profile
viewpoint
Rob Szumski robszumski Red Hat San Francisco https://robszumski.com Product Manager for OpenShift. Previously @coreos.

operator-framework/operator-lifecycle-manager 848

A management framework for extending Kubernetes with Operators

operator-framework/community-operators 328

The canonical source for Kubernetes Operators that appear on OperatorHub.io, OpenShift Container Platform and OKD.

kube-reporting/metering-operator 296

Operator metering is responsible for collecting metrics and other information about what's happening in a Kubernetes cluster, and providing a way to create reports on the collected data.

artifacthub/hub 145

Find, install and publish Kubernetes packages

operator-framework/community 11

Community organizational documentations and process for Operator Framework

robszumski/docker-libcloud-dns 3

Update DNS records with libcloud

philips/nya 1

Archive frontend code for the etcd dashboard

robszumski/docs 1

Documentation for CoreOS in markdown

robszumski/certbot 0

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

robszumski/clair 0

Vulnerability Static Analysis for Containers

push eventrobszumski/webrtc-streamer

Rob Szumski

commit sha 838cdd3582cc4af0364a00110a4a91a718e295fb

Update config.json

view details

push time in 11 days

fork robszumski/webrtc-streamer

WebRTC streamer for V4L2 capture devices, RTSP sources and Screen Capture

https://webrtc-streamer.herokuapp.com?layout=2x2

fork in 11 days

issue commentcncf/toc

[PROJECT ONBOARDING] Operator Framework

@amye Codes are on their way. We'll have some DNS records to manage in order for the site routing to keep working.

amye

comment created time in 11 days

issue commentcncf/toc

[PROJECT ONBOARDING] Operator Framework

Domain: transfer domain to CNCF/LF (ITx)

@amye I own the domain and am ready to transfer. Instructions?

Trademarks: transfer any trademark and logo mark assets over to the LF

Red Hat lawyers are preparing this now

amye

comment created time in 11 days

pull request commentopenshift/console

add utm_source parameter to Red Hat Marketplace URLs for attribution

Opened https://bugzilla.redhat.com/show_bug.cgi?id=1874901 but I forget how to link it up :)

gebhardtr

comment created time in 18 days

push eventrobszumski/openshift-channels

Eric Paris

commit sha 6352c484f3fb423ea4d21dd31b18800cc1a1457d

Do not include 'hotfix' in the entries we show in the viewer

view details

Eric Paris

commit sha 9a8223e39da740a0876253527d0929ad33ffa06f

remove the 'shadow' class when clicking off of a release

view details

Rob Szumski

commit sha c28298ce41803b611fe711ae456eeab4e5b0e253

Merge pull request #1 from eparis/minor-fixes Minor fixes

view details

push time in 25 days

PR merged robszumski/openshift-channels

Minor fixes

Ignore 'hotfix' entries in channels. Remove the 'shadow' class when clicking off of a clicked class.

+3 -1

1 comment

2 changed files

eparis

pr closed time in 25 days

pull request commentrobszumski/openshift-channels

Minor fixes

LGTM!

eparis

comment created time in 25 days

issue commentchristiannaths/redacted-font

Add fonts to the Google Web Fonts

A few years late here but would love to see this as a Google Font. Great work on the project.

mociepka

comment created time in a month

pull request commentopenshift/console

add utm_source parameter to Red Hat Marketplace URLs for attribution

Looks good to me.

gebhardtr

comment created time in a month

push eventrobszumski/nginx-for-drone

Rob Szumski

commit sha 408d899cf56a7f4d0080728cc4631446f3f037f7

Update README.md

view details

push time in 2 months

issue openedcri-o/ocicni

cri-o + kubelet can't start containers due to veth mac mismatch

Description

When running the kubelet + cri-o in "standalone" mode, aka no control plane, I see what looks like a race condition on Pod startup, with it frequently complaining that the veth mac address doesn't match the expected value.

remote_runtime.go:105] RunPodSandbox from runtime service failed: rpc error: code = Unknown desc = failed to get network status for pod sandbox k8s_nginx-combined-127.0.0.1_default_19b0558958fc9f867987740a6eb88042_2(f898a0f1feaa8e63f45eaec61a38d4f8f9cf2298cde3879c3726d2b8b0696cfe): Interface vetha38a080a Mac doesn't match: ee:7b:4d:57:3a:d9 not found

The kubelet will back off several times as it reattempts to start the Pod, and typically will eventually succeed. Other times, I will remove the Pod manifest from /etc/kubernetes/manifests and recreate it.

Steps to reproduce the issue: This is verbose, but exactly how I set up the kubelet:

  1. On Fedora Core 31

CRI-O is available as a DNF module stream. On FC31 be sure to install the latest version to circumvent this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1754170

  1. dnf -y module enable cri-o:1.16 dnf -y install crio
  2. Delete any existing CNI rm /etc/cni/net.d/*.conf
  3. Add /etc/cni/net.d/100-crio-bridge.conflist
{
  "cniVersion": "0.4.0",
  "name": "bridge-firewalld",
  "plugins": [
    {
      "type": "bridge",
      "bridge": "cni0",
      "isDefaultGateway": true,
      "isGateway": true,
      "ipMasq": true,
      "ipam": {
        "type": "host-local",
        "subnet": "10.88.0.0/16",
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ]
      }
    },
    { 
      "type": "portmap",
      "capabilities": {
	"portMappings": true
     }
    },
    {
      "type": "firewall"
    }
  ]
}
  1. dnf -y install kubernetes-node
  2. Disable docker which is brought in automatically systemctl mask docker cp /usr/lib/systemd/system/kubelet.service /etc/systemd/system/kubelet.service

Replace /etc/systemd/system/kubelet.service with crio:

 [Unit]
 Description=Kubernetes Kubelet Server
 Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-After=docker.service
-Requires=docker.service
+After=crio.service
+Requires=crio.service
 
 [Service]
 WorkingDirectory=/var/lib/kubelet
  1. systemctl daemon-reload
  2. Remove the now obsolete flag --allow-privileged from /etc/kubernetes/config that would prevent the service from starting:
 KUBE_LOG_LEVEL="--v=0"
 
 # Should this cluster be allowed to run privileged docker containers
-KUBE_ALLOW_PRIV="--allow-privileged=true"
+KUBE_ALLOW_PRIV=""
 
 # How the controller-manager, scheduler, and proxy find the apiserver
 KUBE_MASTER="--master=http://127.0.0.1:8080"
  1. Apply the below modifications to /etc/kubernetes/kubelet:
 KUBELET_HOSTNAME="--hostname-override=127.0.0.1"
 
 # Add your own!
-KUBELET_ARGS="--cgroup-driver=systemd --fail-swap-on=false"
+KUBELET_ARGS="--cgroup-driver=systemd --fail-swap-on=false --pod-manifest-path=/etc/kubernetes/manifests --container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=10m"
  1. mkdir /etc/kubernetes/manifests
  2. systemctl enable kubelet --now
  3. Drop sample Pod in /etc/kubernetes/manifests
apiVersion: v1
kind: Pod
metadata:
  name: echoserver
spec:
  containers:
    - name: nginx-combined
      image: gcr.io/google-containers/echoserver:1.10
      ports:
        - name: web
          containerPort: 8080
          hostPort: 9091
          protocol: TCP
      resources:
        limits:
          cpu: "100m"
          memory: "50Mi"

Describe the results you received:

Mar 19 16:31:17 localhost.localdomain kubelet[1166]: E0319 16:31:17.672240    1166 remote_runtime.go:105] RunPodSandbox from runtime service failed: rpc error: code = Unknown desc = failed to get network status for pod sandbox k8s_nginx-combined-127.0.0.1_default_19b0558958fc9f867987740a6eb88042_2(f898a0f1feaa8e63f45eaec61a38d4f8f9cf2298cde3879c3726d2b8b0696cfe): Interface vetha38a080a Mac doesn't match: ee:7b:4d:57:3a:d9 not found
Mar 19 16:31:17 localhost.localdomain kubelet[1166]: E0319 16:31:17.672295    1166 kuberuntime_sandbox.go:68] CreatePodSandbox for pod "nginx-combined-127.0.0.1_default(19b0558958fc9f867987740a6eb88042)" failed: rpc error: code = Unknown desc = failed to get network status for pod sandbox k8s_nginx-combined-127.0.0.1_default_19b0558958fc9f867987740a6eb88042_2(f898a0f1feaa8e63f45eaec61a38d4f8f9cf2298cde3879c3726d2b8b0696cfe): Interface vetha38a080a Mac doesn't match: ee:7b:4d:57:3a:d9 not found
Mar 19 16:31:17 localhost.localdomain kubelet[1166]: E0319 16:31:17.672322    1166 kuberuntime_manager.go:692] createPodSandbox for pod "nginx-combined-127.0.0.1_default(19b0558958fc9f867987740a6eb88042)" failed: rpc error: code = Unknown desc = failed to get network status for pod sandbox k8s_nginx-combined-127.0.0.1_default_19b0558958fc9f867987740a6eb88042_2(f898a0f1feaa8e63f45eaec61a38d4f8f9cf2298cde3879c3726d2b8b0696cfe): Interface vetha38a080a Mac doesn't match: ee:7b:4d:57:3a:d9 not found
Mar 19 16:31:17 localhost.localdomain kubelet[1166]: E0319 16:31:17.672392    1166 pod_workers.go:190] Error syncing pod 19b0558958fc9f867987740a6eb88042 ("nginx-combined-127.0.0.1_default(19b0558958fc9f867987740a6eb88042)"), skipping: failed to "CreatePodSandbox" for "nginx-combined-127.0.0.1_default(19b0558958fc9f867987740a6eb88042)" with CreatePodSandboxError: "CreatePodSandbox for pod \"nginx-combined-127.0.0.1_default(19b0558958fc9f867987740a6eb88042)\" failed: rpc error: code = Unknown desc = failed to get network status for pod sandbox k8s_nginx-combined-127.0.0.1_default_19b0558958fc9f867987740a6eb88042_2(f898a0f1feaa8e63f45eaec61a38d4f8f9cf2298cde3879c3726d2b8b0696cfe): Interface vetha38a080a Mac doesn't match: ee:7b:4d:57:3a:d9 not found"

Describe the results you expected: Pod starts the first time the kubelet attempts it.

Additional information you deem important (e.g. issue happens only occasionally): This seems to be a race condition with the veth being created because it will eventually work most of the time. I don't know how to instrument it further.

Output of crio --version:

crio -v
crio version 1.16.1
commit: "53843bd41d4bb3385c3e035bbf082e629b46f3bd-dirty"

Additional environment details (AWS, VirtualBox, physical, etc.): Fedora Core 31 on x86 workstation, no virtualization

$ /usr/bin/kubelet --version
Kubernetes v1.15.8-beta.0

created time in 2 months

push eventoperator-framework/logos

Rob Szumski

commit sha 8ff0d2a1c8f483834f915d3d0595f494878f10e9

Update README.md

view details

push time in 2 months

push eventoperator-framework/logos

Rob Szumski

commit sha 433bf0dd4de00ff017e321a2d031c4e87235945c

Add OF logos

view details

push time in 2 months

create barnchoperator-framework/logos

branch : master

created branch time in 2 months

created repositoryoperator-framework/logos

created time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 7f2b67c30a42815eb7ce884b78e8e956e47da148

Set timezone

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 06cbafa86bdfbfd0b9498df5ea0c09e443da0e66

Trap write errors

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 615eaaafef3646eccc4e5a753052553318e161fc

Fix read not using cache dir

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 9dda4ef3ae43a182dd1478ab2b33068cd39b9794

Write to cache dir

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 6a89dd6609c59a241faee984a323c25303ce7e6d

Limit decimal places

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha dcd448ca863f84f6f89202132ebd4e47ad4dbc39

Convert to string

view details

push time in 2 months

push eventrobszumski/node-docker-echo

Rob Szumski

commit sha 8ce1c350ef10b4c4c63e7fad144b4d49103e3b53

Track history

view details

push time in 2 months

pull request commentopenshift/enhancements

Generate ImageContentSourcePolicy scoped to a registry

LGTM, his sounds great to me. Very pragmatic with low risk.

mhrivnak

comment created time in 3 months

more