Office Hours for Jan 2021

Hear ye! Hear ye! It’s the third Wednesday of the month, that means it’s time for Office Hours! This is our livestream where we answer technical questions from the Kubernetes community!

We’re going live in about 10m from this post, and the archive will live here in youtube, cheers:

EU Edition

Links from the show

Tons of links today!

Person: Mostafa Elmenbawy (https://kubernetes.slack.com/archives/C6RFQ3T5H/p1609991530274100?thread_ts=1607960423.257700&cid=C6RFQ3T5H)

Question: What is recommended for on premise production cluster spanning multiple hosts?

Answer:


Person: Dinesh Shanmugam

Question:I performed manual certificate renewal on my k8s master using the kubectl alpha renew all which did update all the certificates.
Post that I did a restart of my kubelet service but looks like my cluster went down. I am able to see my pods using kubectl get pods, but I am not able to schedule any new pods.
I checked on the k8s API server - docker container logs and I see the following issue:

E0118 07:30:45.697275       1 authentication.go:104] Unable to authenticate the request due to an error: [x509: certificate signed by unknown authority, x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")] (edited) 

Answer: Check systemd config files. Check individual components to confirm certs have propagated down to other services (scheduler, kubelet, etc)


Person: Achu Abebe

Question: Those of you who are CKA, would you please share some tips about the certificate? How important it is, etc…

Answer:


Person: Pavel Malinov

Question: What is your options and thoughts on CKS ?

Answer:


Person:
vivek kumar sahu

Question: How to run GUI applications inside running containers (Docker) ?? I am getting this error.

Answer:


Person: Mostafa Elmenbawy

Question: What is the best practice to setup k8s on premise for a HA cluster of 4-8 nodes?

Answer:


Person: mindrunner

Question: Well, here a bomb from a newbie:
Anyone have an oprem k8s install?
and use Consul as a Service Mesh,
What do you use as a LoadBalancer?
(I can get ips from my network)
I am reading up on using MetalLB in l2 mode

Answer:


Person: Long

Question: is the recommended CRI for future going to be containerd or cri-o ?

Answer:


Person: Pavel Malinov

Question: What do you think about the Elastic license ?Does moves like can affect kubernetes future ?

Answer:


Person: mindrunner

Question: I’m sorry I didn’t get the name of the Engineer with a lot OPA experience. What is your workflow with OPA? Pre validation of YAMLs before the can get submitted to the API server? Continuous auditing of existing workloads How do we get the JSON submitted by our workloads to OPA for validation? (I’m just reading up on OPA) in prep for CKS, but this looks like a necessity for Enterpirse k8s

Answer:


Person: vivek kumar sahu

Question: I am sophomore. Learning Docker & K8’s. Can you name some beginners projects using these tools.

Answer: