Category : google-kubernetes-engine

I’m using these docs to set up a github workflow to automatically update some docker images upon creating a release: https://docs.github.com/en/actions/guides/deploying-to-google-kubernetes-engine Now I have a service account that I used many times to push to GCR from my laptop, and it has the required permissions (storage object admin). Yet, at the publish step, I get ..

Read more

I generated a CA certificate, then issued a certificate based on it for a private registry, that located in the same GKE cluster. Put the server certificates to the private registry and the CA certificate to all GKE nodes and run: update-ca-certificates && systemctl restart docker Images are building and putting into the private registry ..

Read more

I have a cluster on GKE currently on version v1.19.9-gke.1400. Accordingly do kubernetes release notes, on 1.20 dockershim will be deprecated. My cluster is configured to auto-upgrades and in one specific application I use docker socket mapped to the application, where I run direct containers through their API. My question: In a hypothetical upgrade of ..

Read more

I am trying to implement flask-healthz (https://pypi.org/project/flask-healthz/) for my python application to get return on liveness and rediness probes. But somehow it doesn’t work for me. Below is my code snippet : from flask import Flask from flask_healthz import healthz from flask_healthz import HealthError def printok(): print("Everything is fine") app = Flask(__name__) app.register_blueprint(healthz, url_prefix="/healthz") def ..

Read more

I have a private docker registry in a google cloud k8s cluster that could be accessed only by IP. What I’ve tried to do: Wrote script to generate self-signed certificate. Use generated self-signed client key and certificate on the docker registry side. Put CA certificate on each k8s node to /etc/ssl/certs/registry-proxy-ca.pem and run systemctl restart ..

Read more

I have a kubernetes cluster in GKE. Inside the cluster there is an private docker registry service. A certificate for this service is generated inside a docker image by running: openssl req -x509 -newkey rsa:4096 -days 365 -nodes -sha256 -keyout /certs/tls.key -out /certs/tls.crt -subj "/CN=registry-proxy" When any pod that uses an image from this private ..

Read more

I am trying to run Xorg server that use GPU inside Google Kubernetes Engine I followed this guide (https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#ubuntu) to setup a GKE cluster with Nvidia Testla T4 GPU. The nodes are with Ubuntu (Docker). Deployed the pod : kind: Pod metadata: name: my-gpu-pod spec: containers: – name: my-gpu-container image: nvidia/cuda:10.0-runtime-ubuntu18.04 command: ["/bin/bash", "-c", "–"] ..

Read more