly' to a test machine beind the router by leveraging reverse tunneling:

ssh -f -N -R 19999:localhost:22 <username>@<users host>

where:

@egernst
egernst / lvm-dm.md
Created March 7, 2019 00:09
lvm/dm gist

LVM / DM discussion

Performance results

ext4, thin-provisioning, LVM

BenchmarkLVM/run-88 1 4464814810 ns/op 37.58 MB/s BenchmarkLVM/prepare 1 2569627045 ns/op BenchmarkLVM/write 1 1887356260 ns/op

@egernst
egernst / configuration_fc.toml
Created January 9, 2019 23:51
kata + firecracker reference configuration
# Copyright (c) 2017-2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
[hypervisor.firecracker]
path = "/opt/kata/bin/firecracker"
kernel = "/opt/kata/share/kata-containers/vmlinux.container"
image = "/opt/kata/share/kata-containers/kata-containers.img"
kernel_params = ""
@egernst
egernst / demo-magic-kata-fc-qemu-k8s
Last active January 5, 2019 06:43
demo-magic: kata+crio+k8s with FC and QEMU
#!/usr/bin/env bash
########################
# include the magic
########################
. ./demo-magic.sh
########################
# Configure the options