Create a debug pod:
$ kubectl run -it --tty --rm debug --image=alpine --restart=Never -- sh -n <namespace>
Create a pod:
$ kubectl run nginx --image=nginx --port=80 --restart=Never
Create a deployment:
$ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
Change pull secret of a running cluster:
oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=pull-secret.txt
$ oc create sa clusteradmin
$ oc adm policy add-cluster-role-to-user -z clusteradmin cluster-admin
Nginx pod with customizable HTTP object length:
apiVersion: v1
kind: Pod
metadata:
name: nginxw42
namespace: nodeport
labels:
name: nginx
spec:
containers:
- name: nginx
image: quay.io/jcastillolema/nginx
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "tr -dc A-Za-z0-9 </dev/urandom | head -c 512k > /usr/share/nginx/html/index.html"]
nodeSelector:
kubernetes.io/hostname: worker004-fc640
securityContext:
privileged: true
kind: Pod
apiVersion: v1
metadata:
name: uperf
namespace: served-ns-0
spec:
containers:
- name: uperf
image: quay.io/cloud-bulldozer/uperf:latest
command: ["/bin/sh","-c"]
args: ["uperf -s -v -P 20000"]
ports:
- containerPort: 20000
securityContext:
privileged: true
nodeSelector:
kubernetes.io/hostname: worker003-fc640
apiVersion: v1
kind: Service
metadata:
name: nginx-np
namespace: nodeport
labels:
name: nginx-np
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
nodePort: 30081
externalTrafficPolicy: Local
selector:
name: nginx
$ oc get po -o yaml ovnkube-master-45gw8 -n openshift-ovn-kubernetes | grep image | head -n1
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0254ef7bc2c26538a56f4f57f140aff0d101b896b0702d76653d6ec4ad7056dd
$ oc scale -n openshift-cluster-version deployment.apps/cluster-version-operator --replicas=0
$ oc -n openshift-network-operator set env deployment.apps/network-operator OVN_IMAGE=quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
$ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep image | head -n 1
image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
oc get nodes
oc adm cordon <node_name>
oc adm drain <node_name> --force=true
oc get machinesets -n openshift-machine-api
oc scale --replicas=1 machineset <machineset> -n openshift-machine-api
# Check active worker nodes, it would have been reduced to 1
oc get nodes
oc get machinesets
oc delete bmh <host_name> -n openshift-machine-api
- mcp
- under spec
- maxUnavailable: 50%
- under spec
[root@openshift-worker-1 /]# NAME=nginx-web-app-5dbd5f5cb5-rz7l4
[root@openshift-worker-1 /]# NAMESPACE=spk-app
[root@openshift-worker-1 /]# pod_id=$(chroot /host crictl pods --namespace ${NAMESPACE} --name ${NAME} -q)
[root@openshift-worker-1 /]# pid=$(chroot /host bash -c "runc state $pod_id | jq .pid")
[root@openshift-worker-1 /]# nsenter -n -t $pid -- ip a
apiVersion: tuned.openshift.io/v1
kind: Tuned
metadata:
name: ingress
namespace: openshift-cluster-node-tuning-operator
spec:
profile:
- data: |
[main]
summary=A custom OpenShift ingress profile
include=openshift-control-plane
[sysctl]
net.netfilter.nf_conntrack_tcp_timeout_close=10
net.netfilter.nf_conntrack_tcp_timeout_close_wait=10
name: openshift-ingress
recommend:
- match:
- label: node-role.kubernetes.io/worker
priority: 10
profile: openshift-ingress
- A number of sysctls are namespaced in today's Linux kernels
- Using sysctls in a Kubernetes Cluster
- To confirm, rsh into the pod and list i.e.:
/proc/net:
Anything not in the directory, should be consider as namespaced.sh-5.1# ls /proc/net/ anycast6 icmp ip6_mr_vif mcfilter packet rpc sockstat6 udp6 arp icmp6 ip_mr_cache mcfilter6 protocols rt6_stats softnet_stat udplite dev if_inet6 ip_mr_vif netfilter psched rt_acct stat udplite6 dev_mcast igmp ip_tables_matches netlink ptype rt_cache tcp unix dev_snmp6 igmp6 ip_tables_names netstat raw snmp tcp6 xfrm_stat fib_trie ip6_flowlabel ip_tables_targets nf_conntrack raw6 snmp6 tls_stat fib_triestat ip6_mr_cache ipv6_route nf_conntrack_expect route sockstat udp
-
Limit bandwidth:
nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms burst 2G -
tcpdump:
tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"- What and how length is determined in tcpdump
- When generating TCP packets gith a given size (i.e.: with uperf) you won't see the specific packet size in the dumps because the TCP stack aggregates TCP packets up to the MTU size (without TCP segmentation offload) and even bigger than the MTU size (with TCP segmentation offload)
- UDP generated packets will show the appropiate size in the dumps:
11:27:56.800634 IP 192.168.216.1.57293 > 10.129.2.125.33735: UDP, length 1500
-
Find NIC model:
# realpath /sys/class/net/ens2f0 /sys/devices/pci0000:97/0000:97:02.0/0000:98:00.0/net/ens2f0 # lspci | grep 98:00.0 98:00.0 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx] -
Find bandwidth usage from oc debug pod:
# watch 'ifstat | egrep "Interface|ens2f1|br-ex"' Interface RX Pkts/Rate TX Pkts/Rate RX Data/Rate TX Data/Rate ens2f1 207410 0 302468 0 198718K 0 373721K 0 br-ex 87834 0 73934 0 186289K 0 358096K 0