Run docker container on OpenShift from Nexus unsecure private registry - openshift

I'm trying to run a containerized app which is stored in Nexus docker hosted on url 12.23.34.55:8086
I'm trying to run it on my Openshift Cluster, but I'm getting error. Commands I'm using to run
oc create secret docker-registry mysecret --docker-server=http://12.23.34.55/ --docker-username=aditya --docker-password=aditya --docker-email=aditya#example.org
oc secrets link default mysecret --for=pull
My nexus is running on http://12.23.34.55:8081
Now I'm using command to launch in OpenShift using below command.
oc new-app 12.23.34.55:8085/mytestapp:11 --insecure-registry=true
as per $ oc new-app myregistry:5000/example/myimage
https://docs.openshift.com/container-platform/4.1/applications/application_life_cycle_management/creating-new-applications.html
But it does not work, it asks for password and not able to deploy from console too, can anyone help me with exact commmand.

Creating the secret is not enough for OpenShift to be able to pull from the registry. You still need to link that secret as well.
Take a look at the official documentation here:
https://docs.openshift.com/container-platform/4.1/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-from-secure-registries_using-image-pull-secrets

Okay! I found an answer, so using private registry first we should import image using
oc import name url/imagename:tag
then we can create new app with the same
oc new app name

Related

Unable to create nginx application on OpenShift

I'm trying to add an nginx application to my Openshift 4.1 project. The ImageStream is available in the openshift namespace as:
image-registry.openshift-image-registry.svc:5000/openshift/nginx
When I create the app with:
oc new-app nginx
The created Pod is in CrashLoopBackOff. From the logs I can read:
This is a S2I rhel base image: To use it, install S2I: https://github.com/openshift/source-to-image Sample invocation: s2i build https://github.com/sclorg/nginx-container.git --context-dir=1.12/test/test-app/ rhscl/nginx-112-rhel7 nginx-sample-app You can then run the resulting image via: docker run -p 8080:8080 nginx-sample-app
It's not clear to me. Can't I use "oc-new app" to create the application? or do I miss any Environment variable?
Thanks

Using a connector with Helm-installed Kafka/Confluent

I have installed Kafka on a local Minikube by using the Helm charts https://github.com/confluentinc/cp-helm-charts following these instructions https://docs.confluent.io/current/installation/installing_cp/cp-helm-charts/docs/index.html like so:
helm install -f kafka_config.yaml confluentinc/cp-helm-charts --name kafka-home-delivery --namespace cust360
The kafka_config.yaml is almost identical to the default yaml, with the one exception being that I scaled it down to 1 server/broker instead of 3 (just because I'm trying to conserve resources on my local minikube; hopefully that's not relevant to my problem).
Also running on Minikube is a MySQL instance. Here's the output of kubectl get pods --namespace myNamespace:
I want to connect MySQL and Kafka, using one of the connectors (like Debezium MySQL CDC, for instance). In the instructions, it says:
Install your connector
Use the Confluent Hub client to install this
connector with:
confluent-hub install debezium/debezium-connector-mysql:0.9.2
Sounds good, except 1) I don't know which pod to run this command on, 2) None of the pods seem to have a confluent-hub command available.
Questions:
Does confluent-hub not come installed via those Helm charts?
Do I have to install confluent-hub myself?
If so, which pod do I have to install it on?
Ideally this should be configurable as part of the helm script, but unfortunately it is not as of now. One way to work around this is to build a new Docker from Confluent's Kafka Connect Docker image. Download the connector manually and extract the contents into a folder. Copy the contents of this to a path in the container. Something like below.
Contents of Dockerfile
FROM confluentinc/cp-kafka-connect:5.2.1
COPY <connector-directory> /usr/share/java
/usr/share/java is the default location where Kafka Connect looks for plugins. You could also use different location and provide the new location (plugin.path) during your helm installation.
Build this image and host it somewhere accessible. You will also have to provide/override the image and tag details during the helm installation.
Here is the path to the values.yaml file. You can find the image and plugin.path values here.
Just an add-on to Jegan's comment above: https://stackoverflow.com/a/56049585/6002912
You can choose to do the Dockerfile below. Recommended.
FROM confluentinc/cp-server-connect-operator:5.4.0.0
RUN confluent-hub install --no-prompt debezium/debezium-connector-postgresql:1.0.0
Or you can use a Docker's multi-stage build instead.
FROM confluentinc/cp-server-connect-operator:5.4.0.0
COPY --from=debezium/connect:1.0 \
/kafka/connect/debezium-connector-postgres/ \
/usr/share/confluent-hub-components/debezium-connector-postgres/
This will help you to save time on getting the right jar files for your plugins like debezium-connector-postgres.
From Confluent documentation: https://docs.confluent.io/current/connect/managing/extending.html#create-a-docker-image-containing-c-hub-connectors
The Kafka Connect pod should already have the confluent-hub installed. It is that pod you should run the commands on.
The cp kafka connect pod has 2 containers, one of them is a cp-kafka-connect-server container.That container has confluent-hub installed.You can login into that container and run your connector commands there.To login into that container, run the following command:
kubectl exec -it {pod-name} -c cp-kafka-connect-server -- /bin/bash
As of latest version of chart, this can be achieved using customEnv.CUSTOM_SCRIPT_PATH
See README.md
Script can be passed as a secret and mounted as a volume

How to open a Web Console for open shift?

guys I am using OpenShift to conatinerize and run application on kubernetes, I have started the open shift cluster using oc cluster up now how do I open in the web console.
For the mini shift I have user minishift start and then minishift console it's not working the same with oc cluster up
Running oc whoami --show-console returns the link to the console app.
You can obtain the console URL in OpenShift Container Platform 4 as follows:
$ oc get routes -n openshift-console
Thanks, oc login helped me to get the web console url

openshift start build forbidden

I am trying to create a build and deployment pipeline in OpenShift via Jenkins. I have followed their official tutorial: https://github.com/OpenShiftDemos/openshift-cd-demo
and properly set all policies ( i am using different project names and application but the same strategy ) yet the Jenkins app deployed on cicd project cant start to build in dev project.
Error:
Error from server (Forbidden): buildconfigs.build.openshift.io buildconfig not found though the build is created and can be seen via the web console.
I am using the --from-file instead of --from-dir for binary input.
Please help if any other policies need to be set for the Jenkins service account in cicd project to "start-build" in dev project.
Yes, the Jenkins need to have access to dev project, you can use the following command to give access:
oc policy add-role-to-user edit system:serviceaccount:cicd-tools:jenkins -n example-openshift-dockerfile
cicd-tools: Project jenkins is installed in
example-openshift-dockerfile: Project that will be changed by Jenkins

Deploying a node.js application with Bluemix

I am trying to deploy a simple node.js application with the new Kubernetes support in Bluemix. When I run the container I made, I get a ImagePullBackOff error, which means it can't pull down the image.
NAME READY STATUS RESTARTS AGE
hello-node-2399519400-6m8dz 0/1 ImagePullBackOff 0 13m
My Docker image uses the node.js base image.
FROM node:6.9.2
EXPOSE 8080
COPY server.js .
CMD node server.js
I deployed using:
docker build -t hello-node:v1 .
kubectl run hello-node --image=hello-node:v1 --port=8080
I am thinking that Bluemix can't pull down the node.js image, but I am not certain.
I see the docker build of the image, and I'm presuming that you're using the kubectl with the exported cluster config (bx cs cluster-config ...), so that it's targetting your cluster.
Did you tag and push that image from your local docker into the bluemix registry, or to another remote registry that would be accessible from the container service? (My apologies if this is obvious - just didn't see the step there to tag and push it to a registry that would be available).
I had to first push the image to Bluemix with:
docker build -t registry.ng.bluemix.net/namespace/hello-node:1
docker push registry.ng.bluemix.net/namespace/hello-node:1
kubectl run hello-node-deployment --image=registry.ng.bluemix.net/namespace/hello-node:1