external access to kubernetes - docker

docker run \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
-d \
gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
/hyperkube kubelet \
--containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8080 \
--config=/etc/kubernetes/manifests \
--cluster-dns=10.0.0.10 \
--cluster-domain=cluster.local \
--allow-privileged=true --v=2
A curl localhost:8080confirms that the API is running.
But trying to access it with the host's IP like curl dockerHostIp:8080fails:
Failed to connect to ipOfDockerHost port 8080: Connection refused
How can I expose k8s to the outside? (docker-host is an ubuntu server)
As far as I understand using --net=host should solve this problem. But it does not work in this case.

When you start kubernetes with docker, you choose between two models:
--config=/etc/kubernetes/manifests
--config=/etc/kubernetes/manifests-multi.
If you look in these files, you will notice one difference: --insecure-bind-address is different.
When you use --config=/etc/kubernetes/manifests, you ask for a local access only.
You should start with --config=/etc/kubernetes/manifests-multi.
Note that:
you will need to start etcd manually when you use --config=/etc/kubernetes/manifests-multi
follow this post as docker support is not working for now

Related

Why docker container out of memory without "cpuset-cpus" parameter?

I create two containers (which provide restful API) via following docker commands.
The only one difference is "--cpuset-cpus="0" for setting specific core number.
However I found that container A will be crashed, if I submit over 150 http requests.
Then, I check the memory via "docker stats container A",
memory usage gradually increases with receiving the number of http requests,
finally container crashed.
But if I set "cpuset-cpus" argument into Container B, memory stability is not affected by http requests,
the container B will not be crashed.
Does anybody know why container will be crash without setting cpuset-cpus?
btw, my server has 32 cores cpu and 512gb.
Container A:
docker run \
-d \
-e PYTHONPATH=/app/custom_component:$PYTHONPATH \
-v /home/hibot_agents/proj.1845.cache:/app:rw \
--name test_1845 \
--memory="512M" \
--memory-swap="1g" \
--cpus="0.25" \
--network="chatbot-network" \
images/chatbot-server:2.0.0-full \
rasa run --enable-api --endpoints endpoints.yml -vv
Container B:
docker run \
-d \
-e PYTHONPATH=/app/custom_component:$PYTHONPATH \
-v /home/hibot_agents/proj.1845.cache:/app:rw \
--name test_1845 \
--memory="512M" \
--memory-swap="1g" \
--cpus="0.25" \
--cpuset-cpus="0" \
--network="chatbot-network" \
images/chatbot-server:2.0.0-full \
rasa run --enable-api --endpoints endpoints.yml -vv

Image could not be accessed on a registry to record

I am trying to create a hadoop master service but I get this error
image hamza/hadoop:2.7.4 could not be accessed on a registry to record
its digest. Each node will access hamza/hadoop:2.7.4 independently,
possibly leading to different nodes running different
versions of the image
the service I'm trying to create
docker service create \
--with-registry-auth \
--name hadoop-master \
--network swarm-net \
--hostname hadoop-master \
--constraint node.role==manager \
--replicas 1 \
--detach=true \
--endpoint-mode dnsrr \
--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
--mount type=bind,source=/data/hadoop/config,target=/config/hadoop \
--mount type=bind,source=/data/hadoop/hdfs/master,target=/tmp/hadoop-root \
--mount type=bind,source=/data/hadoop/logs/master,target=/usr/local/hadoop/logs \
hamza/hadoop:2.7.4
any help please ?

Pass flag to cAdvisor with docker

I am running cAdvisor using the following code as instructed here:
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8080:8080 \
--detach=true \
--name=cadvisor \
google/cadvisor:latest
I need to pass the following flag to cAdvisor as suggested in this answer:
--enable_load_reader=true
How do I pass that flag to cAdvisor?
The google/cadvisor container behaves like the binary itself, therefore you can just append the option to the end of the docker run ... command.
You would also like to add the --net host option to your docker run command as noted here:
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8080:8080 \
--detach=true \
--net host \
--name=cadvisor \
google/cadvisor:latest \
--enable_load_reader=true

Issue in connecting ksql with kafka of confluent version 3.3.0 in docker

I am setting up ksql-cli with confluent version 3.3.0 in following way
#zookeper
docker run -d -it \
--net=host \
--name=zookeeper \
-e ZOOKEEPER_CLIENT_PORT=32181 \
confluentinc/cp-zookeeper:3.3.0
#kafka
docker run -d \
--net=host \
--name=kafka \
-e KAFKA_ZOOKEEPER_CONNECT=localhost:32181 \
-e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:29092 \
-e KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
confluentinc/cp-kafka:3.3.0
#schema-registry
docker run -d \
--net=host \
--name=schema-registry \
-e SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=localhost:32181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://localhost:8081 \
confluentinc/cp-schema-registry:3.3.0
i am running ksql-cli docker image in following manner
docker run -it \
--net=host \
--name=ksql-cli \
-e KSQL_CONFIG_DIR="/etc/ksql" \
-e KSQL_LOG4J_OPTS="-Dlog4j.configuration=file:/etc/ksql/log4j-rolling.properties" \
-e STREAMS_BOOTSTRAP_SERVERS=localhost:29092 \
-e STREAMS_SCHEMA_REGISTRY_HOST=localhost \
-e STREAMS_SCHEMA_REGISTRY_PORT=8081 \
confluentinc/ksql-cli:0.5
when i am running ksql-cli by going in bash of container in folowing way
docker exec -it ksql-cli bash
and running ksql-cli in following way:
./usr/bin/ksql-cli local
It is giving me following error:
Initializing KSQL...
Could not fetch broker information. KSQL cannot initialize AdminCLient.
By default, the ksql-cli attempts to connect to the Kafka brokers on localhost:9092. It looks like your setup is using a different port, so you'll need to provide this on the command line, e.g.
./usr/bin/ksql-cli local --bootstrap-server localhost:32181
You'll probably also need to specify the schema registry port, so you may want to use a properties file, e.g. :
./usr/bin/ksql-cli local --properties-file ./ksql.properties
Where ksql.properties has:
bootstrap.servers=localhost:29092
schema.registry.url=localhost:8081
Or provide both on the command line:
./usr/bin/ksql-cli local \
--bootstrap-server localhost:29092 \
--schema.registry.url http://localhost:8081
Note, from KSQL version 4.1 onwards the commands and properties change name. ksql-cli becomes just ksql. The local mode disappears - you'll need to run a ksql-server node or two explicitly. --property-file becomes --config-file and schema.registry.url becomes ksql.schema.registry.url.

Cannot ssh to server as I install poste.io on OVH dedicated server

I'm a beginner in docker and poste.io.
I want to install poste.io with docker on my server .
Poste.io & Docker installed without problem and running fine but when my connection dropped and I try ssh to server again my connection will be timed out and cannot connect to server .
docker command :
docker run \
-p 25:25 \
-p 9925:80 \
-p 110:110 \
-p 143:143 \
-p 9926:443 \
-p 465:465 \
-p 587:587 \
-p 993:993 \
-p 995:995 \
-v /etc/localtime:/etc/localtime:ro \
-v /root/mailserver/data:/data \
--name "mailserver" \
-t analogic/poste.io

Resources