by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Dennis van der Veeke
    @MrDienns
    Screenshot 2019-09-13 at 19.00.56.png
    Dennis van der Veeke
    @MrDienns
    though i did notice it has two certificates in the tls.cert value, im not sure if this is normal
    Screenshot 2019-09-13 at 19.26.29.png
    Christian
    @zeeZ
    the second one is likely the intermediate
    you usually include the certificate chain up to (without) the root or whatever certificate you're confident the client has, in order for it to be able to verify the chain
    Dennis van der Veeke
    @MrDienns
    i see, so that behavior can be normal
    it has done that for all domains so i suppose it is
    though its still not serving the certificate that's been created
    Christian
    @zeeZ
    How did you check? For example I've got to restart chrome to see a certificate change
    Dennis van der Veeke
    @MrDienns
    i checked in incognito and asked some other people to check
    Dennis van der Veeke
    @MrDienns
    ah its working now, i had to mark the 443 endpoint as TLS with
            - --entryPoints=Name:https Address::443 TLS
            - --entryPoints=Name:http Address::80
            - --defaultentrypoints=https,http
    Ciaran
    @ciaranlangton

    I'm having issues with a LoadBalancer, I updated a LoadBalancer adding a port, and now the loadbalancer can no longer be ensured due to a 500 internal server error

      Normal   EnsuringLoadBalancer        35m (x102 over 8h)  service-controller  Ensuring load balancer
      Normal   EnsuringLoadBalancer        89s (x12 over 31m)  service-controller  Ensuring load balancer
      Warning  CreatingLoadBalancerFailed  89s (x12 over 31m)  service-controller  Error creating load balancer (will retry): failed to ensure load balancer for service tcpingress/tcpingress: 500 Internal Server Error: {"error":"Internal Server Error"}

    the yaml for the LoadBalancer is as follows:

    apiVersion: v1
    kind: Service
    metadata:
      name: tcpingress
      namespace: tcpingress
    spec:
      selector:
        app: tcpingress
      type: LoadBalancer
      ports:
        - name: redactedOne
          protocol: TCP
          port: 33745
          targetPort: 33745
        - name: redactedTwo
          protocol: TCP
          port: 33746
          targetPort: 33746
    Michał Frąckiewicz
    @SystemZ
    Did you try with other ports ?
    Ciaran
    @ciaranlangton
    yes, I originally had a much higher port, so I changed it down to one above the other, to no effect
    Michał Frąckiewicz
    @SystemZ
    It's strange for me that you need to expose the same port that you use internally
    Ciaran
    @ciaranlangton
    if that may be the problem, that can be changed
    Michał Frąckiewicz
    @SystemZ
    usually you would need expose port like 443 or 80, just saying
    are you trying with HTTP / HTTPS or it's something different ?
    Ciaran
    @ciaranlangton
    yeah, it's not a HTTP service, both are just TCP based applications
    Michał Frąckiewicz
    @SystemZ
    oh, ok
    Ciaran
    @ciaranlangton
    the first one is a database, which has worked fine over the LB for ~4 weeks now with no issue, but adding the second port stops the LB from being completed on OVH's end
    Michał Frąckiewicz
    @SystemZ
    some range of ports were reserved maybe you just run over them
    Ciaran
    @ciaranlangton
    yeah, I'll try some other ports and report back
    Michał Frąckiewicz
    @SystemZ
    if you leave one port it works ok ?
    Ciaran
    @ciaranlangton
    correct, the first port has been there for ~4 weeks fully functional
    Michał Frąckiewicz
    @SystemZ
    oh, maybe it's some bug or LB doesn't support more than one port, hard to tell
    Ciaran
    @ciaranlangton
    I just took the second one out now, and it ensures properly
    Normal EnsuredLoadBalancer 3s service-controller Ensured load balancer
    Yeah, I read the docs and it said that there were a maximum of 6 ports on an LB
    maybe the problem only occurs when adding new ports to an already existing LB
    since I've had other LBs with multiple ports before, just that they were initialized with that number of ports
    Michał Frąckiewicz
    @SystemZ
    yea, maybe launch just new with those ports
    if not, you should wait for some ovh team online :)
    Michał Frąckiewicz
    @SystemZ
    image.png
    I again encountered problem with adding node to my empty sandbox cluster 1b5e5c98-023e-4891-8887-2f3ac6336c64.
    When I clicked "upgrade minor version" during this freeze I've got error 500
    Thomas Coudert
    @thcdrt
    Hello @SystemZ, checking.
    The 500 error should be a 400 error instead. You can't upgrade you cluster while a node is installing
    Michał Frąckiewicz
    @SystemZ
    thx, yea I just assumed that error 500 is not desired for this edge case
    Thomas Coudert
    @thcdrt
    Yes sorry about that.. We'll fix that asap
    Hello @ciaranlangton , indeed you should be able to create LBs with 2 ports. Can you give me your cluster-id in private to allow me to dig into logs ? Thanks
    Bmagic
    @bmagic
    Hello this morning I have one of my pod in "InvalidNodeInfo" state. Any idea what could cause this kind of issue ?
    Bmagic
    @bmagic
    Ok I have some strange log message on logs metrics server :
    E0915 10:32:05.134618       1 summary.go:97] error while getting metrics summary from Kubelet node-c4260b85-c8c7-4f7d-88e9-id( [IP]:10250): Get https://[IP]:10250/stats/summary/: dial tcp [IP]2:10250: getsockopt: no route to host
    Nicolas Steinmetz
    @nsteinmetz
    @MrDienns did you check the Certificate object was celle created first ? (kubectl describe secrets/YourCertificate if I remember well ?)
    @MrDienns so all is working ? sorry I spent most of my week-end in the garden :-)
    Thomas Coudert
    @thcdrt
    Hello @bmagic , can you send me in private your cluster id and the node IP please ?
    Michał Frąckiewicz
    @SystemZ
    any tips how to get all container logs sent to ovh log data platform?
    I'm searching for something similar to this but with TLS output
    https://github.com/roffe/kube-gelf
    as far as I know, logstash doesn't support TLS for GELF protocol as input and fluentd doesn't support syslog output <facepalm>
    Joël LE CORRE
    @jlecorre_gitlab
    Hello @SystemZ Maybe this documentation can help you?
    I'm not sure if it meets your needs: https://docs.ovh.com/fr/logs-data-platform/kubernetes-fluent-bit/
    Michał Frąckiewicz
    @SystemZ
    Looks promising, I'll check it :)