I am in K8S, trying my best to explain the issue here
I have followed this link to complete the installation
1 https://open-policy-agent.github.io/gatekeeper/website/docs/install
2 deploy gatekeeper by using
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.8/deploy/gatekeeper.yaml
3 deploy constraint template
install gatekeeper library gatekeeper-library/library/pod-security-policy/
select a directory (eg: apparmor)
run Kubectl apply -f template.yaml
4 under the apparmor it has a sample folder containing constraint.yaml
run Kubectl apply -f constraint.yaml
I got the error below
Error message:
error: timed out waiting for the condition on deployments/gatekeeper-controller-manager
constrainttemplate.templates.gatekeeper.sh/k8spspapparmor created
error: unable to recognize "samples/psp-apparmor/constraint.yaml": no matches for kind "K8sPSPAppArmor" in version "constraints.gatekeeper.sh/v1beta1"
However, if wait for 1 minute at step 3, then it will success no error.
Assume the command is running fine, but takes time to complete the work. Is there a way to query the command status before the command to be executed?
I have found there is command kubectl wait -- but not sure how to use it.
Thanks in advance!
Related
I have some Pods that are running some Python programs. Initially I'm able to execute simple commands into the Pods. However after some time (maybe hours?) I start to get the following error:
$ kubectl exec -it mypod -- bash
error: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "37a9f1042841590e48e1869f8b0ca13e64df02d25458783e74d8e8f2e33ad398": OCI runtime exec failed: exec failed: unable to start container pr
ocess: open /dev/pts/0: operation not permitted: unknown
If I restart the Pods, then this clears the condition. However, I'd like to figure out why this happening to avoid having to restart Pods each time.
The Pods are running a simple Python script, and the Python program is still running as normal (kubectl logs shows what I expect).
Also, I'm running K3s for Kubernetes across 4 nodes (1 master, 3 workers). I noticed all Pods running on certain nodes started to experience this issue. For example, initially I found all Pods running on worker2 and worker3 had this issue (but all Pods on worker1 did not). Eventually all Pods across all worker nodes start to have this problem. So it appears to be related to a condition on the node that is preventing exec from running. However restarting the Pods resets the condition.
As far as I can tell, the containers are running fine in containerd. I can log into the nodes and containerd shows the containers are running, I can check logs, etc...
What else should I check?
Why would the ability to exec stop working? (but containers are still running)
There is a couple of GitHub issues one or another from the middle of august. They said it was an SELinux issue and fixed in the runc v1.1.4. You should check your runc version and when it is below the mentioned version then update it.
Otherwise, you can disable SELinux when you aren't working in production:
setenforce 0
or when you want some more sophisticated solution, try this: https://github.com/moby/moby/issues/43969#issuecomment-1217629129
Started by user admin.
Running as SYSTEM.
Building in workspace /var/lib/jenkins/workspace/myjob
[myjob] $ /bin/sh -xe /tmp/jenkins8491647919256685444.sh
+ sudo kubectl get pods
error: the server doesn't have a resource type "pods"
Build step 'Execute shell' marked build as failure
Finished: FAILURE
It looks to me that the authentication credentials were not set correctly. Please copy the kubeconfig file /etc/kubernetes/admin.conf to ~/.kube/config? Also check that the KUBECONFIG variable is set.
It would also help to increase the verbose level using the flag --v=99.
Please take a look: kubernetes-configuration.
I recently started working on microservices. I am building my docker image and want to deploy it on kubernetes. while creating a pod.yaml file I started getting the below error.
Command :
kubectl create -f podservice.yaml
Error :
error: the path "podcpeservice.yml" does not exist
Tried using the helpfor kubectl create -f help. An example in the help document is
command :
kubectl create -f ./pod.json
Even the above command gives the same error. Not able to figure out what is the problem. tried removing ./
I am using centos 7 on virtual-box with windows 7 as host.
Tushar,
First you need to create the deployment yml file using one of the editor, then pass the file as argument for kubectl command.
eg.
kubernets team already created this deployment file. you use kubectl to deploy.
kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml
Somehow the filename was corrupted with unseen symbol so this helped me to get over wrong naming
mv postgres-configmap.yaml\ postgres-configmap.yaml
and then it worked:
kubectl create -f postgres-configmap.yaml
configmap/postgres-config created
kubectl describe pods
logs
pods logs
logs
command:
- bundle exec unicorn -c config/unicorn/production.rb -E production
The container can't start on k8s and some errors occured .
But when I exec
docker run -d image [CMD]
The container works well.
"command" is an array, so each argument has to be a separate element, not all on one line
For anyone else running into this problem:
make sure the gems (including unicorn) are actually installed in the volume used by the container. If not, do a bundle install.
Another reason for this kind of error could be that the directory specified under working_dir (in the docker-compose.yml) does not exist (see Misleading error message "ERROR: Container command not found or does not exist.").
I've successfully pushed my Docker container image to gcr.io with the following command:
$ gcloud docker push gcr.io/project-id-123456/my-image
But when I try to create a new pod I get the following error:
$ kubectl run my-image --image=gcr.io/project-id-123456/my-image
CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS
my-image my-image gcr.io/project-id-123456/my-image run=my-image 1
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
my-image-of9x7 0/1 Error pulling image (latest) from gcr.io/project-id-123456/my-image, Untar exit status 1 unexpected EOF 0 5m
It doesn't pull on my local as well:
$ docker rmi -f $(docker images -q) # Clear local image cache
$ gcloud docker pull gcr.io/project-id-123456/my-image:latest
…
Error pulling image (latest) from gcr.io/project-id-123456/my-image, Untar re-exec error: exit status 1: output: unexpected EOF
Can someone please suggest me how to fix this?
Ok, after digging around in the Docker code base, I think I have found some similar reports of what you are seeing.
The way this error is displayed changed in 1.7, but this thread seems related:
https://github.com/docker/docker/issues/14792
This turned me onto this fix, which landed in 1.8:
https://github.com/docker/docker/pull/15040
In particular, see this comment:
https://github.com/docker/docker/pull/15040#issuecomment-125661037
The comment seems to indicate that this is only a problem for v1 layers, so our Beta support for v2 may work around this issue.
You can push to our v2 beta via:
gcloud docker --server=beta.gcr.io push beta.gcr.io/project-id-123456/...
You can then simply change the reference in your Pod to "beta.gcr.io/..." and it will pull via v2.