OpenShift Service Operations

From NovaOrdis Knowledge Base
Revision as of 20:40, 26 February 2018 by Ovidiu (talk | contribs) (→‎Integrate a Service Running Outside OpenShift)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Internal

Overview

Create a Service

Use a template similar to https://github.com/NovaOrdis/playground/blob/master/openshift/templates/eap7-service-template.yaml.

then:

oc process -p APPLICATION_NAME=my-app-name -f ./novaordis-service-template.yaml | oc create -f -

DID NOT WORK, got:

error: unable to process invalid resource "."

I worked around by using the web UI and

apiVersion: v1
kind: Service
metadata:
  annotations:
    openshift.io/generated-by: novaordis-service-template
  labels:
    app: novaordis-session-servlet
    application: novaordis-session-servlet
    template: novaordis-service-template
  name: novaordis-session-servlet
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    deploymentConfig: novaordis-session-servlet
  sessionAffinity: None
  type: ClusterIP
status:

Integrate an External Service

Integrate a Service Running Outside OpenShift

This procedure can be used to integrate an external service.

TODO:

Integrate a Service Running in a Different Project

This procedure was attempted while integrating a shared CICD project Jenkins with regular development projects. It ended up inconclusively, the builds that were supposed to use the external Jenkins instance failed to start, but it is not clear whether they failed to start because of an external service integration problem or a Jenkins problem. If ever need this again, retry.

The declaration of the local service and the remote project endpoint are encapsulated in the https://github.com/NovaOrdis/playground/blob/master/openshift/templates/shared-jenkins-service-template.yaml template. They are described below:

Declare the Local Service

It is essential to specify an empty selector, otherwise the EndpointsController will try to associate this service with project pods matching the selector, as describe here.

apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  ports:
  - name: jenkins
    port: 80
    targetPort: 80
    protocol: TCP
selector: {}
echo "..." | oc create -f -

The service will get a local project service IP, but it won't be associated with any endpoint.

Declare the Target Project Endpoint

Determine the target project service IP and port with

oc get svc -n <target-project>

and associate the local service with that endpoint:

apiVersion: v1
kind: Endpoints
metadata:
  # this must be the name of the service this endpoint will be associated with
  name: jenkins
subsets:
  - addresses:
      - ip: "<remote-service-ip>"
    ports:
      # the port and name definition must match the port and name values in the service definition
      - port: 80
        name: jenkins
echo "..." | oc create -f -

Verify that the local service/endpoint association has been made:

oc describe service jenkins

It did not work. An attempt to curl into the remote Jenkins using the service name from inside a project container ends up in:

sh-4.2$ curl http://jenkins/
curl: (7) Failed connect to jenkins:80; No route to host

However, Jenkins is available at the remote service IP directly:

curl http://172.30.112.101:80
<html><head>...

The conclusion is that the local service does not proxy correctly, either because it was not designed to, or because it was not configured correctly. To return.