Skip to content

Instantly share code, notes, and snippets.

@micahhausler

micahhausler/audit.log

Last active February 23, 2017 20:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save micahhausler/641551897edc79baf476302e088f603d to your computer and use it in GitHub Desktop.
Save micahhausler/641551897edc79baf476302e088f603d to your computer and use it in GitHub Desktop.
Download ZIP
Kube-DNS SELinux
Raw
audit.log
Feb 23 19:23:04 ip-172-31-11-231.us-west-2.compute.internal audit[32554]: AVC avc: denied { open } for pid=32554 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:24:56 ip-172-31-11-231.us-west-2.compute.internal audit[10853]: AVC avc: denied { execute } for pid=10853 comm="exechealthz" name="sh" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:24:56 ip-172-31-11-231.us-west-2.compute.internal audit[10853]: AVC avc: denied { read open } for pid=10853 comm="exechealthz" path="/bin/sh" dev="overlay" ino=138907031 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:24:56 ip-172-31-11-231.us-west-2.compute.internal audit[10853]: AVC avc: denied { execute_no_trans } for pid=10853 comm="exechealthz" path="/bin/sh" dev="overlay" ino=138907031 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:25:49 ip-172-31-11-231.us-west-2.compute.internal audit[15641]: AVC avc: denied { read } for pid=15641 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Feb 23 19:27:57 ip-172-31-11-231.us-west-2.compute.internal audit[7367]: AVC avc: denied { read } for pid=7367 comm="kube2sky" name="etc-hosts" dev="xvda9" ino=541800 scontext=system_u:system_r:svirt_lxc_net_t:s0:c596,c908 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c399,c912 tclass=file permissive=1
Feb 23 19:28:04 ip-172-31-11-231.us-west-2.compute.internal audit[15691]: AVC avc: denied { read } for pid=15691 comm="dashboard" name="index.html" dev="xvdb" ino=3157475 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:28:04 ip-172-31-11-231.us-west-2.compute.internal audit[32554]: AVC avc: denied { open } for pid=32554 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:28:07 ip-172-31-11-231.us-west-2.compute.internal audit[13245]: AVC avc: denied { execute } for pid=13245 comm="exechealthz" name="ionice" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:28:07 ip-172-31-11-231.us-west-2.compute.internal audit[13245]: AVC avc: denied { read open } for pid=13245 comm="exechealthz" path="/bin/sh" dev="overlay" ino=138907031 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:28:07 ip-172-31-11-231.us-west-2.compute.internal audit[13245]: AVC avc: denied { execute_no_trans } for pid=13245 comm="exechealthz" path="/bin/sh" dev="overlay" ino=138907031 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:28:08 ip-172-31-11-231.us-west-2.compute.internal audit[6522]: AVC avc: denied { read } for pid=6522 comm="node_exporter" name="file-nr" dev="proc" ino=138907216 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:28:08 ip-172-31-11-231.us-west-2.compute.internal audit[6522]: AVC avc: denied { open } for pid=6522 comm="node_exporter" path="/proc/sys/fs/file-nr" dev="proc" ino=138907216 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:28:49 ip-172-31-11-231.us-west-2.compute.internal audit[15640]: AVC avc: denied { read } for pid=15640 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Feb 23 19:29:45 ip-172-31-11-231.us-west-2.compute.internal audit[15691]: AVC avc: denied { open } for pid=15691 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:29:45 ip-172-31-11-231.us-west-2.compute.internal audit[15690]: AVC avc: denied { read } for pid=15690 comm="dashboard" name="index.html" dev="xvdb" ino=3157475 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:29:45 ip-172-31-11-231.us-west-2.compute.internal audit[14723]: AVC avc: denied { execute } for pid=14723 comm="exechealthz" name="ionice" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:29:45 ip-172-31-11-231.us-west-2.compute.internal audit[14723]: AVC avc: denied { read open } for pid=14723 comm="exechealthz" path="/bin/sh" dev="overlay" ino=139871428 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:29:45 ip-172-31-11-231.us-west-2.compute.internal audit[14723]: AVC avc: denied { execute_no_trans } for pid=14723 comm="exechealthz" path="/bin/sh" dev="overlay" ino=139871428 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:29:49 ip-172-31-11-231.us-west-2.compute.internal audit[15641]: AVC avc: denied { read } for pid=15641 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Feb 23 19:29:54 ip-172-31-11-231.us-west-2.compute.internal audit[6491]: AVC avc: denied { read } for pid=6491 comm="node_exporter" name="file-nr" dev="proc" ino=139873131 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:29:54 ip-172-31-11-231.us-west-2.compute.internal audit[6491]: AVC avc: denied { open } for pid=6491 comm="node_exporter" path="/proc/sys/fs/file-nr" dev="proc" ino=139873131 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:31:04 ip-172-31-11-231.us-west-2.compute.internal audit[15691]: AVC avc: denied { read } for pid=15691 comm="dashboard" name="index.html" dev="xvdb" ino=3157475 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:31:04 ip-172-31-11-231.us-west-2.compute.internal audit[32555]: AVC avc: denied { open } for pid=32555 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:31:09 ip-172-31-11-231.us-west-2.compute.internal audit[1212]: AVC avc: denied { read } for pid=1212 comm="node_exporter" name="file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:31:09 ip-172-31-11-231.us-west-2.compute.internal audit[1212]: AVC avc: denied { open } for pid=1212 comm="node_exporter" path="/proc/sys/fs/file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:31:25 ip-172-31-11-231.us-west-2.compute.internal audit[16162]: AVC avc: denied { execute } for pid=16162 comm="exechealthz" name="ionice" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:31:25 ip-172-31-11-231.us-west-2.compute.internal audit[16162]: AVC avc: denied { read open } for pid=16162 comm="exechealthz" path="/bin/sh" dev="overlay" ino=140378608 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:31:25 ip-172-31-11-231.us-west-2.compute.internal audit[16162]: AVC avc: denied { execute_no_trans } for pid=16162 comm="exechealthz" path="/bin/sh" dev="overlay" ino=140378608 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:31:49 ip-172-31-11-231.us-west-2.compute.internal audit[15639]: AVC avc: denied { read } for pid=15639 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Feb 23 19:33:14 ip-172-31-11-231.us-west-2.compute.internal audit[7367]: AVC avc: denied { read } for pid=7367 comm="kube2sky" name="etc-hosts" dev="xvda9" ino=541800 scontext=system_u:system_r:svirt_lxc_net_t:s0:c596,c908 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c399,c912 tclass=file permissive=1
Feb 23 19:54:24 ip-172-31-11-231.us-west-2.compute.internal audit[6491]: AVC avc: denied { read } for pid=6491 comm="node_exporter" name="file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:54:24 ip-172-31-11-231.us-west-2.compute.internal audit[6491]: AVC avc: denied { open } for pid=6491 comm="node_exporter" path="/proc/sys/fs/file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 19:54:55 ip-172-31-11-231.us-west-2.compute.internal audit[5339]: AVC avc: denied { read } for pid=5339 comm="kube2sky" name="etc-hosts" dev="xvda9" ino=541800 scontext=system_u:system_r:svirt_lxc_net_t:s0:c596,c908 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c399,c912 tclass=file permissive=1
Feb 23 19:58:14 ip-172-31-11-231.us-west-2.compute.internal audit[15684]: AVC avc: denied { read } for pid=15684 comm="dashboard" name="index.html" dev="xvdb" ino=3157475 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 19:58:14 ip-172-31-11-231.us-west-2.compute.internal audit[15684]: AVC avc: denied { open } for pid=15684 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:04:49 ip-172-31-11-231.us-west-2.compute.internal audit[15641]: AVC avc: denied { read } for pid=15641 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Feb 23 20:04:53 ip-172-31-11-231.us-west-2.compute.internal audit[9213]: AVC avc: denied { read } for pid=9213 comm="sh" name="ionice" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:04:53 ip-172-31-11-231.us-west-2.compute.internal audit[9213]: AVC avc: denied { execute } for pid=9213 comm="sh" path="/bin/sh" dev="overlay" ino=140382737 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:04:55 ip-172-31-11-231.us-west-2.compute.internal audit[9246]: AVC avc: denied { open } for pid=9246 comm="sh" path="/bin/nslookup" dev="overlay" ino=140383698 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:04:55 ip-172-31-11-231.us-west-2.compute.internal audit[9246]: AVC avc: denied { execute_no_trans } for pid=9246 comm="sh" path="/bin/nslookup" dev="overlay" ino=140383698 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:18:54 ip-172-31-11-231.us-west-2.compute.internal audit[1212]: AVC avc: denied { read } for pid=1212 comm="node_exporter" name="file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 20:18:54 ip-172-31-11-231.us-west-2.compute.internal audit[1212]: AVC avc: denied { open } for pid=1212 comm="node_exporter" path="/proc/sys/fs/file-nr" dev="proc" ino=139888142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c320,c823 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=1
Feb 23 20:19:04 ip-172-31-11-231.us-west-2.compute.internal audit[15690]: AVC avc: denied { read } for pid=15690 comm="dashboard" name="index.html" dev="xvdb" ino=3157475 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:19:04 ip-172-31-11-231.us-west-2.compute.internal audit[32554]: AVC avc: denied { open } for pid=32554 comm="dashboard" path="/public/en/index.html" dev="overlay" ino=48298053 scontext=system_u:system_r:svirt_lxc_net_t:s0:c370,c736 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:19:39 ip-172-31-11-231.us-west-2.compute.internal audit[20780]: AVC avc: denied { execute } for pid=20780 comm="exechealthz" name="ionice" dev="xvdb" ino=2490773 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:19:39 ip-172-31-11-231.us-west-2.compute.internal audit[20780]: AVC avc: denied { read open } for pid=20780 comm="exechealthz" path="/bin/sh" dev="overlay" ino=140382737 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:19:39 ip-172-31-11-231.us-west-2.compute.internal audit[20780]: AVC avc: denied { execute_no_trans } for pid=20780 comm="exechealthz" path="/bin/sh" dev="overlay" ino=140382737 scontext=system_u:system_r:svirt_lxc_net_t:s0:c399,c912 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
Feb 23 20:19:49 ip-172-31-11-231.us-west-2.compute.internal audit[15642]: AVC avc: denied { read } for pid=15642 comm="node" name="etc-hosts" dev="xvda9" ino=541994 scontext=system_u:system_r:svirt_lxc_net_t:s0:c345,c400 tcontext=system_u:object_r:svirt_lxc_file_t:s0:c0,c138 tclass=file permissive=1
Raw
docker-inspect.sh
$ docker inspect f4db8daebc3a | jq .[0].Mounts[5]
{
"Source": "/var/lib/kubelet/pods/b54ab8ce-edbc-11e6-b0bb-02b3de8fefb3/etc-hosts",
"Destination": "/etc/hosts",
"Mode": "Z",
"RW": true,
"Propagation": "rprivate"
}
Raw
kube-dns.yaml
apiVersion: v1
kind: ReplicationController
metadata:
labels:
app: kube-dns
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
name: kube-dns
namespace: kube-system
spec:
replicas: 3
selector:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
spec:
containers:
- command:
- /usr/local/bin/etcd
- -data-dir
- /var/etcd/data
- -listen-client-urls
- http://127.0.0.1:2379,http://127.0.0.1:4001
- -advertise-client-urls
- http://127.0.0.1:2379,http://127.0.0.1:4001
- -initial-cluster-token
- skydns-etcd
image: gcr.io/google_containers/etcd-amd64:2.2.1
name: etcd
resources:
limits:
cpu: 100m
memory: 500Mi
requests:
cpu: 100m
memory: 50Mi
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs
- args:
- --kubecfg-file=/etc/kubernetes/worker-kubeconfig.yaml
- --domain=cluster.local
image: gcr.io/google_containers/kube2sky:1.14
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: kube2sky
readinessProbe:
failureThreshold: 3
httpGet:
path: /readiness
port: 8081
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 50Mi
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
name: kubeconfig
readOnly: true
- mountPath: /etc/kubernetes/ssl
name: etc-kube-ssl
readOnly: true
- args:
- -machines=http://127.0.0.1:4001
- -addr=0.0.0.0:53
- -ns-rotate=false
- -domain=cluster.local.
image: gcr.io/google_containers/skydns:2015-10-13-8c72f8c
name: skydns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 50Mi
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs
- args:
- -cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null
- -port=8080
image: gcr.io/google_containers/exechealthz:1.0
name: healthz
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs
dnsPolicy: Default
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /usr/share/ca-certificates
name: ssl-certs
- hostPath:
path: /etc/kubernetes/worker-kubeconfig.yaml
name: kubeconfig
- hostPath:
path: /etc/kubernetes/ssl
name: etc-kube-ssl
- emptyDir: {}
name: etcd-storage
Raw
kubelet.service
# /run/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=docker.service
Requires=docker.service
[Service]
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests /etc/cni/net.d /opt/cni/bin/ /var/log/containers/
ExecStartPre=/usr/bin/wget --progress dot:mega -N -P /opt/cni/bin https://github.com/projectcalico/calico-cni/releases/download/v1.5.5/calico
ExecStartPre=/usr/bin/chmod +x /opt/cni/bin/calico
ExecStartPre=/usr/bin/wget --progress dot:mega -N -P /opt/bin https://github.com/projectcalico/calico-containers/releases/download/v1.0.0/calicoctl
ExecStartPre=/usr/bin/chmod +x /opt/bin/calicoctl
ExecStartPre=/usr/bin/wget --progress dot:mega -N -P /tmp/ https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-v0.4.0.tgz
ExecStartPre=/usr/bin/tar xfz /tmp/cni-v0.4.0.tgz -C /opt/cni/bin/
Environment="RKT_OPTS=--volume=resolv,kind=host,source=/etc/resolv.conf --mount volume=resolv,target=/etc/resolv.conf \
--volume=cni,kind=host,source=/etc/cni/ --mount volume=cni,target=/etc/cni/ \
--volume var-log,kind=host,source=/var/log/ --mount volume=var-log,target=/var/log/ \
--volume=cnibin,kind=host,source=/opt/cni/bin/ --mount volume=cnibin,target=/opt/cni/bin/"
Environment=KUBELET_VERSION=v1.5.2_coreos.0
ExecStart=/usr/lib/coreos/kubelet-wrapper \
--address=0.0.0.0 \
--allow-privileged=true \
--api-servers=https://kubernetes.example.com \
--cloud-provider=aws \
--cluster-dns=10.100.0.10 \
--cluster-domain=cluster.local \
--config=/etc/kubernetes/manifests \
--container-runtime="docker" \
--enable-server=true \
--eviction-soft="imagefs.inodesFree<10%,imagefs.available<10%" \
--eviction-soft-grace-period="imagefs.inodesFree=1m,imagefs.available=1m" \
--eviction-max-pod-grace-period="30" \
--kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
--logtostderr=true \
--network-plugin-dir=/etc/cni/net.d \
--network-plugin=cni \
--node-labels=skuid.com/node-type=worker \
--port=10250
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
Raw
system-info.txt
$ ps auxZ |grep dockerd
system_u:system_r:kernel_t:s0 root 3972 6.4 1.2 2416004 200472 ? Ssl Feb08 1428:04 dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock --bip=192.168.114.1/24 --mtu=8951 --ip-masq=false --selinux-enabled
$ uname -a
Linux ip-172-31-11-231.us-west-2.compute.internal 4.7.3-coreos-r2 #1 SMP Thu Feb 2 02:26:10 UTC 2017 x86_64 Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz GenuineIntel GNU/Linux
$ cat /etc/os-release | grep VERSION
VERSION=1235.9.0
$ docker version
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.6.3
Git commit: d5236f0
Built: Thu Feb 2 02:27:34 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.6.3
Git commit: d5236f0
Built: Thu Feb 2 02:27:34 2017
OS/Arch: linux/amd64
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.3", GitCommit:"029c3a408176b55c30846f0faedf56aae5992e9b", GitTreeState:"clean", BuildDate:"2017-02-17T20:49:14Z", GoVersion:"go1.8", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:52:34Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment