• Monitoring APIRequestCount in OpenShift

    2 min read

    OpenShift APIRequestCount monitoring API usage

    Openshift provides an object that tracks the number of requests made to the Kubernetes API server. It provides insights into the load on the cluster, the performance of applications, and helps in capacity planning. By monitoring APIRequestCount, you can identify potential bottlenecks, detect unusual spikes in traffic, and optimize resource allocation.

    $ kubectl get apirequestcounts
    NAME                                                                           REMOVEDINRELEASE   REQUESTSINCURRENTHOUR   REQUESTSINLAST24H
    alertmanagerconfigs.v1alpha1.monitoring.coreos.com                                                6                       1706
    alertmanagers.v1.monitoring.coreos.com                                                            20                      2891
    apiservices.v1.apiregistration.k8s.io                                                             994                     99521


  • OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
    NAME                          READY   STATUS             RESTARTS   AGE
    router-10-rh8vf               1/1     Running            0          32m
    router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
    router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
    Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid


  • Running tcpdump on an OpenShift cluster

    3 min read

    OpenShift tcpdump troubleshooting

    If we want to take a look at the network traffic that we get out of an OpenShift node we can use the oc debug command to spin up a privileged pod with tcpdump installed. This way we don't need to ssh into the worker node.


  • Container with alpine failing to execute a file with not found

    3 min read

    docker alpine not found error

    While building a container using alpine as a base image we can get a not found error while trying to execute a file that doesn't make much sense:

    $ docker run -it test /usr/local/bin/example-app
    exec /usr/local/bin/example-app: no such file or directory


  • Using ephemeral containers

    3 min read

    kubernetes kubectl debug troubleshooting ephemeral containers

    Starting Kubernetes 1.23, ephemeral containers are enabled by default (in beta though). Using ephemeral containers we can now troubleshoot pods by deploying a temporary container into it with extra privileges or binaries to use



From pet to cattle
Treat your kubernetes clusters like cattle, not pets