lab 6.6 Num 2 -load balancer external ip shown as pending
And when i said it should describe the service, the service had no endpoints. I created the service like this:
kubectl create service loadbalancer reviewsix --tcp=80
Was that the wrong thing to do? I was just following what was done in the previous labs
Comments
-
HI @ashdev,
There are other methods to expose a Deployment with a Service object, which may be better suited for this scenario. You can find those in prior labs as well.
Regards,
-Chris0 -
@chrispokorni said:
HI @ashdev,There are other methods to expose a Deployment with a Service object, which may be better suited for this scenario. You can find those in prior labs as well.
Regards,
-ChrisBut that's what the lab asked for. Aren't the labs mimicking the CKAD exam? What if in the exam I am asked to make and use a load balancer?
0 -
Hello,
Also as there is no external load balancer waiting to receive the API call the external will always show as pending.
Regards,
0 -
Hello again,
Review the previous labs. You will find the steps to create then expose the newly created deployment. Then test that it works. If you create the service in some other manner, and it works, then you have accomplished the objective of this item.
Regards,
0 -
@serewicz said:
Hello again,Review the previous labs. You will find the steps to create then expose the newly created deployment. Then test that it works. If you create the service in some other manner, and it works, then you have accomplished the objective of this item.
Regards,
But what was used in the previous labs was a nodeport. This lab is asking for a load balancer. Are you saying I should ignore that?
@serewicz said:
Hello,Also as there is no external load balancer waiting to receive the API call the external will always show as pending.
Regards,
If there was no external load balancer then why were we asked to use it? What is the objective of this exercise?
1 -
Hello,
If you reference Chapter 2 you will find it mentions services and why they are used. As well as the three types of services ClusterIP, NodePort and LoadBalancer are mentioned. You can configure all three and test that they work, without needing an external load balancer (LB).
Should you need to troubleshoot an external LB you would need to know if your loadBalancer service is working or if the problem is with the LB. If you didn't know how to configure the loadBalancer service then how would you know what to do and what it looks like when it is not getting a response from the external LB you are trying to use?
Regards
0 -
Thank you. I just created the loadbalancer like in the expose command in previous labs.
I might not be understanding Num 8 and 9 properly. Let me say what i think they are asking me to do.
The pod created has a problem. The id of the nginx user does not match the id(specified in the security context) that can read the configuration files. We are asked to log into the container, find the id of the nginx user then go back into the security-review yaml file and replace what is specified in the security context(2100 and 3000) with the id of the nginx user. This is what i understand is being said by 8 and 9.
I tried to shell into the container to find the proper id but i can't because the pod is in an error state. What do i do?
0 -
Hello,
The idea is to fix the problem. First you must find the problem. What other commands have been covered that allow you to look at the state and the output of a non-working pod? Perhaps revisit some of the earlier material. The point of the review is to ensure you can use the information provided as necessary. Have you read chapter three Build, Testing page?
Regards,
0 -
@serewicz I used logs and following the examples in the labs for Section 6 I removed the security contexts in the pod and it was working. But I am not sure that is the solution because Num 9 Specifically says: "Edit the pod such that the securityContext is in place and allows the web server to read the proper configuration files"
If what it is saying is what i'm thinking, then the pod should work with security context in place and not without. Am I on the right track with that line of thinking?0 -
Hello,
As you look at the pod logs you should note what the application requires. For example, let's say as a developer you make an update applicationA, which now needs a UID of 4153 to run. All the files are owned by that UID, SELinux settings and so forth. So changing your application is not the easy choice. The existing pod securityContext in is set to 4100. You could A.) remove the securityContext, which could lead to a security issue, you could B.) rewrite your entire application to use the existing securityContext, OR you could C.) __________?
Regards,
0 -
Hello,
Indeed. You would have to do something to find that information. How could you find proper UID to use?
Regards,
0 -
@serewicz said:
Hello,Indeed. You would have to do something to find that information. How could you find proper UID to use?
Regards,
I am trying to use the steps here: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
I commented out the securitycontext so that the container would run as normal and then i would shell into it, run the ps command and find a uid to use. But when i tried shelling into my container, the first thing i noticed was on the command line its a hashtag not a dollar sign and the ps command does not work.0 -
Hello,
Could there be another way to figure out the nginx UID?
Regards,
0 -
Hello,
Basic commands of Linux are a prereq. For example the id command. id nginx will show you a particular output.
Regards
0 -
@serewicz
so i found the uid to be 101 for the container. I tried changing the securitycontext to that of the uid, the container was still failing. I tried adding capabailities like NET_ADMIN from lab 6.1 with the uid of the container and with the security context already there but in both instances, the container was still failing. I do not know how to go forward with making the container run with the security context in place.0 -
@serewicz
I notice the wording in my requirements are a little different for 6.6 than mentioned above and confusing.
step 8 tells me to find the user (nginx).
step 9 says "Edit the yaml and re-create the pod such that the pod runs without error."
This is nondescript and basically insinuates that I can remove any security policy from the container to achieve step 9 right?
Obviously this requires basic Linux knowledge, but the error was "/var/cache/nginx/client_temp" failed (13: Permission denied)"
Aside from adding a capability that I may be missing, I'm guessing at this point the answer is to make the user root, because upon further inspection /var/cache/nginx is owned by root.
So far I'm not sure if I've missed the answer, or wasted alot of time overlooking the answer being as obvious as it seems (one of the above mentioned solutions).1 -
@serewicz I also encountered the same problem, changed security context to be of nginx user and added all permissions that nginx user has:
add: ["CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","SETGID","SETUID","SETPCAP","NET_BIND_SERVICE"]
but it is still not working.Is there no published solutions to look at ?
0
Categories
- All Categories
- 167 LFX Mentorship
- 219 LFX Mentorship: Linux Kernel
- 798 Linux Foundation IT Professional Programs
- 356 Cloud Engineer IT Professional Program
- 180 Advanced Cloud Engineer IT Professional Program
- 82 DevOps Engineer IT Professional Program
- 149 Cloud Native Developer IT Professional Program
- 112 Express Training Courses
- 138 Express Courses - Discussion Forum
- 6.2K Training Courses
- 48 LFC110 Class Forum - Discontinued
- 17 LFC131 Class Forum
- 35 LFD102 Class Forum
- 227 LFD103 Class Forum
- 19 LFD110 Class Forum
- 39 LFD121 Class Forum
- 15 LFD133 Class Forum
- 7 LFD134 Class Forum
- 17 LFD137 Class Forum
- 63 LFD201 Class Forum
- 3 LFD210 Class Forum
- 5 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 1 LFD233 Class Forum
- 2 LFD237 Class Forum
- 23 LFD254 Class Forum
- 697 LFD259 Class Forum
- 109 LFD272 Class Forum
- 3 LFD272-JP クラス フォーラム
- 10 LFD273 Class Forum
- 154 LFS101 Class Forum
- 1 LFS111 Class Forum
- 1 LFS112 Class Forum
- 1 LFS116 Class Forum
- 1 LFS118 Class Forum
- LFS120 Class Forum
- 7 LFS142 Class Forum
- 7 LFS144 Class Forum
- 3 LFS145 Class Forum
- 1 LFS146 Class Forum
- 3 LFS147 Class Forum
- 1 LFS148 Class Forum
- 15 LFS151 Class Forum
- 1 LFS157 Class Forum
- 34 LFS158 Class Forum
- 8 LFS162 Class Forum
- 1 LFS166 Class Forum
- 1 LFS167 Class Forum
- 3 LFS170 Class Forum
- 2 LFS171 Class Forum
- 1 LFS178 Class Forum
- 1 LFS180 Class Forum
- 1 LFS182 Class Forum
- 1 LFS183 Class Forum
- 29 LFS200 Class Forum
- 736 LFS201 Class Forum - Discontinued
- 2 LFS201-JP クラス フォーラム
- 14 LFS203 Class Forum
- 102 LFS207 Class Forum
- 1 LFS207-DE-Klassenforum
- 1 LFS207-JP クラス フォーラム
- 301 LFS211 Class Forum
- 55 LFS216 Class Forum
- 48 LFS241 Class Forum
- 48 LFS242 Class Forum
- 37 LFS243 Class Forum
- 15 LFS244 Class Forum
- LFS245 Class Forum
- LFS246 Class Forum
- 50 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 155 LFS253 Class Forum
- LFS254 Class Forum
- LFS255 Class Forum
- 5 LFS256 Class Forum
- 1 LFS257 Class Forum
- 1.3K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 121 LFS260 Class Forum
- 159 LFS261 Class Forum
- 41 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 20 LFS267 Class Forum
- 25 LFS268 Class Forum
- 31 LFS269 Class Forum
- 1 LFS270 Class Forum
- 199 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- 3 LFS281 Class Forum
- 10 LFW111 Class Forum
- 261 LFW211 Class Forum
- 182 LFW212 Class Forum
- 13 SKF100 Class Forum
- 1 SKF200 Class Forum
- 1 SKF201 Class Forum
- 782 Hardware
- 198 Drivers
- 68 I/O Devices
- 37 Monitors
- 96 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 83 Storage
- 758 Linux Distributions
- 80 Debian
- 67 Fedora
- 15 Linux Mint
- 13 Mageia
- 23 openSUSE
- 143 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 348 Ubuntu
- 461 Linux System Administration
- 39 Cloud Computing
- 70 Command Line/Scripting
- Github systems admin projects
- 90 Linux Security
- 77 Network Management
- 101 System Management
- 46 Web Management
- 64 Mobile Computing
- 17 Android
- 34 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 371 Off Topic
- 114 Introductions
- 174 Small Talk
- 19 Study Material
- 806 Programming and Development
- 304 Kernel Development
- 204 Software Development
- 1.8K Software
- 211 Applications
- 180 Command Line
- 3 Compiling/Installing
- 405 Games
- 309 Installation
- 97 All In Program
- 97 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)