Hear ye! Hear ye! It’s the third Wednesday of the month, that means it’s time for Office Hours! This is our livestream where we answer technical questions from the Kubernetes community!
We’re going live in about 10m from this post, and the archive will live here in youtube, cheers:
Links from the show
Tons of links today!
Person: Mostafa Elmenbawy (https://kubernetes.slack.com/archives/C6RFQ3T5H/p1609991530274100?thread_ts=1607960423.257700&cid=C6RFQ3T5H)
Question: What is recommended for on premise production cluster spanning multiple hosts?
- Configuring HA Kubernetes cluster on bare metal servers with kubeadm. 1/3 | by Alexey Nizhegolenko | FAUN | Medium
- Kubernetes on Equinix Metal - Equinix Metal Documentation
- GitHub - tinkerbell/cluster-api-provider-tink: Cluster API Infrastructure Provider for Tinkerbell
Person: Dinesh Shanmugam
Question:I performed manual certificate renewal on my k8s master using the kubectl alpha renew all which did update all the certificates.
Post that I did a restart of my kubelet service but looks like my cluster went down. I am able to see my pods using kubectl get pods, but I am not able to schedule any new pods.
I checked on the k8s API server - docker container logs and I see the following issue:
E0118 07:30:45.697275 1 authentication.go:104] Unable to authenticate the request due to an error: [x509: certificate signed by unknown authority, x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")] (edited)
Any suggestions ?
Answer: Check systemd config files. Check individual components to confirm certs have propagated down to other services (scheduler, kubelet, etc)
Person: Achu Abebe
Question: Those of you who are CKA, would you please share some tips about the certificate? How important it is, etc…
- GitHub - walidshaari/Kubernetes-Certified-Administrator: Online resources that will help you prepare for taking the CNCF CKA 2020 "Kubernetes Certified Administrator" Certification exam. with time, This is not likely the comprehensive up to date list - please make a pull request if there something that should be added here.
Person: Pavel Malinov
Question: What is your options and thoughts on CKS ?
- GitHub - walidshaari/Certified-Kubernetes-Security-Specialist: Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
vivek kumar sahu
Question: How to run GUI applications inside running containers (Docker) ?? I am getting this error.
Person: Mostafa Elmenbawy
Question: What is the best practice to setup k8s on premise for a HA cluster of 4-8 nodes?
Question: Well, here a bomb from a newbie:
Anyone have an oprem k8s install?
and use Consul as a Service Mesh,
What do you use as a LoadBalancer?
(I can get ips from my network)
I am reading up on using MetalLB in l2 mode
Question: is the recommended CRI for future going to be containerd or cri-o ?
Person: Pavel Malinov
Question: What do you think about the Elastic license ?Does moves like can affect kubernetes future ?
- Amazon: NOT OK - why we had to change Elastic licensing | Elastic Blog
- Elasticsearch does not belong to Elastic
Question: I’m sorry I didn’t get the name of the Engineer with a lot OPA experience. What is your workflow with OPA? Pre validation of YAMLs before the can get submitted to the API server? Continuous auditing of existing workloads How do we get the JSON submitted by our workloads to OPA for validation? (I’m just reading up on OPA) in prep for CKS, but this looks like a necessity for Enterpirse k8s
- Introduction to Open Policy Agent | Rawkode Live - YouTube
- GitHub - open-policy-agent/gatekeeper-library: The OPA Gatekeeper policy library.
Person: vivek kumar sahu
Question: I am sophomore. Learning Docker & K8’s. Can you name some beginners projects using these tools.
- GitHub - yogendra/apidemo: Spring Boot API Demo
- GitHub - microservices-demo/microservices-demo: Deployment scripts & config for Sock Shop
- GitHub - GoogleCloudPlatform/microservices-demo: Sample cloud-native application with 10 microservices showcasing Kubernetes, Istio, gRPC and OpenCensus.
- GitHub - InAnimaTe/docker-steamcmd-play: A collection of ready-to-launch dedicated server images for various popular Source games.
- GitHub - kubernetes-up-and-running/kuard: Demo app for Kubernetes Up and Running book
- GitHub - spring-petclinic/spring-petclinic-microservices: Distributed version of Spring Petclinic built with Spring Cloud
- GitHub - stefanprodan/podinfo: Go microservice template for Kubernetes
- minikube start | minikube