OpenShift Service Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=Internal= * OpenShift Operations =Create a Service= Use a template similar to: apiVersion: v1 kind: Template metadata: name: nov...")
 
 
(31 intermediate revisions by the same user not shown)
Line 2: Line 2:


* [[OpenShift Operations#Operations|OpenShift Operations]]
* [[OpenShift Operations#Operations|OpenShift Operations]]
* [[OpenShift Service Concepts#Overview|OpenShift Service Concepts]]
=Overview=


=Create a Service=
=Create a Service=


Use a template similar to:
Use a template similar to https://github.com/NovaOrdis/playground/blob/master/openshift/templates/eap7-service-template.yaml.
 
then:
 
oc process -p APPLICATION_NAME=my-app-name -f ./novaordis-service-template.yaml | oc create -f -
 
<font color=red>DID NOT WORK, got:
error: unable to process invalid resource "."
 
</font>
 
I worked around by using the web UI and
 
<syntaxhighlight lang='yaml'>
apiVersion: v1
kind: Service
metadata:
  annotations:
    openshift.io/generated-by: novaordis-service-template
  labels:
    app: novaordis-session-servlet
    application: novaordis-session-servlet
    template: novaordis-service-template
  name: novaordis-session-servlet
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    deploymentConfig: novaordis-session-servlet
  sessionAffinity: None
  type: ClusterIP
status:
</syntaxhighlight>
 
=Integrate an External Service=
 
==Integrate a Service Running Outside OpenShift==
 
This procedure can be used to integrate an [[OpenShift Concepts#External_Service|external service]].
 
<font color=red>'''TODO:'''
*https://docs.openshift.com/container-platform/latest/dev_guide/integrating_external_services.html#dev-guide-integrating-external-services
* https://kubernetes.io/docs/concepts/services-networking/service/
</font>
 
==Integrate a Service Running in a Different Project==
 
<font color=red>This procedure was attempted while integrating a shared CICD project Jenkins with regular development projects. It ended up inconclusively, the builds that were supposed to use the external Jenkins instance failed to start, but it is not clear whether they failed to start because of an external service integration problem or a Jenkins problem. If ever need this again, retry.</font>
 
The declaration of the local service and the remote project endpoint are encapsulated in the https://github.com/NovaOrdis/playground/blob/master/openshift/templates/shared-jenkins-service-template.yaml template. They are described below:
 
===Declare the Local Service===
 
It is essential to specify an empty selector, otherwise the EndpointsController will try to associate this service with project pods matching the selector, as describe [[OpenShift Concepts#EndpointsController|here]].


  apiVersion: v1
  apiVersion: v1
  kind: Template
  kind: Service
  metadata:
  metadata:
   name: novaordis-service-template
   name: jenkins
  objects:
  spec:
- apiVersion: v1
  ports:
  kind: Service
  - name: jenkins
  metadata:
    port: 80
     annotations:
    targetPort: 80
      description: The web server's http port.
     protocol: TCP
      openshift.io/generated-by: OpenShiftNewApp
selector: {}
    labels:
 
      app: eap70-basic-s2i
echo "..." | [[oc create]] -f -
      application: session-servlet
 
      template: eap70-basic-s2i
The service will get a local project service IP, but it won't be associated with any endpoint.
      xpaas: 1.4.0
 
    name: session-servlet
===Declare the Target Project Endpoint===
  spec:
 
Determine the target project service IP and port with
 
oc get svc -n <''target-project''>
 
and associate the local service with that endpoint:
 
apiVersion: v1
kind: Endpoints
metadata:
  # this must be the name of the service this endpoint will be associated with
  name: jenkins
subsets:
  - addresses:
      - ip: "<''remote-service-ip''>"
     ports:
     ports:
    - port: 8080
      # the port and name definition must match the port and name values in the service definition
      protocol: TCP
      - port: 80
      targetPort: 8080
        name: jenkins
    selector:
 
      deploymentConfig: session-servlet
echo "..." | [[oc create]] -f -
    sessionAffinity: None
 
    type: ClusterIP
Verify that the local service/endpoint association has been made:
  status:
 
oc describe service jenkins
 
<font color=red>
It did not work. An attempt to curl into the remote Jenkins using the service name from inside a project container ends up in:
 
sh-4.2$ curl http://jenkins/
curl: (7) Failed connect to jenkins:80; No route to host
 
However, Jenkins is available at the remote service IP directly:
 
curl http://172.30.112.101:80
<html><head>...
 
The conclusion is that the local service does not proxy correctly, either because it was not designed to, or because it was not configured correctly. To return.
</font>

Latest revision as of 20:40, 26 February 2018

Internal

Overview

Create a Service

Use a template similar to https://github.com/NovaOrdis/playground/blob/master/openshift/templates/eap7-service-template.yaml.

then:

oc process -p APPLICATION_NAME=my-app-name -f ./novaordis-service-template.yaml | oc create -f -

DID NOT WORK, got:

error: unable to process invalid resource "."

I worked around by using the web UI and

apiVersion: v1
kind: Service
metadata:
  annotations:
    openshift.io/generated-by: novaordis-service-template
  labels:
    app: novaordis-session-servlet
    application: novaordis-session-servlet
    template: novaordis-service-template
  name: novaordis-session-servlet
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    deploymentConfig: novaordis-session-servlet
  sessionAffinity: None
  type: ClusterIP
status:

Integrate an External Service

Integrate a Service Running Outside OpenShift

This procedure can be used to integrate an external service.

TODO:

Integrate a Service Running in a Different Project

This procedure was attempted while integrating a shared CICD project Jenkins with regular development projects. It ended up inconclusively, the builds that were supposed to use the external Jenkins instance failed to start, but it is not clear whether they failed to start because of an external service integration problem or a Jenkins problem. If ever need this again, retry.

The declaration of the local service and the remote project endpoint are encapsulated in the https://github.com/NovaOrdis/playground/blob/master/openshift/templates/shared-jenkins-service-template.yaml template. They are described below:

Declare the Local Service

It is essential to specify an empty selector, otherwise the EndpointsController will try to associate this service with project pods matching the selector, as describe here.

apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  ports:
  - name: jenkins
    port: 80
    targetPort: 80
    protocol: TCP
selector: {}
echo "..." | oc create -f -

The service will get a local project service IP, but it won't be associated with any endpoint.

Declare the Target Project Endpoint

Determine the target project service IP and port with

oc get svc -n <target-project>

and associate the local service with that endpoint:

apiVersion: v1
kind: Endpoints
metadata:
  # this must be the name of the service this endpoint will be associated with
  name: jenkins
subsets:
  - addresses:
      - ip: "<remote-service-ip>"
    ports:
      # the port and name definition must match the port and name values in the service definition
      - port: 80
        name: jenkins
echo "..." | oc create -f -

Verify that the local service/endpoint association has been made:

oc describe service jenkins

It did not work. An attempt to curl into the remote Jenkins using the service name from inside a project container ends up in:

sh-4.2$ curl http://jenkins/
curl: (7) Failed connect to jenkins:80; No route to host

However, Jenkins is available at the remote service IP directly:

curl http://172.30.112.101:80
<html><head>...

The conclusion is that the local service does not proxy correctly, either because it was not designed to, or because it was not configured correctly. To return.