• Fixing Killed: 9 Error on macOS

    2 min read

    OpenShift macOS quarantine CLI oc kubectl security

    When downloading and installing software downloaded from internet on macOS, you might encounter a frustrating "Killed: 9" error immediately after trying to run the binary. This issue is caused by macOS Gatekeeper security feature that quarantines downloaded files to protect against potentially malicious software.

    In this case we are downloading the openshift-client from RedHat, but we won't be able to run it:

    $ tar xzvf openshift-client-mac-arm64.tar.gz
x README.md
x oc
x kubectl
$ mv oc ../local/bin/
$ oc
Killed: 9

    21/07/2025

    Read more...

  • Monitoring APIRequestCount in OpenShift

    2 min read

    OpenShift APIRequestCount monitoring API usage

    Openshift provides an object that tracks the number of requests made to the Kubernetes API server. It provides insights into the load on the cluster, the performance of applications, and helps in capacity planning. By monitoring APIRequestCount, you can identify potential bottlenecks, detect unusual spikes in traffic, and optimize resource allocation.

    $ kubectl get apirequestcounts
NAME                                                                           REMOVEDINRELEASE   REQUESTSINCURRENTHOUR   REQUESTSINLAST24H
alertmanagerconfigs.v1alpha1.monitoring.coreos.com                                                6                       1706
alertmanagers.v1.monitoring.coreos.com                                                            20                      2891
apiservices.v1.apiregistration.k8s.io                                                             994                     99521
(...)

    11/07/2023

    Read more...

  • OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
NAME                          READY   STATUS             RESTARTS   AGE
router-10-rh8vf               1/1     Running            0          32m
router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid

    04/07/2023

    Read more...

  • Running tcpdump on an OpenShift cluster

    3 min read

    OpenShift tcpdump troubleshooting

    If we want to take a look at the network traffic that we get out of an OpenShift node we can use the oc debug command to spin up a privileged pod with tcpdump installed. This way we don't need to ssh into the worker node.

    22/05/2023

    Read more...

  • OpenShift: disabling the web console

    2 min read

    OpenShift web console disable openshift-console

    When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.

    26/01/2023

    Read more...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
Categories
tags related to this category
cli troubleshooting APIRequestCount Route tcpdump web-console oc-mirror Project ROSA IRSA Operator CRD EKS-connector SecurityContextConstraint CRC credentials setup