i'm having troubles with my kubernetes cluster (hosted on AWS) where i'm trying to let my two pods communicate trough services. I have one pod on a deployment based on NODEJS and one pod on a deployment based on MYSQL. This is my yaml configuration file for the deployments and the services (all in one)
apiVersion: apps/v1
kind: Deployment
metadata:
name: db-deployment-products
namespace: namespace-private
labels:
app: productsdb
spec:
replicas: 1
selector:
matchLabels:
app: productsdb
template:
metadata:
labels:
app: productsdb
spec:
containers:
- name: productsdb
image: training-registry.com/library/productsdb:latest
env:
- name: DB_HOST
value: "productsdb-service.namespace-private.svc.cluster.local"
- name: DB_NAME
value: "products_db"
- name: DB_USER
value: "root"
- name: DB_PWD
value: "productsPWD"
- name: MYSQL_DATABASE
value: "products_db"
- name: MYSQL_ROOT_USER
value: "root"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: productsdb-secret
key: MYSQL_ROOT_PASSWORD
- name: DB_DIALECT
value: "mysql"
- name: LOG_LEVEL
value: "debug"
- name: ES_LOG_LEVEL
value: "debug"
- name: ES_CLIENT
value: "http://elasticsearch:9200"
- name: ES_INDEX
value: "demo-uniroma3-products"
- name: ES_USER
value: "elastic"
- name: ES_PWD
value: "elastic"
- name: LOGGER_SERVICE
value: "products-service"
- name: DB_PORT
value: "3306"
- name: SERVER_PORT
value: "5000"
ports:
- containerPort: 3306
---
apiVersion: v1
kind: Service
metadata:
name: productsdb-service
namespace: namespace-private
spec:
selector:
app: productsdb
ports:
- protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: products-service-metaname
namespace: namespace-private
labels:
app: products-service
spec:
replicas: 1
selector:
matchLabels:
app: products-service
template:
metadata:
labels:
app: products-service
spec:
containers:
- name: products-service
image: training-registry.com/library/products-service:latest
env:
- name: DB_HOST
value: "productsdb-service.namespace-private.svc.cluster.local"
- name: DB_NAME
value: "products_db"
- name: DB_USER
value: "root"
- name: DB_PWD
value: "productsPWD"
- name: MYSQL_DATABASE
value: "products_db"
- name: MYSQL_ROOT_USER
name: "root"
- name: MYSQL_ROOT_PASSWORD
value: "productsPWD"
- name: DB_DIALECT
value: "mysql"
- name: ES_USER
value: "elastic"
- name: ES_PWD
value: "elastic"
- name: LOGGER_SERVICE
value: "products-service"
- name: DB_PORT
value: "3306"
- name: SERVER_PORT
value: "5000"
ports:
- containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
name: products-service-service
namespace: namespace-private
spec:
selector:
app: products-service
type: LoadBalancer
ports:
- protocol: TCP
port: 5000
targetPort: 5000
nodePort: 30001
As you can see, i created the two services and used the complete name of the db service as variable "DB_HOST", but if i try to test the connection with port-forward on the address "localhost:5000/products", the browser tell me
{"success":false,"reason":{"name":"SequelizeConnectionError","parent":{"errno":-3001,"code":"EAI_AGAIN","syscall":"getaddrinfo","hostname":"productsdb-service.namespace-private.svc.cluster.local","fatal":true},"original":{"errno":-3001,"code":"EAI_AGAIN","syscall":"getaddrinfo","hostname":"productsdb-service.namespace-private.svc.cluster.local","fatal":true}}}
I tried to change the DB_HOST env variable with the name of the service, with the service IP but nothing seems it work. Do you know why and how can i resolve this? Thank you in advance
Related
This is my mysql-deployment.yaml I am trying to get this to run on kubernetes but I am getting error I have mentioned the errors below my deployment.yml
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app: mysql
tier: database
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: mysql
tier: database
spec:
accessMode:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
selector:
matchLabels:
app: mysql
tier: database
strategy:
type: Recreate
template:
metadata:
labels:
apps: mysql
tier: database
spec:
containers:
- image: mysql:5.7
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-root-credentials
key: password
- name: MYSQL_USER
valueFrom:
secretKeyRef::
name: db-credentials
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretkeyRef:
name: db-credentials
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: dbbuddyto_mstr_local
key: name
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
PersistentVolumeClaim:
claimName: mysql-pv-claim
I am getting two errors:
error parsing mysql-deployment.yml: error converting YAML to JSON: yaml: line 24: mapping values are not allowed in this context
and the second error is
Error from server (BadRequest): error when creating "mysql-deployment.yml": PersistentVolumeClaim in version "v1" cannot be handled as a PersistentVolumeClaim: strict decoding error: unknown field "spec.accessMode"
I am trying to build a Kubernetes deployment for angular, spring and mysql.
and the mentioned errors are the ones I am currently facing.
The issue with your PVC is a typo. It needs to be spec.accessModes, you missed the s at the end.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: mysql
tier: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
Edit:
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app: mysql
tier: database
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: mysql
tier: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
selector:
matchLabels:
app: mysql
tier: database
strategy:
type: Recreate
template:
metadata:
labels:
apps: mysql
tier: database
spec:
containers:
- image: mysql:5.7
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-root-credentials
key: password
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-credentials
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: dbbuddyto_mstr_local
key: name
resources: {}
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
PersistentVolumeClaim:
claimName: mysql-pv-claim
Besides the typo with accessModes, ports and volumes were not indented enough. They are both elementes of a container. Also fixed the secretKeyRef typo:
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app: mysql
tier: database
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: mysql
tier: database
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
tier: database
spec:
selector:
matchLabels:
app: mysql
tier: database
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
tier: database
spec:
containers:
- image: mysql:5.7
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-root-credentials
key: password
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-credentials
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: dbbuddyto-mstr-local
key: name
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
Update:
Also fixed labels to match matchLabels, case error in persistentVolumeClaim and name of configMap dbbuddyto-mstr-local. This is important. _is not allowed.
On minikube there is no error now.
I'm running sentry on my EKS cluster and according to the official documentation it can only be exposed on rootPath "/" i'm also exposing keycloak on "/auth" which is the default web-context
So i deployed nginx ingress controller and ingress resources to match these paths, but the problem i encountered was that sentry path ("/") is always redirected to "/auth" which is the default path of keycloak which would cause a conflict. in my case i'm not allowed to change the web-context of keycloak so i tried to deploy another nginx ingress controller for sentry with the same class but i did not know how to do it since all examples are using ingress controllers with different classes. so i would like to know if this possible how to deploy a seconf nginx ingress which is pretty much the same as the first one or if there is another solution please help me know it.
Here is nginx ingress controller i use :
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
type: ClusterIP
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.31.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --publish-service=ingress-nginx/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=ingress-nginx/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: webhook
containerPort: 8443
protocol: TCP
volumeMounts:
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
resources:
requests:
cpu: 100m
memory: 90Mi
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission
namespace: ingress-nginx
webhooks:
- name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- extensions
- networking.k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: Fail
clientConfig:
service:
namespace: ingress-nginx
name: ingress-nginx-controller-admission
path: /extensions/v1beta1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-create
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-create
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: jettech/kube-webhook-certgen:v1.0.0
imagePullPolicy: IfNotPresent
args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
- --namespace=ingress-nginx
- --secret-name=ingress-nginx-admission
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-patch
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-patch
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: jettech/kube-webhook-certgen:v1.0.0
imagePullPolicy:
args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=ingress-nginx
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-2.0.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.31.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
Here is the ingress resources :
Keycloak :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "keycloak-ingress"
annotations:
kubernetes.io/ingress.class: nginx
labels:
app: keycloak-ingress
spec:
rules:
- http:
paths:
- path: /auth
backend:
serviceName: keycloak
servicePort: 8080
Sentry :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "sentry-ingress"
namespace: "tools"
annotations:
kubernetes.io/ingress.class: sentry-nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
labels:
app: sentry-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: "sentry"
servicePort: 9000
keycloak is exposed on "/auth" which is the default web-context.
I understand that as default web-context, means that you want everything sent to / should be redirected to keycloak.
So you need to set a different target for Sentry, like /sentry.
kubernetes.io/ingress.class: sentry-nginx is not a valid ingress.class in kubernetes.io that's probably why your ingress is not being considered.
Only one deployment of Nginx-Ingress is needed to proxy traffic between multiple apps.
The trick here is to expose sentry as mydomain.com/sentry and the app itself receives the connection directly on / as required.
In order to achieve it you can use rewrite-target, learn more here.
It will create a capture group and send to the appropriate service.
This is what your ingress should look like:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "my-ingress"
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
labels:
app: my-ingress
spec:
rules:
- http:
paths:
- path: /(.*)
backend:
serviceName: keycloak
servicePort: 8080
- path: /sentry(/|$)(.*)
backend:
serviceName: sentry
servicePort: 9000
This will do the following:
Requests to / will be delivered to keycloak as /
Requests to /auth will be delivered to keycloak as /
Requests to /auth/foo will be delivered to keycloak as /foo
Requests to /sentry will be delivered to sentry as /
Requests to /sentry/bar will be delivered to sentry as /bar
Nginx Ingress uses Path Priority:
In NGINX, regular expressions follow a first match policy. In order to enable more accurate path matching, ingress-nginx first orders the paths by descending length before writing them to the NGINX template as location blocks.
Example:
this is the ingress in my example echo-ingress.yaml:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: echo-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: mydomain.com
http:
paths:
- path: /(.*)
backend:
serviceName: echo1-svc
servicePort: 80
- path: /sentry(/|$)(.*)
backend:
serviceName: echo2-svc
servicePort: 80
I created 2 echo apps, to demonstrate it:
echo1-deploy.yaml: emulates your keycloak
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo1-deploy
spec:
selector:
matchLabels:
app: echo1-app
template:
metadata:
labels:
app: echo1-app
spec:
containers:
- name: echo1-app
image: mendhak/http-https-echo
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: echo1-svc
spec:
selector:
app: echo1-app
ports:
- protocol: TCP
port: 80
targetPort: 80
echo2-deploy.yaml: emulates your sentry
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo2-deploy
spec:
selector:
matchLabels:
app: echo2-app
template:
metadata:
labels:
app: echo2-app
spec:
containers:
- name: echo2-app
image: mendhak/http-https-echo
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: echo2-svc
spec:
selector:
app: echo2-app
ports:
- protocol: TCP
port: 80
targetPort: 80
Let's apply and test the outcome:
$ kubectl apply -f echo1-deploy.yaml
deployment.apps/echo1-deploy created
service/echo1-svc created
$ kubectl apply -f echo2-deploy.yaml
deployment.apps/echo2-deploy created
service/echo2-svc created
$ kubectl apply -f echo-ingress.yaml
ingress.networking.k8s.io/echo-ingress created
$ kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
echo-ingress mydomain.com 35.188.7.149 80 48s
$ tail -n 1 /etc/hosts
35.188.7.149 mydomain.com
$ curl mydomain.com/sentry
{"path": "/",
...suppressed output...
"os": {"hostname": "echo2-deploy-7bcb8f8d5f-dwzkr"}
}
$ curl mydomain.com/auth
{"path": "/",
...suppressed output...
"os": {"hostname": "echo1-deploy-764d5df7cf-6m5nz"}
}
$ curl mydomain.com
{"path": "/",
"os": {"hostname": "echo1-deploy-764d5df7cf-6m5nz"}
}
We can see that the requested were correctly forwarded to the pod responsible for the app set in the ingress with the rewrite target.
Considerations:
Sentry "can only be exposed on rootPath "/"
I found out that Sentry can be exposed on other paths, check here and here, it might be worth checking.
If I got wrong your environment or you have any question let me know in the comments and I'll modify it =)
I am using Hyperledger fabric-1.0.1 , openshift v3.4.1.44 , Kubernetes v1.4.0
In my deployment I am having
2 organization, 4 peers , 1 orderer and 2 ca's
I am deploying following YAML on openshift to create PODS and services.
apiVersion: v1
items:
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca0
name: ca0
spec:
ports:
- name: "7054"
port: 7054
targetPort: 7054
selector:
io.kompose.service: ca0
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca1
name: ca1
spec:
ports:
- name: "8054"
port: 8054
targetPort: 7054
selector:
io.kompose.service: ca1
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: orderer
name: orderer
spec:
ports:
- name: "7050"
port: 7050
targetPort: 7050
selector:
io.kompose.service: orderer
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer01
name: peer01
spec:
ports:
- name: "7051"
port: 7051
targetPort: 7051
- name: "7053"
port: 7053
targetPort: 7053
selector:
io.kompose.service: peer01
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer02
name: peer02
spec:
ports:
- name: "9051"
port: 9051
targetPort: 7051
- name: "9053"
port: 9053
targetPort: 7053
selector:
io.kompose.service: peer02
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer11
name: peer11
spec:
ports:
- name: "8051"
port: 8051
targetPort: 7051
- name: "8053"
port: 8053
targetPort: 7053
selector:
io.kompose.service: peer11
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer12
name: peer12
spec:
ports:
- name: "10051"
port: 10051
targetPort: 7051
- name: "10053"
port: 10053
targetPort: 7053
selector:
io.kompose.service: peer12
status:
loadBalancer: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca0
name: ca0
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca0
spec:
containers:
- args:
- sh
- -c
- fabric-ca-server start --ca.certfile /var/code/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
--ca.keyfile /var/code/peerOrganizations/org1.example.com/ca/PK-KEY
-b admin:adminpw -d
env:
- name: FABRIC_CA_HOME
value: /etc/hyperledger/fabric-ca-server
- name: FABRIC_CA_SERVER_CA_NAME
value: ca-org1
- name: FABRIC_CA_SERVER_TLS_CERTFILE
value: /var/code/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
- name: FABRIC_CA_SERVER_TLS_ENABLED
value: "false"
- name: FABRIC_CA_SERVER_TLS_KEYFILE
value: /var/code/peerOrganizations/org1.example.com/ca/PK-KEY
image: hyperledger/fabric-ca:x86_64-1.0.1
name: ca-peerorg1
ports:
- containerPort: 7054
resources: {}
volumeMounts:
- mountPath: /etc/hyperledger
name: ca0-claim0
- mountPath: /var/fabricdeploy
name: common-claim
restartPolicy: Always
volumes:
- name: ca0-claim0
persistentVolumeClaim:
claimName: ca0-pvc
- name: common-claim
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca0-pvc
name: ca0-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca1
name: ca1
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca1
spec:
containers:
- args:
- sh
- -c
- fabric-ca-server start --ca.certfile /var/code/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
--ca.keyfile /var/code/peerOrganizations/org2.example.com/ca/PK-KEY
-b admin:adminpw -d
env:
- name: FABRIC_CA_HOME
value: /etc/hyperledger/fabric-ca-server
- name: FABRIC_CA_SERVER_CA_NAME
value: ca-org2
- name: FABRIC_CA_SERVER_TLS_CERTFILE
value: /var/code/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
- name: FABRIC_CA_SERVER_TLS_ENABLED
value: "false"
- name: FABRIC_CA_SERVER_TLS_KEYFILE
value: /var/code/peerOrganizations/org2.example.com/ca/PK-KEY
image: hyperledger/fabric-ca:x86_64-1.0.1
name: ca-peerorg2
ports:
- containerPort: 7054
resources: {}
volumeMounts:
- mountPath: /etc/hyperledger
name: ca1-claim0
- mountPath: /var/fabricdeploy
name: common-claim
restartPolicy: Always
volumes:
- name: ca1-claim0
persistentVolumeClaim:
claimName: ca1-pvc
- name: common-claim
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: ca1-pvc
name: ca1-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: orderer
name: orderer
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: orderer
spec:
containers:
- args:
- orderer
env:
- name: ORDERER_GENERAL_GENESISFILE
value: /var/fabricdeploy/fabric-samples/first-network/channel-artifacts/genesis.block
- name: ORDERER_GENERAL_GENESISMETHOD
value: file
- name: ORDERER_GENERAL_LISTENADDRESS
value: 0.0.0.0
- name: ORDERER_GENERAL_LOCALMSPDIR
value: /var/code/ordererOrganizations/example.com/orderers/orderer.example.com/msp
- name: ORDERER_GENERAL_LOCALMSPID
value: OrdererMSP
- name: ORDERER_GENERAL_LOGLEVEL
value: debug
- name: ORDERER_GENERAL_TLS_CERTIFICATE
value: /var/code/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- name: ORDERER_GENERAL_TLS_ENABLED
value: "false"
- name: ORDERER_GENERAL_TLS_PRIVATEKEY
value: /var/code/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
- name: ORDERER_GENERAL_TLS_ROOTCAS
value: '[/var/code/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt]'
image: hyperledger/fabric-orderer:x86_64-1.0.1
name: orderer
ports:
- containerPort: 7050
resources: {}
volumeMounts:
- mountPath: /var/fabricdeploy
name: common-claim
- mountPath: /var
name: ordererclaim1
workingDir: /opt/gopath/src/github.com/hyperledger/fabric
restartPolicy: Always
volumes:
- name: common-claim
persistentVolumeClaim:
claimName: fabric-deploy
- name: ordererclaim1
persistentVolumeClaim:
claimName: orderer-pvc
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: orderer-pvc
name: orderer-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer01
name: peer01
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer01
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_LOGGING_LEVEL
value: DEBUG
- name: CORE_PEER_ADDRESS
value: peer01.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: peer01.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer0.org1.example.com
- name: CORE_PEER_LOCALMSPID
value: Org1MSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "false"
- name: CORE_PEER_TLS_KEY_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- name: CORE_PEER_MSPCONFIGPATH
value: /var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp
image: hyperledger/fabric-peer:x86_64-1.0.1
name: peer01
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /var
name: peer01claim0
- mountPath: /var/fabricdeploy
name: common-claim
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
restartPolicy: Always
volumes:
- name: peer01claim0
persistentVolumeClaim:
claimName: peer01-pvc
- name: common-claim
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer01-pvc
name: peer01-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer02
name: peer02
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer02
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_LOGGING_LEVEL
value: DEBUG
- name: CORE_PEER_ADDRESS
value: peer02.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_BOOTSTRAP
value: peer02.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer0.org2.example.com
- name: CORE_PEER_LOCALMSPID
value: Org2MSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "false"
- name: CORE_PEER_TLS_KEY_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
- name: CORE_PEER_MSPCONFIGPATH
value: /var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp
image: hyperledger/fabric-peer:x86_64-1.0.1
name: peer02
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /var
name: peer02claim0
- mountPath: /var/fabricdeploy
name: common-claim
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
restartPolicy: Always
volumes:
- name: peer02claim0
persistentVolumeClaim:
claimName: peer02-pvc
- name: common-claim
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer02-pvc
name: peer02-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer11
name: peer11
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer11
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_LOGGING_LEVEL
value: DEBUG
- name: CORE_PEER_ADDRESS
value: peer11.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_BOOTSTRAP
value: peer01.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: peer11.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer1.org1.example.com
- name: CORE_PEER_LOCALMSPID
value: Org1MSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "false"
- name: CORE_PEER_TLS_KEY_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /var/code/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt
- name: CORE_PEER_MSPCONFIGPATH
value: /var/code/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp
image: hyperledger/fabric-peer:x86_64-1.0.1
name: peer11
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /var
name: peer11claim0
- mountPath: /var/fabricdeploy
name: peer11claim1
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
restartPolicy: Always
volumes:
- name: peer11claim0
persistentVolumeClaim:
claimName: peer11-pvc
- name: peer11claim1
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer11-pvc
name: peer11-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer12
name: peer12
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer12
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_LOGGING_LEVEL
value: DEBUG
- name: CORE_PEER_ADDRESS
value: peer12.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_BOOTSTRAP
value: peer12.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: peer12.first-network.svc.cluster.local:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer1.org2.example.com
- name: CORE_PEER_LOCALMSPID
value: Org2MSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "false"
- name: CORE_PEER_TLS_KEY_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /var/code/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt
- name: CORE_PEER_MSPCONFIGPATH
value: /var/code/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp
image: hyperledger/fabric-peer:x86_64-1.0.1
name: peer12
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /var
name: peer12claim0
- mountPath: /var/fabricdeploy
name: peer12claim1
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
restartPolicy: Always
volumes:
- name: peer12claim0
persistentVolumeClaim:
claimName: peer12-pvc
- name: peer12claim1
persistentVolumeClaim:
claimName: fabric-deploy
status: {}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: peer12-pvc
name: peer12-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
status: {}
kind: List
metadata: {}
When I tried to executed steps of script.sh https://github.com/hyperledger/fabric-samples/tree/release/first-network/scripts (Hyperledger fabric -Building Your First Network) to build network I am getting error at step installChaincode.
:/var/fabricdeploy/fabric-samples/first-network/scripts$ ./script.sh
Build your first network (BYFN) end-to-end test
Channel name : mychannel
Creating channel...
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
.
.
.
2017-08-31 13:56:02.520 UTC [main] main -> INFO 021 Exiting.....
===================== Channel "mychannel" is created successfully =====================
Having all peers join the channel...
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:02.565 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: F98AD2F3EFC2B7B6916C149E819B7F322C29595623D48A90AB14899C0E2DDD51
2017-08-31 13:56:02.591 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
2017-08-31 13:56:02.591 UTC [main] main -> INFO 007 Exiting.....
===================== PEER0 joined on the channel "mychannel" =====================
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:04.669 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
2017-08-31 13:56:04.669 UTC [main] main -> INFO 007 Exiting.....
===================== PEER1 joined on the channel "mychannel" =====================
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:06.760 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
2017-08-31 13:56:06.760 UTC [main] main -> INFO 007 Exiting.....
===================== PEER2 joined on the channel "mychannel" =====================
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:08.844 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
2017-08-31 13:56:08.844 UTC [main] main -> INFO 007 Exiting.....
===================== PEER3 joined on the channel "mychannel" =====================
Updating anchor peers for org1...
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:10.934 UTC [main] main -> INFO 010 Exiting.....
===================== Anchor peers for org "Org1MSP" on "mychannel" is updated successfully =====================
Updating anchor peers for org2...
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
.
.
.
2017-08-31 13:56:11.006 UTC [main] main -> INFO 010 Exiting.....
===================== Anchor peers for org "Org2MSP" on "mychannel" is updated successfully =====================
Installing chaincode on org1/peer0...
CORE_PEER_TLS_ROOTCERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org1MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/var/code/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=false
CORE_PEER_MSPCONFIGPATH=/var/code/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_ID=cli
CORE_LOGGING_LEVEL=DEBUG
CORE_PEER_ADDRESS=peer01.first-network.svc.cluster.local:7051
2017-08-/opt/go/src/runtime/panic.go:566 +0x95EBU 001 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 172.30.217.53:7051: getsockopt: connection refused";
runtime.sigpanic()peer01.first-network.svc.cluster.local:7051 <nil>}
fatal er/opt/go/src/runtime/sigpanic_unix.go:12 +0x2ccn
[signal SIGSEGV: segmentation violation code=0x1 addr=0x47 pc=0x7fb7242db259]
goroutine 20 [syscall, locked to thread]:
runtime.cgocall(0xb08d50, 0xc4200265f8, 0xc400000000)
runtime./opt/go/src/runtime/cgocall.go:131 +0x110 fp=0xc4200265b0 sp=0xc420026570
net._C2f??:0 +0x68 fp=0xc4200265f8 sp=0xc4200265b0018d6e0, 0xc42013c158, 0x0, 0x0, 0x0)
net.cgoL/opt/go/src/net/cgo_unix.go:146 +0x37c fp=0xc420026718 sp=0xc4200265f8
net.cgoI/opt/go/src/net/cgo_unix.go:198 +0x4d fp=0xc4200267a8 sp=0xc420026718
runtime./opt/go/src/runtime/asm_amd64.s:2086 +0x1 fp=0xc4200267b0 sp=0xc4200267a8
created /opt/go/src/net/cgo_unix.go:208 +0xb4
/opt/gopath/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/clientconn.go:434 +0x856
github.com/hyperledger/fabric/vendor/google.golang.org/grpc.Dial(0xc420018092, 0x2b, 0xc420357300, 0x4, 0x4, 0xc420357300, 0x2, 0x4)
github.c/opt/gopath/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/clientconn.go:319 +0x960018092, 0x2b, 0xc420357300, 0x4, 0x4, 0x0, 0x0, 0x0)
github.c/opt/gopath/src/github.com/hyperledger/fabric/core/comm/connection.go:191 +0x2a9b, 0x490001, 0x0, 0x0, 0xc, 0xc420018092, 0x2b)
github.c/opt/gopath/src/github.com/hyperledger/fabric/core/peer/peer.go:500 +0xbe018092, 0x2b, 0xc420018092, 0x2b, 0xc4201a5988)
github.c/opt/gopath/src/github.com/hyperledger/fabric/core/peer/peer.go:475 +0x4e4201a59c0, 0x0)
github.c/opt/gopath/src/github.com/hyperledger/fabric/peer/common/common.go:114 +0x29 0x0, 0xc4200001a0)
github.c/opt/gopath/src/github.com/hyperledger/fabric/peer/chaincode/common.go:240 +0x77a
github.c/opt/gopath/src/github.com/hyperledger/fabric/peer/chaincode/install.go:166 +0x5a8 0xd9d943, 0x5)
github.c/opt/gopath/src/github.com/hyperledger/fabric/peer/chaincode/install.go:54 +0x54, 0x0, 0x6, 0x0, 0x0)
!!!!!!!!!!!!!!! Chaincode installation on remote peer PEER0 has Failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
I was trying to generate a template from my existing setup with
oc export dc,svc,bc --selector="microservice=imagesvc" -o yaml --as-template=imagesvc
The problem is that the template points the container source to my reigstry. I would like to modify the template in a way that the build configuration is building the container from source, then attaches it to the deploymentconfig. How can I achieve something like that?
This is the config I currently have. When I apply I get various errors. As an example in Builds I get "Invalid output reference"
Any help with this would be greatly appreciated.
apiVersion: v1
kind: Template
metadata:
creationTimestamp: null
name: imagesvc
objects:
- apiVersion: v1
kind: DeploymentConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
generation: 1
labels:
app: gcsimageupload
microservice: imagesvc
name: gcsimageupload
spec:
replicas: 1
selector:
deploymentconfig: gcsimageupload
strategy:
activeDeadlineSeconds: 21600
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: gcsimageupload
deploymentconfig: gcsimageupload
microservice: imagesvc
spec:
containers:
- imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: gcsimageupload
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /secret
name: gcsimageupload-secret
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: gcsimageupload-secret
secret:
defaultMode: 420
secretName: gcsimageupload-secret
test: false
triggers:
- imageChangeParams:
automatic: true
containerNames:
- gcsimageupload
from:
kind: ImageStreamTag
name: gcsimageupload:latest
namespace: web
type: ImageChange
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: DeploymentConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
generation: 1
labels:
app: imagesvc
microservice: imagesvc
name: imagesvc
spec:
replicas: 1
selector:
deploymentconfig: imagesvc
strategy:
activeDeadlineSeconds: 21600
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: imagesvc
deploymentconfig: imagesvc
microservice: imagesvc
spec:
containers:
- imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: imagesvc
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources: {}
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
test: false
triggers:
- imageChangeParams:
automatic: true
containerNames:
- imagesvc
from:
kind: ImageStreamTag
name: imagesvc:latest
namespace: web
type: ImageChange
- type: ConfigChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: DeploymentConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
generation: 1
labels:
app: imaginary
microservice: imagesvc
name: imaginary
spec:
replicas: 1
selector:
app: imaginary
deploymentconfig: imaginary
strategy:
activeDeadlineSeconds: 21600
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
labels:
app: imaginary
deploymentconfig: imaginary
microservice: imagesvc
spec:
containers:
- image: h2non/imaginary
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: imaginary
ports:
- containerPort: 9000
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 9000
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
test: false
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- imaginary
from:
kind: ImageStreamTag
name: imaginary:latest
namespace: web
type: ImageChange
status:
availableReplicas: 0
latestVersion: 0
observedGeneration: 0
replicas: 0
unavailableReplicas: 0
updatedReplicas: 0
- apiVersion: v1
kind: Service
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
labels:
app: gcsimageupload
microservice: imagesvc
name: gcsimageupload
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentconfig: gcsimageupload
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
service.alpha.openshift.io/dependencies: '[{"name":"gcsimageupload","namespace":"","kind":"Service"},{"name":"imaginary","namespace":"","kind":"Service"}]'
creationTimestamp: null
labels:
app: imagesvc
microservice: imagesvc
name: imagesvc
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
deploymentconfig: imagesvc
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
labels:
app: imaginary
microservice: imagesvc
name: imaginary
spec:
ports:
- name: 9000-tcp
port: 9000
protocol: TCP
targetPort: 9000
selector:
deploymentconfig: imaginary
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: BuildConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
labels:
app: gcsimageupload
microservice: imagesvc
name: gcsimageupload
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: gcsimageupload:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
ref: master
uri: https://github.com/un1x86/openshift-ms-gcsFileUpload.git
type: Git
strategy:
sourceStrategy:
env:
- name: GCS_PROJECT
value: ${GCS_PROJECT_ID}
- name: GCS_KEY_FILENAME
value: ${GCS_KEY_FILENAME}
- name: GCS_BUCKET
value: ${GCS_BUCKET}
from:
kind: ImageStreamTag
name: nodejs:4
namespace: openshift
type: Source
triggers:
- github:
secret: f9928132855c5a30
type: GitHub
- generic:
secret: 77ece14f810caa3f
type: Generic
- imageChange: {}
type: ImageChange
- type: ConfigChange
status:
lastVersion: 0
- apiVersion: v1
kind: BuildConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftWebConsole
creationTimestamp: null
labels:
app: imagesvc
microservice: imagesvc
name: imagesvc
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: imagesvc:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
ref: master
uri: https://github.com/un1x86/openshift-ms-imagesvc.git
type: Git
strategy:
sourceStrategy:
env:
- name: IMAGINARY_APPLICATION_DOMAIN
value: http://imaginary:9000
- name: GCSIMAGEUPLOAD_APPLICATION_DOMAIN
value: http://gcsimageupload:8080
from:
kind: ImageStreamTag
name: nodejs:4
namespace: openshift
type: Source
triggers:
- generic:
secret: 945da12357ef35cf
type: Generic
- github:
secret: 18106312cfa8e2d1
type: GitHub
- imageChange: {}
type: ImageChange
- type: ConfigChange
status:
lastVersion: 0
parameters:
- description: "GCS Project ID"
name: GCS_PROJECT_ID
value: ""
required: true
- description: "GCS Key Filename"
name: GCS_KEY_FILENAME
value: /secret/keyfile.json
required: true
- description: "GCS Bucket name"
name: GCS_BUCKET
value: ""
required: true
You will need to create two imagestreams named "imagesvc" and "gcsimageupload". You could do it by cli "oc create is " or by adding to the template:
- kind: ImageStream
apiVersion: v1
metadata:
name: <name>
spec:
lookupPolicy:
local: false
I'm trying to build a mysql pod on Google Cloud. However, when I create a database and then restart the pod, the database that I created is not persisted.
I follow this official tutorial : https://github.com/kubernetes/kubernetes/tree/master/examples/mysql-wordpress-pd
mysql-deployment.yaml :
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: myApp
env: production
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: myapp-backend-production-mysql
spec:
replicas:
template:
metadata:
labels:
app: myapp
role: backend
env: production
type: mysql
spec:
containers:
- name: backend-mysql
image: mysql:5.6
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password.txt
ports:
- name: backend
containerPort: 3306
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
And the volume.yaml :
# Not applied for all build
kind: PersistentVolume
apiVersion: v1
metadata:
name: mysql-production-pv-1
labels:
app: myapp
env: production
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
gcePersistentDisk:
pdName: mysql-production-1
fsType: ext4
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: mysql-production-pv-2
labels:
app: myapp
env: production
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
gcePersistentDisk:
pdName: mysql-production-2
fsType: ext4