Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    mys8ix khan
    @w1593950
    is that so ?
    Ian Lewis
    @ianlewis
    You don't need to remove docker or anything. It says it in the FAQ but you just need to update the --container-runtime and --container-runtime-endpoint flags set in /var/lib/kubelet/kubeadm-flags.env and restart the kubelet
    mys8ix khan
    @w1593950
    oh .. Thanks @ianlewis I tried that .. in v1.19 .. there is no /var/lib/kubelet/kubeadm-flags.env
    Ian Lewis
    @ianlewis
    Ah, I haven't tried kubeadm in 1.19
    you might check the /etc/systemd/system/kubelet.service or whatever it is to find out where the flags are now.
    mys8ix khan
    @w1593950
    Thanks .. @ianlewis ...
    kind of the got those Kubeadm-flags.env
    but not sure what to add/update 
    
vagrant@master:~$ sudo cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
vagrant@master:~$ sudo cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--cgroup-driver=cgroupfs --network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.1"
vagrant@master:~$
    could you please kindly help me update the parameters ?
    Ian Lewis
    @ianlewis
    there is no /var/lib/kubelet/kubeadm-flags.env file?
    mys8ix khan
    @w1593950
    Yes, it is there
    Ian Lewis
    @ianlewis
    Yeah, you need to edit the flags there.
    Pi dy/dx
    @pidydx
    Hello! So, the documentation has clear configuration for how to set runtime args for Docker, but it doesn't have anything for how to set runtime args (such as --network=host) when using containerd. How do you specify that when not using Docker?
    I tried putting network=host in /etc/containerd/runsc.toml under [runsc_config], but that just results in 'expected value, but found "host" instead: unknown'
    Pi dy/dx
    @pidydx
    Disregard, apparently it just needed quotes around "host"
    Marek
    @majek
    Good morning on this beautiful Monday, can I ask for status of
    google/gvisor#4060
    (we're considering writing a blog post about this, so it would be nice to have a clarified status)
    Ian Lewis
    @ianlewis
    Hey, It's in our queue to import (has some manual steps). US folks still aren't back from the weekend. I'll push it along.
    Marek
    @majek
    thanks, so no technical blockers just process. Awesome news
    chenggangqcg
    @chenggangqcg
    What companies use gVisors today? We are Chinese Ant Group, we have already deployed tens of thousands of gVisor instances in our production system.
    Yoshi Tamura
    @yoshiat
    I belive Stripe shared their story in the past. Digital Ocean recently annoucned that they use for their Multi-Tenant k8s platform
    Ian Lewis
    @ianlewis
    @chenggangqcg That's good to hear. We've heard from some companies like Digital Ocean and Stripe that they are using gVisor for various things. I suppose maybe @majek may be using it for something at Cloudflare but not sure.
    Lol, I was literally typing that out.
    Yoshi Tamura
    @yoshiat
    that was weird :)
    i just accidentaly showes up here
    we have more customers through Google products too
    I’m curious how many nodes/servers/VMs that Ant folks are using with gVisor.
    I guess that’s the largest deployment from the community
    Jianfeng Tan
    @tanjianfeng
    @yoshiat @ianlewis We'd like to write a blog about our use case near Nov 11. For those data @yoshiat is asking, we need to go through an internal review process. And if possible, we could post the blog on to gvisor.dev, as well as a summary about our almost one year's work optimization. What do you think?
    Marek
    @majek
    https://blog.cloudflare.com/diving-into-proc-pid-mem/
    Bhasker Hariharan
    @hbhasker
    Just read the article @majek . Thanks for the contributions!
    Michael Pratt
    @prattmic
    Great post @lnsp!
    Marek
    @majek
    ok, from another side - we are slowly starting a cgroupv2 discussion internally. It would be nice to get a plans for google/gvisor#3481
    Right now we use runsc/gvisor cgroup feature to separate runsc+children from our management process (which is owning the top cgroup). So I guess the same simplistic design would be useful for v2
    Bhasker Hariharan
    @hbhasker
    @lnsp could you push a new commit w/rebase on head. Looks like the current commit does not build due to some other changes. Sorry for the delay in merging
    we can get this merged today
    Robin Luk
    @lubinsz
    GREAT! I am very happy to see so many practical use cases of gVisor.
    So happy to see so many practical use cases of gVisor.
    Lennart
    @lnsp
    @hbhasker Ok, I rebased and needed to fix 2 lines. Should be fine now, thanks for the patience.
    Ghost
    @ghost~5f986adfd73408ce4ff29e11
    Hi all. Is it posible to BIND unix sockets? My application does this and I keep receiving this message:
    Unable to bind to socket '/queue/db': 'Transport endpoint is not connected'. Closing local server.
    Michael Pratt
    @prattmic
    @TomasTurina do you want to bind sandbox-internal UDS, or host UDS accessible from outside the sandbox?
    The former is definitely possible on internal tmpfs, and I thought we had a overlay to allow this on other filesystems, but that may not be enabled by default.
    Michael Pratt
    @prattmic
    The latter we don't allow to help reduce attack surface on the host. With --fsgofer-host-uds, we do allow connecting to a host UDS, which you could set up from outside the sandbox. See gvisor.dev/issue/235
    Ian Lewis
    @ianlewis
    @tanjianfeng Sure! It would be great to have a blog post about your use case.
    Ghost
    @ghost~5f986adfd73408ce4ff29e11
    Thank you for your reply @prattmic. I would like to bind sandbox-internal UDS. If possible, could you please explain me how to configure it? If not, maybe a workaround?
    Ian Lewis
    @ianlewis
    @tanjianfeng I am working on adding some basic instructions and guidelines for contributing to the blog. Let me know if you have any comments. google/gvisor#4653
    You can basically just submit a PR with your post in markdown format and we will review it.
    Jianfeng Tan
    @tanjianfeng
    @ianlewis That looks great to me. Will have a try.
    Bhasker Hariharan
    @hbhasker
    @majek @lnsp the PR has been merged.