Container FAQ (updating)

K8s FAQ

  • Probe (liveness/readiness)

ref: https://andrewlock.net/deploying-asp-net-core-applications-to-kubernetes-part-6-adding-health-checks-with-liveness-readiness-and-startup-probes/

  • Keep running pod

command: ["ping", "-t", "google.com"]
command: ["/bin/sh", "-ec", "while :; do echo 'test'; sleep 5 ; done"]
  • Add command to deployment

apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
  - name: command-demo-container
    image: debian
    command: ["printenv"]
    args: ["HOSTNAME", "KUBERNETES_PORT"]
  restartPolicy: OnFailure
  • Https (k8s ingress TLS) "default backend 404" error

    • Ans: tls secret not correct, TLS not 

  • Create TLS secret by file: .crt .key (Letsencrypt)

kubectl -n XX create secret tls tls-XXX \
  --cert=signed.crt \
  --key=domain.key
  • Create an base64 string for k8s Secret Opaque

echo -n 'password' | base64
# Or Notepad++ => MINE tool > Base64 Encode with Unix EOL

<--- sample file
apiVersion: v1
kind: Secret
metadata:
  name: your-secrets
type: Opaque
data:
  root-password: XXXXXXX
  • Clean key by patch

$ kubectl patch configmap myconfigmap --type=json -p='[{"op": "remove", "path": "/data/mykey"}]'
  • Rollback version

# List old
kubectl rollout history deployment/app
# Rollback to
kubectl rollout undo deployment/app --to-revision=2
  • Release pv (Persistent Volume) to be avaliable again.  unbind, unbound PV

kubectl edit pv PV_NAME
# Remove spec.claimRef
# Or command:
kubectl patch pv {{PV_NAME}} --type=json -p='[{"op": "remove", "path": "/spec/claimRef"}]'
  • Search and get pod name 

kubectl get pods -l app=my-app -o custom-columns=:metadata.name
  • kubectl Copy file into pod: error directory not exists or not found. 

kubectl --kubeconfig=xxx cp {{filename}} {{namespace}}/{{pod}}:/{{filename}}
# {{filename}} is needed!!
  • CronJob sample

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: jj-triggerjob
  namespace: pls-po
spec:
  schedule: "* 6 * * *"
  jobTemplate:
    spec:
      backoffLimit: 4
      template:
        spec:
          containers:
          - name: jj-triggerjob
            image: dockerhub/repo:latest
            resources:
              limits:
                cpu: 400m
                memory: 512Mi
              requests:
                cpu: 400m
                memory: 512Mi
            args:
                - /bin/sh
                - -c
                - " echo \"Running trigger job\";
                    exit_status=$(curl -X PUT jjgoodapi/api/v1/person -H \"accept: application/octet-stream\" -H \"my-trace-id: $(uuidgen)\" -H \"my-application-name: biapi-triggerjob\" -H \"my-api-key: XXXXX\" -i -d \" \" -w \"%{http_code}\");
                    if ! echo $exit_status | grep -e \"202\" -e \"406\" ; then
                        echo $exit_status;
                        echo \"Failed without status code: 202 or 406\";
                        echo \"Done trigger job\";
                        exit 1;
                    fi;
                    echo \"Passed with status code: 202 or 406\";
                    echo \"Done trigger job\";
                  "
          # imagepullsecrets:
          # - name: XXAccount
          restartPolicy: OnFailure
          nodeSelector:
            beta.kubernetes.io/os: linux
  • Unknown object type "nil"

    • error msg

error: error validating "/home/jj/deployment.yaml": error validating data: [ValidationError(Ingress.spec.tls[0].hosts): unknown object type "nil" in Ingress.spec.tls[0].hosts[0],
    • Solve: Fix wrong yaml format.

  • Apply private registry credential

kubectl create secret generic regcred \
    --from-file=.dockerconfigjson={path/to/.docker/config.json} \
    --type=kubernetes.io/dockerconfigjson

# Add to deployment (pod)
spec:
  containers:
  - name: xxx
    image: xxx
  imagePullSecrets:
  - name: regcred
  • Deployment not updating after image updated, Force deployment rolling-update

spec:
  template:
    spec:
      containers:
      - image: xxx
        imagePullPolicy: Always
  • Deployment not updating after configmap updated

    • Update label to trigger deployment rolling update

metadata:
  labels:
    configmap-version: 1

K8s dashboard

  • Paste string to EXEC UI

    • ctrl-shift-v

  • Login issue: namespace change to default

    • Solution: type it back at uri

  • Login issue: exec into pod via Firefox will redirect back to k8s portal.

    • Sol: Use other browsers.

DockerHub

  • Always get handshake fail when `docker pull`  

    • Solution:

      Login DockerHub with the account which has no email address.

  • Download image fail: Authentication fail 401

  • Check the files permission in docker image

    docker run –rm -ti –entrypoint sh jj/docker-stacks -c "ls -alF /usr/local/bin/" 

Docker

  • Switch user

Dockerfile
---
FROM tw.registry.trendmicro.com/ik8s/win-dotnetcore-runtime:3.1-nanoserver-1809
USER "ContainerAdministrator"
  • Force delete pod

kubectl -n yyy delete pods xxxx --force --grace-period 0
  • Docker with GrayLog

  • Unable to start container by docker-compose

    • Msg: "UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)"

    • Ans: ` sudo service docker restart`

  • [Character in Dockerfile]: " will be split by space 

in echo " xxx string " > file.txt

# result: file.txt
# xxx
# string
  • [Character in Dockerfile]: " will be remove inside ' "xxx" '

echo ' "xxx string" ' > file.txt

# result: file.txt
#  xxx string
  • [Cronjob] – Clean container&image daily at mid-night

# Clean container
0 0 * * * docker rm -f $(docker ps -aq)
# Clean image without baseImage
0 5 * * * docker image prune -f; docker rmi -f $(docker images | awk '/^[^m][^c][^r]*/{ print $3 }')
0 5 * * * docker rmi -f $(docker images | awk '$1 !~/ik8s/{ print $3 }')
0 5 * * * docker image prune -f --filter="dangling=true"; docker image prune -f --all --filter until=168h

# Clean all unused build cache
docker builder prune -a
# Clean all
docker system prune -a
# Clean image older than 48h
docker image prune -f --all --filter until=48h
# Clean dangling images
docker rmi $(sudo docker images -f "dangling=true" -q)
  • Not enough memory to start Docker on Windows

    • Modify `C:\Program Files\Docker\Docker\resources\MobyLinux.ps1` and change `$Memory = 512`  MB as you want

  • Install with `sudo` but `docker run` without it,  got error: "docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.See 'docker run –help'.".

sudo groupadd docker
sudo usermod -aG docker $USER  # Add user into group

Ref: https://docs.docker.com/install/linux/linux-postinstall/#manage-docker-as-a-non-root-user
docker login  # Yes, login first
  • Windows 10: Change docker images and any stuff to another folder, notice that the slash and case of character.

-- C:\ProgramData\docker\config\daemon.json --
{
  "registry-mirrors": [],
  "insecure-registries": [],
  "debug": true,
  "experimental": false,
  "graph":"D:\\ProgramData\\docker"
}
  • docker: Error response from daemon: driver failed programming external connectivity on endpoint

    • Restart docker

  • The SPA default page middleware could not return the default page '/index.html' because it was not found, and no other middleware handled the request.

  • mkdir /host_mnt/c: file exists.

    • Re-apply Shared Drive in docker-Desktop.

Docker compose

  • Setting up network mode (avoid IP not found)

version: '3.1'

services:
  zookeeper-1:
    image: zookeeper:3.4.13
    container_name: zk
    network_mode: bridge
  • Docker IP not match

# Check docker container IP
docker network inspect XXX

# Rebuild network (restart not working)
docker-compose down
docker-compose up

PS. docker-compose restart <- won't rebuild
  • ERROR: client version 1.22 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version

--- docker-compose.yml ---
version: '2.1'
...

2 Comments

Leave a Reply

Your email address will not be published.


*