OpenShift Service Operations
Internal
Overview
Create a Service
Use a template similar to https://github.com/NovaOrdis/playground/blob/master/openshift/templates/eap7-service-template.yaml.
then:
oc process -p APPLICATION_NAME=my-app-name -f ./novaordis-service-template.yaml | oc create -f -
DID NOT WORK, got:
error: unable to process invalid resource "."
I worked around by using the web UI and
apiVersion: v1
kind: Service
metadata:
annotations:
openshift.io/generated-by: novaordis-service-template
labels:
app: novaordis-session-servlet
application: novaordis-session-servlet
template: novaordis-service-template
name: novaordis-session-servlet
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentConfig: novaordis-session-servlet
sessionAffinity: None
type: ClusterIP
status:
Integrate an External Service
Integrate a Service Running Outside OpenShift
This procedure can be used to integrate an external service.
TODO:
- https://docs.openshift.com/container-platform/latest/dev_guide/integrating_external_services.html#dev-guide-integrating-external-services
- https://kubernetes.io/docs/concepts/services-networking/service/
Integrate a Service Running in a Different Project
This procedure was attempted while integrating a shared CICD project Jenkins with regular development projects. It ended up inconclusively, the builds that were supposed to use the external Jenkins instance failed to start, but it is not clear whether they failed to start because of an external service integration problem or a Jenkins problem. If ever need this again, retry.
The declaration of the local service and the remote project endpoint are encapsulated in the https://github.com/NovaOrdis/playground/blob/master/openshift/templates/shared-jenkins-service-template.yaml template. They are described below:
Declare the Local Service
It is essential to specify an empty selector, otherwise the EndpointsController will try to associate this service with project pods matching the selector, as describe here.
apiVersion: v1
kind: Service
metadata:
name: jenkins
spec:
ports:
- name: jenkins
port: 80
targetPort: 80
protocol: TCP
selector: {}
echo "..." | oc create -f -
The service will get a local project service IP, but it won't be associated with any endpoint.
Declare the Target Project Endpoint
Determine the target project service IP and port with
oc get svc -n <target-project>
and associate the local service with that endpoint:
apiVersion: v1
kind: Endpoints
metadata:
# this must be the name of the service this endpoint will be associated with
name: jenkins
subsets:
- addresses:
- ip: "<remote-service-ip>"
ports:
# the port and name definition must match the port and name values in the service definition
- port: 80
name: jenkins
echo "..." | oc create -f -
Verify that the local service/endpoint association has been made:
oc describe service jenkins
It did not work. An attempt to curl into the remote Jenkins using the service name from inside a project container ends up in:
sh-4.2$ curl http://jenkins/ curl: (7) Failed connect to jenkins:80; No route to host
However, Jenkins is available at the remote service IP directly:
curl http://172.30.112.101:80 <html><head>...
The conclusion is that the local service does not proxy correctly, either because it was not designed to, or because it was not configured correctly. To return.