Skip to content

Instantly share code, notes, and snippets.

View danehans's full-sized avatar

Daneyon Hansen danehans

70 followers · 26 following
View GitHub Profile
@danehans
danehans / new oc explain
Last active June 24, 2019 19:37
oc explain sec api
$ oc explain ingresscontrollers.spec.securitySpec.profile
KIND: IngressController
VERSION: operator.openshift.io/v1
RESOURCE: profile <Object>
DESCRIPTION:
profile defines the schema for a security profile.
FIELDS:
@danehans
danehans / dns_repro.md
Last active May 3, 2019 19:35
repro dns upgrade issue.

Disable the CVO

oc scale --replicas 0 -n openshift-cluster-version deployments/cluster-version-operator

Uninstall openshift-dns-operator

oc patch dns.operator/default --patch '{"metadata":{"finalizers": []}}' --type=merge
oc delete --force --grace-period 0 dns.operator/default
oc delete clusteroperator dns
@danehans
danehans / gist:9b88756571f0ba4f5ce8028d6bb476c5
Created March 15, 2019 19:38
controller_cache_not_sync_err
2019-03-15T11:08:05.923-0700 ERROR operator.init.kubebuilder.controller controller/controller.go:217 Reconciler error {"controller": "operator-controller", "request": "openshift-ingress-operator/default", "error": "failed to ensure clusteringress: failed to ensure router deployment for default: failed to update router deployment openshift-ingress/router-default: deployments.apps \"router-default\" is forbidden: caches not synchronized", "errorCauses": [{"error": "failed to ensure clusteringress: failed to ensure router deployment for default: failed to update router deployment openshift-ingress/router-default: deployments.apps \"router-default\" is forbidden: caches not synchronized"}]}
2019-03-15T11:08:06.228-0700 INFO operator.certificate-controller certificate/controller.go:97 deployment not found; will retry default cert sync {"clusteringress": "test0"}
2019-03-15T11:08:06.925-0700 INFO operator.controller controller/controller.go:87 reconciling {"request": "openshift-ingress-operator/test0"}
2019-03-15T1
@danehans
danehans / 01_default_and_tests0_clusteringresses.txt
Last active March 6, 2019 22:37
multi_ingress_route_example
$ oc get clusteringresses -n openshift-ingress-operator -o yaml
apiVersion: v1
items:
- apiVersion: ingress.openshift.io/v1alpha1
kind: ClusterIngress
metadata:
creationTimestamp: 2019-03-06T19:14:55Z
finalizers:
- ingress.openshift.io/cluster-ingress
- ingress.openshift.io/ingress-controller
@danehans
danehans / ClusterIngress_Resouce_Reconcile.md
Created February 20, 2019 00:14
ClusterIngress Resource Reconcilitaion Details

The following takes place by the cluster-ingress-operator (CIO) when a ClusterIngress resource request is created:

Example ClusterIngress resource:

func newClusterIngress(namespace, name string) *ingressv1alpha1.ClusterIngress {
	domain := "devcluster.openshift.com"
	labels := map[string]string{"node-role.kubernetes.io/worker": ""}
	ci := &ingressv1alpha1.ClusterIngress{
		TypeMeta: metav1.TypeMeta{
			APIVersion: "ingress.openshift.io/v1alpha1",
@danehans
danehans / 00_ocp_route_walk.md
Last active April 30, 2019 15:29
ocp route walk

Route Walkthrough for OCP 4 on AWS

The walkthrough uses the console route for a cluster named cluster. The route spec.host is: console-openshift-console.apps.cluster1.devcluster.openshift.com.

  1. An external client performs a DNS query for console-openshift-console.apps.cluster1.devcluster.openshift.com
  2. devcluster.openshift.com. is a hosted zone on AWS Route 53. The zone contains a record set for a subdomain (aacluster1-api.devcluster.openshift.com.) to an alias A record of the AWS ELB Public DNS name. This name is created asyncronously when the router service is created:

$ oc get svc/router-default -n openshift-ingress -o yaml

@danehans
danehans / 01_notes.md
Last active January 30, 2019 02:40
supergloo-routingrule-troubleshooting

General

@ilackarms is the creator and seems to be the only person supporting the project.

Istio Installation

Istio 1.0.3 is the supported Install version:

$ kubectl get install/istio-rtr5qn -n supergloo-system -o yaml
@danehans
danehans / istio-1.1.0-snapshot.4-multicluster-gateway-testing.md
Last active January 8, 2019 20:47
istio-1.1.0-snapshot.4 Multi-Cluster Gateway Testing

Create two k8s clusters using kind.

(Optional) If you wish to support load-balancer IP's, deploy metallb to each cluster by following the minikube tutorial. Update the metallb configmap for cluster2 so it uses a different address block. I used 198.51.100.0/24 for cluster1 and 198.51.10.0/24 for cluster2. Create static routes on the kind nodes that point to the metallb address block of the other cluster. Deploy the sample nginx app from the tutorial in each cluster and test access to the EXTERNAL-IP from the other cluster. For kind-cluster1: ip route add 198.51.101.0/24 via 172.17.0.3 dev eth0, where 172.17.0.3 is the Docker IP of kind-cluster2 (172.17.0.3). For kind-cluster2: ip route add 198.51.100.0/24 via 172.17.0.2 dev eth0.

Deploy Istio multicluster gateways using the official guide. Note: Do not use the kube-d

@danehans
danehans / serviceMesh..md
Created December 18, 2018 19:21
fedv2 high-level api
Current Primitives:
```
apiVersion: primitives.federation.k8s.io/v1alpha1
kind: FederatedFoo
metadata:
name: foo
spec:
clusters:
- cluster2
- cluster1
@danehans
danehans / issue.md
Last active December 5, 2018 16:49
fed_virt_svc_override_issue

I set the override path when federating the resource:

$ kubefed2 federate enable VirtualService --override-paths=spec.hosts

The federated types for the resource look correct:

// Template
$ kubectl get federatedvirtualservices -o yaml