openshift

Error executing rhc setup - An unexpected error occurred: invalid character at “<!doctype ”

邮差的信 提交于 2021-01-28 01:44:37
问题 After Executing > rhc setup and then entering my hostname i always get this error message Steps that i've done: 1- installed Ruby 1.9.3 2- installed rhc using gem gem install rhc 3- Executed > rhc setup 回答1: It seems that this is some kind of bug. But, there is another way to manually generate SSH public-private key pairs and upload them to OpenShift 1- Generate new SSH keys C:\> ssh-keygen It will ask you where to save the key files just press "Enter" -> this will generate key-pairs with

Allow Docker strategy in Openshift 3

旧时模样 提交于 2021-01-27 15:57:51
问题 I'm trying to understand the new OpenShift system and now we have push images to it. I know a little about Docker and I wanted to use it. I read in some places that we can chose Docker as a strategy. So basically I created an image based on httpd and a basic html file and tried to push it with the following command from the project folder: oc new-app . --strategy=docker I get this message on console: error: buildconfigs.build.openshift.io "openshift" is forbidden: build strategy Docker is not

Unable to redeploy the certificates post-expiry in openshift 3.11

拥有回忆 提交于 2021-01-27 13:20:46
问题 I have deployed openshift(okd) 3.11 using : https://github.com/openshift/openshift-ansible/tree/release-3.11 I would want to produce a scenario where certificates expire and test how the renewal certificates can be done. Hence I have set following variables in the inventory as 1 day(so that certificates expire quickly): openshift_hosted_registry_cert_expire_days=1 openshift_ca_cert_expire_days=1 openshift_master_cert_expire_days=1 etcd_ca_default_days=1 As expected after 1 day the oc commands

WebSockets on OpenShift do not work with remote client

柔情痞子 提交于 2021-01-27 07:40:50
问题 I have an issue that I cannot solve. I implemented a node js WebSockets server on an openshift cartridge using socket.io or WebSockets node js libraries. With any of them the result is the same. With a node js client running on the same openshift platform everything works ok. When the client is moved on my local pc the client connects and suddenly disconnects giving a 1011 internal server error. I tried using other well known clients like the echo service on WebSockets.Org or jsfiddle but the

How to solve liquibase waiting for changelog lock problem in several pods in OpenShift cluster?

 ̄綄美尐妖づ 提交于 2021-01-16 03:52:52
问题 Please say something about this problem: We are supporting several microservices written in Java using Spring Boot and deployed in OpenShift. Some microservices communacates with databases. We often run a single microservice in multiple pods in a single deployment. When each microservice starts, it starts liquibase, which tries to update the database. The problem is that sometimes one pod fails with waiting for the changelog lock issue. When for some reason this happens in production

OKD 4.6 安装经验总结 (2)

元气小坏坏 提交于 2021-01-13 14:41:18
登陆OKD 4.6的WEB界面 不是 ht tps://api.openshift.gbca.cn:6443 这个地址,这是API用的而是下面这个,虽然很长 ht tps://console-openshift-console.apps.openshift.gbca.cn/ 对于使用了本地DNS解析的计算机直接访问就可以了,如果没有使用本地的DNS,那么需要增加2条记录到hosts文件。 windows在 C:\Windows\System32\drivers\etc\hosts Linux在 /etc/hosts 192.168.11.143 api.openshift.gbca.cn 192.168.11.144 apps.openshift.gbca.cn 192.168.11.144 console-openshift-console.apps.openshift.gbca.cn 192.168.11.144 oauth-openshift.apps.openshift.gbca.cn 也就是把之前在DNS里定义的在hosts文件里再重复一遍 //必须访问这个console-openshift-console.apps.openshift.gbca.cn,然后自动跳转到oauth-openshift.apps.openshift.gbca.cn去了

OKD 4.6 安装经验总结

落爺英雄遲暮 提交于 2021-01-12 14:40:24
主要参照了官网的安装文档,先后安了好多次,最后才成功,总结如下,这是一个概要版本,给安装过并失败的朋友提醒。 事先准备如下: •提供DNS和DHCP服务的服务器 •vmware 虚拟化 建议 vSphere 6.7U3 或者7.0 (带vCenter) •用于启动安装文件-点火机 (只有linux和mac程序版本,没有windows版) 具体步骤看官网,安装过程大致分为: 1,生成和配置点火机 SSH证书 2,把vmware vCenter的首页证书导入到点火机,准备好访问vCenter的访问域名和密码 3,登陆redhat网站得到pull-secret文件 4,配置DNS解析,主要是api.openshift.gbca.cn 和 apps.openshift.gbca.cn 以及*.apps.openshift.gbca.cn泛解析 5,DHCP必须工作正常 6,开始安装。 执行安装命令:openshift-install create cluster 7,准备咖啡,等待吧 无需任何人为干涉了 。失败的原因有万千种 说明: 以下为自动生成虚拟机,默认配置如下: 1个bootstrap虚机 4CPU +16GB内存 +120GB硬盘 (成功安装后会自动删除,这是正常现象) 3个master虚机r 4CPU +16GB内存 +120GB硬盘 3个worker虚机r 2CPU

【开源村快讯】Kubernetes曝漏洞、Kata Container 发布 1.4 版本

孤者浪人 提交于 2021-01-10 17:02:34
Kubernetes曝漏洞!可取得管理员权限 近期Kubernetes爆出信息安全漏洞,Kubernetes 产品安全团队表示,近日在 Kubernetes API Server 内存在权限扩张漏洞,发现此漏洞的开发者为 Rancher 共同创办人兼首席架构师 Darren Shepherd 。 目前 Kubernetes 开发团队已经发布 V1.10.11、V1.11.5 及 V1.12.3 ,以解决该漏洞带来的风险。参与 Kubernetes 安全团队的 Google 高级工程师 Jordan Liggitt 建议,在集群内执行先前版本 Kubernetes 的企业用户,得尽速择一版本进行更新。 此漏洞编号为 CVE-2018-1002105 ,让攻击者可以发送特殊的系统请求,经由 Kubernetes API Server ,与企业内部后端服务器进行连线,借由取得 Kubernetes API Server 的认证,攻击者就能利用既有连线,任意向后端服务器发送请求。 红帽云端平台副总裁 Ashesh Badani 表示,此权限扩张漏洞的影响非常重大,可让不法人士在任何运算节点、Kubernetes Pod 取得管理员权限,黑客可以盗取机密资料、注入恶意程序码,或者瘫痪企业正式环境内的应用程序。而红帽使用 Kubernetes 作为核心调度引擎的产品线,包含容器平台

微服务的10个挑战和解决方案

北城以北 提交于 2021-01-08 01:27:46
作者:Rajiv Srivastava 翻译:mush 来源:http://mushiming.top/mushblog/archives/823 我是一名云API开发人员和架构师,目前正致力于为美国的大型零售客户提供基于Google GCP的微服务。 过渡/实施微服务给组织带来了重大挑战。基于我对生产中的微服务的曝光,我已经确定了这些挑战和解决方案。 我在2018年6月写这篇文章。目前,微服务架构尚未成熟到足以完全解决所有现有挑战,但是,开源社区和IT产品公司正试图解决所有这些未解决的问题。关于这一主题的所有新研究都是基于寻找新挑战的解决方案。 这些是微服务架构和提出的解决方案的十大挑战: 1.数据同步 – 我们使用事件源代码架构来使用异步消息传递平台解决此问题。传奇设计模式可以应对这一挑战。 2.安全性 – API网关可以解决这些挑战。Kong非常受欢迎,并且是开源的,并且正在被许多公司用于生产。还可以使用JWT令牌,Spring Security和Netflix Zuul / Zuul2为API安全性开发自定义解决方案。还有企业解决方案,如Apigee和Okta(两步认证)。Openshift用于公共云安全的顶级功能,如基于Red Hat Linux Kernel的安全性和基于命名空间的app-to-app安全性。 3.版本控制 –

multi master OKD-3.11 setup fails if master-1 nodes is down

风格不统一 提交于 2021-01-05 08:58:26
问题 I am trying to install multi-master openshift-3.11 setup in openstack VMs as per the inventory file present in the official documentation. https://docs.openshift.com/container-platform/3.11/install/example_inventories.html#multi-masters-single-etcd-using-native-ha OKD Version [centos@master1 ~]$ oc version oc v3.11.0+62803d0-1 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://master1.167.254.204.74.nip.io:8443 openshift v3.11.0+ff2bdbd-531 kubernetes v1.11
订阅 openshift