If you want to prevent your docker container creating files as root, use
--user $(id -u):$(id -g)
as an argument to docker run. Example:
docker run --user $(id -u):$(id -g) -it -v $(pwd):/app myimage
26
Jun
2019
Container
18
May
2019
How to fix ‘Configuring tzdata’ interactive input when building Docker images
Often, when installing deb packages in your Dockerfile, some packages will install tzdata as a dependency.
The tzdata installer will try to interactively prompt you for your location using
Configuring tzdata ------------------ Please select the geographic area in which you live. Subsequent configuration questions will narrow this down by presenting a list of cities, representing the time zones in which they are located. 1. Africa 4. Australia 7. Atlantic 10. Pacific 13. Etc 2. America 5. Arctic 8. Europe 11. SystemV 3. Antarctica 6. Asia 9. Indian 12. US Geographic area:
This will stall your image build.
In order to fix that, we’ll need to make the tzdata prompt non-interactive.
The preferred method is to add
ENV DEBIAN_FRONTEND=noninteractive
before the first RUN statements in your Dockerfile.
Alternatively you can run just the apt install or apt-get install command using DEBIAN_FRONTEND=noninteractive:
RUN DEBIAN_FRONTEND=noninteractive apt install -y tzdata
This will automatically select a default configuration for tzdata.
30
Apr
2019
Fixing docker ‘unable to delete …- image is being used by running container’
Problem:
You want to delete a docker image using a command like
docker image rm c91b419ac445
but you see an error message like
Error response from daemon: conflict: unable to delete c91b419ac445 (cannot be forced) - image is being used by running container 3477a4dcdce2
Solution:
There is currently a container running that uses the image you are trying to delete. We will solve this issue by first stopping the container and then deleting the image
Warning: Deleting the image is dangerous since you cannot undo deleting the image ! Also note that force-stopping a running container might result in data loss if that container is doing something important !
Run these commands to stop the container and delete the image:
# Force-stop the container docker container rm --force <container ID> # Delete the image docker image rm <image ID>
Copy <container ID> from the end of your original error message (3477a4dcdce2 in my example).
Copy <image ID> from the beginning of your error message. This is the same image ID you originally intended to delete (c91b419ac445) in my example.
In my example, the command would be
# Force-stop the container docker container rm --force 3477a4dcdce2 # Delete the image docker image rm c91b419ac445
Note that there might be multiple containers running using this image, so if you keep getting a similar error message, you might need to repeat this command.
Background information:
Docker will not allow you to force-delete the image using
docker image rm c91b419ac445 --force
as you can also see from the (cannot be forced) clause of your original error message. This behaviour makes sense since the container would crash in an undefineable manner if the underlying image is deleted.
Note that we could use docker image rm --force after stopping the container but this is typically not required and might result in additional risks for other containers, e.g. if other images depend on said image. Since docker uses layered images. Read the background information section of our post Docker: Remove all images and containers to learn more about how docker images work from an image management perspective.
18
Apr
2019
How to fix Google Cloud Build ignoring .dockerignore
Problem:
You want to run a docker image build on Google Cloud Build, but the client is trying to upload a huge context image to Google Cloud even though you have added all your large directories to your .dockerignore and the build works fine locally.
Solution:
Google Cloud Build ignores .dockerignore by design – the equivalent is called .gcloudignore.
You can copy the .dockerignore behaviour for gcloud by running
cp .dockerignore .gcloudignore
02
Apr
2019
How to expand Kubernetes Physical Volume Claim (PVC)
Important note: By default, volumes will not be resized immediately but instead require a restart of the associated pod.
First, ensure that you have set allowVolumeExpansion: true for the storage class of your PVC. See our previous post on How to allow Physical Volume Claim (PVC) resize for Kubernetes storage class for more details.
We can expand the volume (named myapp-myapp-pvc-myapp-myapp-1 in this example) by running
kubectl patch pvc/"myapp-myapp-pvc-myapp-myapp-1" \
--namespace "default" \
--patch '{"spec": {"resources": {"requests": {"storage": "40Gi"}}}}'Ensure that you have replaced the name of the PVC (myapp-myapp-pvc-myapp-myapp-1 in this example) and the storage size. It’s only possible to increase the size of the volume / expand it and not to downsize / shrink it. If your size is less than the previous value, you’ll see this error message:
The PersistentVolumeClaim "myapp-myapp-pvc-myapp-myapp-1" is invalid: spec.resources.requests.storage: Forbidden: field can not be less than previous value
After running this command, the PVC will be in the FileSystemResizePending state.
In order for the update to have effect, you’ll need to force Kubernetes to re-create all the pods for your deployment. To find out how to do this, read our post on How to force restarting all Pods in a Kubernetes Deployment.
For reference, see the official documentation on expanding persistent volumes
02
Apr
2019
How to force restarting all Pods in a Kubernetes Deployment
In contrast to classical deployment managers like systemd or pm2, Kubernetes does not provide a simple restart my application command.
However there’s an easy workaround: If you chance anything in your configuration, even innocuous things that don’t have any effect, Kubernetes will restart your pods.
Consider configuring a rolling update strategy before doing this if you are updating a production application that should have minimal downtime.
In this example we’ll assume you have a StatefulSet your want to update and it’s named elasticsearch-elasticsearch. Be sure to fill in the actual name of your deployment here.
kubectl patch statefulset/elasticsearch-elasticsearch -p \
"{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"dummy-date\":\"`date +'%s'`\"}}}}}"This will just set a dummy-date annotation which does not have any effect.
You can monitor the update by
kubectl rollout status statefulset/elasticsearch-elasticsearch
Credits for the original solution idea to pstadler on GitHub.
02
Apr
2019
How to allow Physical Volume Claim (PVC) resize for Kubernetes storage class
The prerequisite for resizing a Kubernetes Physical Volume Claim is that you allow volume expansion in the storage class the PVC belongs to (standard storage class for this example).
We can allow this by setting allowVolumeExpansion: true for that storage class.
Patching the configuration on-the-go can easily be done using
kubectl patch storageclass/"standard" \
--namespace "default" \
--patch '{"allowVolumeExpansion": true}'Remember that you might need to adjust your storage class and namespace depending on which ones you used. For any standard configuration, however, the namespace default and the storage class standard will be the ones you need.
02
Apr
2019
How to configure Google Cloud Kubernetes Elasticsearch Cluster with internal load balancer
Google Cloud offers a convenient way of installing an ElasticSearch cluster on top of a Google Cloud Kubernetes cluster. However, the documentation tells you to expose the ElasticSearch instance using
kubectl patch service/"elasticsearch-elasticsearch-svc" \
--namespace "default" \
--patch '{"spec": {"type": "LoadBalancer"}}'However this command will expost ElasticSearch to an external IP which will make it publically accessible in the default configuration.
Here’s the equivalent command that will expose ElasticSearch to an internal load balancer with an internal IP address that will only be available from Google Cloud.
kubectl patch service/"elasticsearch-elasticsearch-svc" \
--namespace "default" \
--patch '{"spec": {"type": "LoadBalancer"}, "metadata": {"annotations": {"cloud.google.com/load-balancer-type": "Internal"}}}'You might need to replace the name of your service (elasticsearch-elasticsearch-svc in this example) and possibly your namespace.
01
Apr
2019
How to install MicroK8S (MicroKubernetes) on Ubuntu in 30 seconds
This set of commands will install & start MikroK8S (MikroKubernetes) on Ubuntu and similar Linux distributions.
sudo snap install microk8s --classic sudo snap install kubectl --classic sudo microk8s.enable # Autostart on boot sudo microk8s.start # Start right now # Wait until microk8s has started until microk8s.status ; do sleep 1 ; done # Enable some standard modules microk8s.enable dashboard registry istio
For reference see the official quickstart manual.
01
Apr
2019
How to fix docker push ‘denied: requested access to the resource is denied’
Problem:
You want to push an image to Dockerhub using a command like
docker push myusernameondocker/my-image
but you see an error message like
denied: requested access to the resource is denied
Solution:
First ensure that your local docker client is logged in to Docker by using
docker login
This will ask you for your username and password. In case you have not registered yet on Dockerhub, register here!
Now you can retry your command. Note that you do not need to create the repository on DockerHub explicitly, it will be created automatically!
01
Apr
2019
How to fix kubectl unknown shorthand flag: ‘f’ in -f
Problem:
You want to run a Kubernetes kubectl command like
kubectl -f my-app-deployment.yaml
but you see this error message after kubectl prints its entire help page:
unknown shorthand flag: 'f' in -f
Solution:
You are missing an actual command to kubectl. Most likely you want create something on your Kubernetes instance, in which case you want to run this instead:
kubectl create -f my-app-deployment.yaml
You might also want to apply or replace your config instead. Note that apply does not automatically restart your Kubernetes Pods. Read How to fix Kubernetes kubectl apply not restarting pods for more information.
01
Apr
2019
How to fix Kubernetes kubectl apply not restarting pods
Problem:
You made an update to your Kubernetes YAML configuration which you applied with
kubectl apply -f [YAML filename]
but Kubernetes still keeps the old version of the software running.
Solution:
Instead of kubectl apply -f ... use
kubectl replace --force -f [YAML filename]
This will update the configuration on the server and also update the running pods.
01
Apr
2019
How to fix kubectl Unable to connect to the server: dial tcp …:443: i/o timeout
Problem:
You want to create or edit a Kubernetes service but when running e.g.
kubectl create -f my-service.yml
you see an error message similar to this:
Unable to connect to the server: dial tcp 35.198.129.60:443: i/o timeout
Solution:
There are three common reasons for this issue:
- Your Kubernetes cluster is not running. Verify that your cluster has been started, e.g. by pinging the IP address.
- There are networking issues that prevent you from accessing the cluster. Verify that you can ping the IP and try to track down whether there is a firewall in place preventing the access
- You have configured a cluster that does not exist any more.
In case of Google Cloud Kubernetes, case (3) can easily be fixed by configuring Kubernetes to use your current cluster:
gcloud container clusters get-credentials [cluster name] --zone [zone]
This will automatically update the default cluster for kubectl.
In case you don’t know the correct cluster name and zone, use
gcloud container clusters list
01
Apr
2019
How to build & upload a Dockerized application to Google Container Registry in 5 minutes
This post provides an easy example on how to build & upload your application to the private Google Container registry. We assume you have already setup your project and installed Docker. In this example, we’ll build & upload pseudo-perseus v1.0. Since this is a NodeJS-based application, we also assume that you installed a recent version of NodeJS and NPM (see our previous article on how to do that using Ubuntu)
First we configure docker to be able to authenticate to Google:
gcloud auth configure-docker
Now we can checkout the repository and install the NPM packages:
git clone https://github.com/ulikoehler/pseudo-perseus.git cd pseudo-perseus git checkout v1.0 npm install
Now we can build the local docker image (we directly name it so that it can be uploaded to the Google Container Registry. Be sure to use the correct google cloud project ID!):
docker build -t eu.gcr.io/myproject-123456/pseudo-perseus:v1.0 .
The next step is to upload the image:
docker push eu.gcr.io/myproject-123456/pseudo-perseus:v1.0
For reference see the official Container Registry documentation.
01
Apr
2019
Fixing gcloud WARNING: `docker-credential-gcloud` not in system PATH
Problem:
You want to configure docker to be able to access Google Container Registry using
gcloud auth configure-docker
but you see this warning message:
WARNING: `docker-credential-gcloud` not in system PATH. gcloud's Docker credential helper can be configured but it will not work until this is corrected. gcloud credential helpers already registered correctly.
Solution:
Install docker-credential-gcloud using
sudo gcloud components install docker-credential-gcr
In case you see this error message:
ERROR: (gcloud.components.install) You cannot perform this action because this Cloud SDK installation is managed by an external package manager. Please consider using a separate installation of the Cloud SDK created through the default mechanism described at: https://cloud.google.com/sdk/
use this alternate installation command instead (this command is for Linux, see the official documentation for other operating systems):
VERSION=1.5.0
OS=linux
ARCH=amd64
curl -fsSL "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${VERSION}/docker-credential-gcr_${OS}_${ARCH}-${VERSION}.tar.gz" \
| tar xz --to-stdout ./docker-credential-gcr \
| sudo tee /usr/bin/docker-credential-gcr > /dev/null && sudo chmod +x /usr/bin/docker-credential-gcrAfter that, configure docker using
docker-credential-gcr configure-docker
Now you can retry running your original command.
For reference, see the official documentation.
31
Mar
2019
How to fix kubectl ‘The connection to the server localhost:8080 was refused – did you specify the right host or port?’
Problem:
You want to configure a Kubernetes service using kubectl using a command like
kubectl patch service/"my-elasticsearch-svc" --namespace "default" --patch '{"spec": {"type": "LoadBalancer"}}'but you only see this error message:
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Solution:
Kubernetes does not have the correct credentials to access the cluster.
Add the correct credentials to the kubectl config using
gcloud container clusters get-credentials [cluster name] --zone [cluster zone]
e.g.
gcloud container clusters get-credentials cluster-1 --zone europe-west3-c
After that, retry your original command.
In case you don’t know your cluster name or zone, use
gcloud container clusters list
to display the cluster metadata.
Credits to this StackOverflow answer for the original solution.
31
Mar
2019
How to install kubectl on Ubuntu
Problem:
You want to run the Kubernetes kubectl command on Ubuntu but you see an error message like this:
command not found: kubectl
Solution:
Install kubectl using snap:
sudo snap install kubectl --classic
After this command has finished installing kubectl, in most cases you can use it immediately. In case you still get the command not found: kubectl error message, run $SHELL to reload your shell and check if /snap/bin is in your $PATH environment variable.
16
Mar
2019
How to fix ERROR: Couldn’t connect to Docker daemon at http+docker://localhost – is it running?
Problem:
You want to run a docker-container or docker-compose application, but once you try to start it, you see this error message:
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running? If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
Solution:
There are two possible reasons for this error message.
The common reason is that the user you are running the command as does not have the permissions to access docker.
You can fix this either by running the command as root using sudo (since root has the permission to access docker) or adding your user to the docker group:
sudo usermod -a -G docker $USER
and then logging out and logging back in completely (or restarting the system/server).
The other reason is that you have not started docker. On Ubuntu, you can start it using
sudo systemctl enable docker # Auto-start on boot sudo systemctl start docker # Start right now
TechOverflow’s Docker install instructions automatically takes care of starting & enabling the service
16
Mar
2019
ElasticSearch docker-compose.yml and systemd service generator
Just looking for a simple solution with a single ElasticSearch node? See our new post Simple Elasticsearch setup with docker-compose
New: Now with ElasticSearch 7.13.4
This generator allows you to generate a systemd service file for a docker-compose setup that is automatically restarted if it fails.
16
Mar
2019
docker-compose systemd .service generator
This generator allows you to generate a systemd service file for a docker-compose setup that is automatically restarted if it fails.