This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# with default_log_levels=qpid=DEBUG,oslo.messaging=DEBUG,suds=DEBUG,requests.packages.urllib3.connectionpool | |
# at /etc/nova/nova.conf: | |
2015-11-17 14:05:40.980 704816 DEBUG oslo_concurrency.lockutils [-] Acquired semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:198 | |
2015-11-17 14:05:40.980 704816 DEBUG oslo_concurrency.lockutils [-] Releasing semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:211 | |
2015-11-17 14:05:40.981 704816 DEBUG oslo_concurrency.lockutils [req-a869c724-1d04-4e81-a55a-98e7148941d2 - - - - -] Acquired semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:198 | |
2015-11-17 14:05:40.981 704816 DEBUG oslo_concurrency.lockutils [req-a869c724-1d04-4e81-a55a-98e7148941d2 - - - - -] Releasing semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:211 | |
2015-11-17 14:05:40.981 704816 INFO oslo_service.service [req-a869c724-1d04-4e81- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/apparmor.d/lxc/lxc-default-with-netns | |
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which | |
# will source all profiles under /etc/apparmor.d/lxc | |
profile lxc-container-default-with-netns flags=(attach_disconnected,mediate_deleted) { | |
#include <abstractions/lxc/container-base> | |
#include <abstractions/lxc/start-container> | |
# - onetime mount, if /run/netns was not mounted yet: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from __future__ import print_function | |
import sys | |
from cliff import app | |
from cliff import command | |
from cliff import commandmanager | |
from keystoneauth1.identity import v3 | |
from keystoneauth1 import session |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://gist.github.com/jjo/3777dda2e9933a3017094d3be1a84f6b | |
Deploy kubeless controller with system:serviceaccount:kubeless:kubeless-ctl | |
instead of system:serviceaccount:kubeless:default, to narrow the RBAC subject | |
for needed clusterrole perms | |
diff --git a/kubeless-0.0.16.yaml b/kubeless-0.0.16.yaml | |
index d9ce99f..c0af307 100644 | |
--- a/kubeless-0.0.16.yaml | |
+++ b/kubeless-0.0.16.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://gist.github.com/jjo/ceb4a66c4f6f3e270a667418f74d34a2 | |
# | |
# kubeless-clusterrole-min.yaml | |
# Narrow RBAC perms to mininum needed (to avoid cluster-admin's equivalent), | |
# | |
# NOTE: to narrow the subject, kubeless controller is deployed with | |
# system:serviceaccount:kubeless:kubeless-ctl | |
# instead of | |
# system:serviceaccount:kubeless:default | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ /home/jjo/work/src/github.com/ksonnet/kubecfg/kubecfg diff --diff-strategy subset kubeless-rbac.jsonnet | |
--- | |
- live ThirdPartyResource/function.k8s.io | |
+ config ThirdPartyResource/function.k8s.ioThirdPartyResource/function.k8s.io unchanged | |
--- | |
- live ClusterRole/kubeless-controller-deployer | |
+ config ClusterRole/kubeless-controller-deployerClusterRole/kubeless-controller-deployer unchanged | |
--- | |
- live ClusterRoleBinding/kubeless-controller-deployer | |
+ config ClusterRoleBinding/kubeless-controller-deployer { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ /home/jjo/work/src/github.com/ksonnet/kubecfg/kubecfg diff --diff-strategy subset kubeless-rbac.jsonnet | |
--- | |
- live ThirdPartyResource/function.k8s.io | |
+ config ThirdPartyResource/function.k8s.ioThirdPartyResource/function.k8s.io unchanged | |
--- | |
- live ClusterRole/kubeless-controller-deployer | |
+ config ClusterRole/kubeless-controller-deployerClusterRole/kubeless-controller-deployer unchanged | |
--- | |
- live ClusterRoleBinding/kubeless-controller-deployer | |
+ config ClusterRoleBinding/kubeless-controller-deployerClusterRoleBinding/kubeless-controller-deployer unchanged |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~# docker ps|sed 1d|xargs -I@ sh -c 'set @;echo = $2 =; nsenter -n -t $(docker inspect -f "{{.State.Pid}}" $1) netstat -anp' | |
= mirantis/kubeadm-dind-cluster:v1.7 = | |
Active Internet connections (servers and established) | |
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | |
tcp 0 0 127.0.0.11:34377 0.0.0.0:* LISTEN 3307/dockerd | |
udp 0 0 10.192.0.4:53 0.0.0.0:* 25869/socat | |
udp 0 0 127.0.0.11:55597 0.0.0.0:* 3307/dockerd | |
Active UNIX domain sockets (servers and established) | |
Proto RefCnt Flags Type State I-Node PID/Program name Path | |
unix 2 [ ACC ] STREAM LISTENING 359006 25346/dind_init /var/run/docker.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# docker ps|sed '1d;s,>,_,'|xargs -I@ sh -c 'set @;echo == $2;nsenter -n -t $(docker inspect -f "{{.State.Pid}}" $1) netstat -an' | |
== gcr.io/google_containers/k8s-dns-kube-dns-amd64@sha256:40790881bbe9ef4ae4ff7fe8b892498eecb7fe6dcc22661402f271e03f7de344 | |
Active Internet connections (servers and established) | |
Proto Recv-Q Send-Q Local Address Foreign Address State | |
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN | |
tcp 0 0 172.17.0.6:52640 10.0.0.1:443 ESTABLISHED | |
tcp 0 0 :::10053 :::* LISTEN | |
tcp 0 0 :::10054 :::* LISTEN | |
tcp 0 0 :::10055 :::* LISTEN | |
tcp 0 0 :::8081 :::* LISTEN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl get pod -oname|xargs -I@ -P0 sh -c 'kubectl logs -f @|sed "s|^|@: |"' | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:00:22:50 +0000] "GET / HTTP/1.1" 200 612 "-" "Wget" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:00:27:01 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:00:27:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:00:27:04 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:02:04:21 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:11:35:29 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:11:35:58 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-" | |
pods/nginx-1423793266-msmhm: 10.220.1.1 - - [11/Aug/2017:11:36:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.3 |