Re: Ingress Operator Routes and Kubernetes Ingress with TLS

[Clayton Coleman]

You usually have to define a secret for your tls keys

On May 2, 2020, at 9:21 PM, Conrado Poole  wrote:



Hi all,



Trying to figure out if the Ingress Operator is able to create Routes for
Kubernetes objects when they specify a TLS section on their spec.



>From my testing Routes are automatically generated as soon as an Ingress is
created so as long as it does not have the tls: section.



The following Ingress does work and creates 3 Routes



*apiVersion: extensions/v1beta1*

*kind: Ingress*

*metadata:*

*  name: ingress-test*

*spec:*

*rules:*

*  - host: one.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

*  serviceName: one-service*

*  servicePort: 8080*

*  - host: two.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

*  serviceName: two-service*

*  servicePort: 8080*

*  - host: three.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

*  serviceName: three-service*

*  servicePort: 8080*



But this one with TLS (trying to do EDGE termination) does not generate any
routes, the minute I edit the Ingress and remove a host from the TLS
section, the ingress operator creates a route for that one.



*apiVersion: extensions/v1beta1*

*kind: Ingress*

*metadata:*

*  name: ingress-test*

*spec:*

*  tls:*

*  - hosts:*

*- one.apps.mycluster.com *

*secretName: secret-ingress-one*

*  - hosts:*

*- two.apps.mycluster.com *

*secretName: secret-ingress-two*

*  - hosts:*

*- three.apps.mycluster.com *

*secretName: secret-ingress-three*

*  rules:*

*  - host: one.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

*  serviceName: one-service*

*  servicePort: 8080*

*  - host: two.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

* serviceName: two-service*

*  servicePort: 8080*

*  - host: three.apps.mycluster.com *

*http:*

*  paths:*

*  - backend:*

*  serviceName: three-service*

*  servicePort: 8080*



Is there any specific configuration I need to make on the Ingress Operator
to have it generate routes in this case? Or is this working as expected and
it does not support it?



Thanks in advance
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: wait for build triggered by new-app

[Ben Parees]

On Wed, May 6, 2020 at 12:50 PM Just Marvin <
marvin.the.cynical.ro...@gmail.com> wrote:

> Ben,
>
>I appreciate the pointer, but this doesn't seem to do the right thing.
> Here is the relevant portion of my code:
>

> oc new-app --name=teams git@ -e MONGODB_USER= -e
> MONGODB_PASSWORD= -e MONGODB_HOST=mongodb -e MONGODB_PORT=27017 -e
> MONGODB_DATABASE=teamdb --source-secret=
> #  Adding waits for teams and teams-1 because the build resource seems to
> be teams-1
> oc wait build/teams --for=condition=Complete
>

this line won't do anything, there's no build named "teams", only "teams-1"
(and later teams-2, etc)



> oc wait build/teams-1 --for=condition=Complete
>

this looks correct


>And here is the output:
>
> warning: Cannot check if git requires authentication.
> --> Found container image 1db9786 (6 months old) from docker.io for "
> docker.io/websphere-liberty:javaee8"
>
> * An image stream tag will be created as "websphere-liberty:javaee8"
> that will track the source image
> * A Docker build using source code from git@
> will be created
>   * The resulting image will be pushed to image stream tag
> "teams:latest"
>   * Every time "websphere-liberty:javaee8" changes a new build will be
> triggered
>   * WARNING: this source repository may require credentials.
>  Create a secret with your git credentials and use 'oc set
> build-secret' to assign it to the build config.
> * This image will be deployed in deployment config "teams"
> * Ports 9080/tcp, 9443/tcp will be load balanced by service "teams"
>   * Other containers can access this service through the hostname
> "teams"
>
> --> Creating resources ...
> imagestream.image.openshift.io "websphere-liberty" created
> imagestream.image.openshift.io "teams" created
> buildconfig.build.openshift.io "teams" created
> deploymentconfig.apps.openshift.io "teams" created
> service "teams" created
> --> Success
> Build scheduled, use 'oc logs -f bc/teams' to track its progress.
> Application is not exposed. You can expose services to the outside
> world by executing one or more of the commands below:
>  'oc expose svc/teams'
> Run 'oc status' to view your app.
> Error from server (NotFound): builds.build.openshift.io "teams" not found
>

this error is because as noted above, build/teams isn't ever going to exist.


> Error from server (NotFound): builds.build.openshift.io "teams-1" not
> found
>

this error doesn't make sense to me since new-app should have created the
build already, however there is a bit of a timing window since new-app
creates the buildconfig and then relies on the build controller to kick off
the first build.  It's possible that new-app is finishing and your oc wait
is starting, before the build controller sees your buildconfig and creates
the first build (teams-1)

unfortunately I don't think oc wait can wait for a resource to exist, so
you're stuck doing either:
1) a short sleep before you invoke oc wait, to give the build time to be
created (easy, but potentially flaky)
2) an oc get loop that loops until the resource exists, and then you can
start waiting on it.  (of course if you do that, you can also use a go
template to extract the phase of the build once it exists and watch it
yourself, instead of using oc wait)



> deploymentconfig.apps.openshift.io/teams patched
> deploymentconfig.apps.openshift.io/teams patched
> error: timed out waiting for the condition on deploymentconfigs/teams
> error: no matching resources found
> route.route.openshift.io/teams exposed
> route.route.openshift.io/teams patched
> The teams api is now available at http://teams.
>
> At this point, I can see that the build resource has been created,
> even though the "wait" that I tried to put in place has not worked.
>
> [zaphod@oc3027208274 gatt]$ oc get builds
> NAME  TYPE FROM  STATUSSTARTED  DURATION
> teams-1   Docker   Git@b4dba21   Running   36 seconds ago
> [zaphod@oc3027208274 gatt]$
>
>  What am I doing wrong?
>
> Regards,
> Marvin
>
> On Wed, May 6, 2020 at 11:52 AM Ben Parees  wrote:
>
>>
>>
>> On Wed, May 6, 2020 at 11:34 AM Just Marvin <
>> marvin.the.cynical.ro...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I've been trying to write a script that runs various commands
>>> following a new-app. These commands will operate on the dc created by
>>> new-app, but fail if the resources haven't reached the right stage, so I'd
>>> like to wait for the build to complete. Unfortunately, I can't seem to
>>> figure out the right condition to wait for using the "oc wait" command.
>>> Does anyone have a suggestion? Wait on the bc or the build or (and for
>>> what condition)?
>>>
>>
>> oc wait build/buildresourcename --for=condition=Complete
>>
>> unfortunately that won't help if the build in question fails (Complete
>> means success) so set your timeout appropriately.
>>
>>
>>
>>
>>
>>>
>>> Thanks,
>>> Marvin
>>> 

Re: wait for build triggered by new-app

[Ben Parees]

On Wed, May 6, 2020 at 11:34 AM Just Marvin <
marvin.the.cynical.ro...@gmail.com> wrote:

> Hi,
>
> I've been trying to write a script that runs various commands
> following a new-app. These commands will operate on the dc created by
> new-app, but fail if the resources haven't reached the right stage, so I'd
> like to wait for the build to complete. Unfortunately, I can't seem to
> figure out the right condition to wait for using the "oc wait" command.
> Does anyone have a suggestion? Wait on the bc or the build or (and for
> what condition)?
>

oc wait build/buildresourcename --for=condition=Complete

unfortunately that won't help if the build in question fails (Complete
means success) so set your timeout appropriately.





>
> Thanks,
> Marvin
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


-- 
Ben Parees | OpenShift
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users