- How to login to openshift using the
oc
CLI - Deploy OBP-API to your OpenShift Cluster
- Deploy OBP API to your local development environment
Objective: When you type "oc get pods
" you get back some or no pods. If your cluster is new, you will see "No resources found in <username> namespace
"
For that to work, configure your terminal to use oc
CLI against your Openshift cluster. The UI it not intuitive at all so here's the instructions:
- Login to your web cluster to get your authentication key (e.g. onsole-openshift-console.apps.sandbox-m2.abc123.p1.openshiftapps.com)
- Click the '?' then "Command line tools", then "Copy login command"
Verbose cli login details: To log in using the CLI, collect your token from the web console’s Command Line page, which is accessed from Command Line Tools in the Help menu. The token is hidden, so you must click the copy to clipboard button at the end of the oc login line on the Command Line Tools page, then paste the copied contents to show the token. Official docs
- Ensure your secrets are configured as intended (see
obp.yaml
) - Apply the OBP manifest(s) to your k8s cluster
A quickstart valid OBP-API deployment manifest is provided:
oc apply -f obp.yaml
Validate:
oc get pods
This will generate a frontent url for your app, which you may then use as a DNS CNAME
for ingress traffic.
Openshift doesn't appear to use the standard Kubernetes ingress way of defining routes to applications, and uses a "
kind: Reoute
" concept instead. Therefore we provide a specialroute.yaml
for special OpenShift:
Apply the route:
oc apply -f route.yaml
route.route.openshift.io/obp-frontend created
View the assigned route address:
oc get route obp-frontend
Example output:
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
obp-frontend obp-frontend-chrisjsimpson-dev.apps.sandbox-m2.ll9k.p1.openshiftapps.com obpapi-service <all> None
You may then choose to configure your DNS, adding a CNAME
for the generated route to the app web frontend.
- Get & note down the existing application route name
oc get route
(e.gobp-frontend-chrisjsimpson-dev.apps.sandbox-m2.ll9k.p1.openshiftapps.com
) - Delete the existing route resource (they are immutable):
oc delete -f route.yaml
- Add your
host
toroute.yaml
(for example if you areexample.com
and you want to setupobp-api.example.com
:
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: obp-frontend
spec:
host: obp-api.example.com
to:
kind: Service
name: obpapi-service
- Set your DNS CNAME record to point to the old application route name: e.g.
obp-api.example.com IN CNAME obp-frontend-chrisjsimpson-dev.apps.sandbox-m2.ll9k.p1.openshiftapps.com
- Apply
oc apply -f route.yaml
Tools required:
crc
(Download & install crc)
Start crc
crc setup
crc start
Enable podman:
This sets-up podman to 'speak' to your local openshift cluster rather than your host machine.
eval $(crc podman-env)
Warning If you see "error did not resolve to an alias and no unqualified-search registries are defined" Then edit
/etc/containers/registries.conf
and add/uncomment to your prefered registry e.g.'unqualified-search-registries = ["docker.io"]
ref: podman no longer searched dockerhub error)
Warning Work in progress. This clone url is subject to change to the official repo
git clone https://github.com/KarmaComputing/OBP-API.git
cd OBP-API
tldr: KarmaComputing/OBP-API#9
- Fix containers uuid handling using this example.
- See fully working obp-api openshift container example
- Historical context see: Building Non Root Docker Images OpenShift, and Openshift will not run your container as a root user
Detail:
The current OBP-API docker images will not run on Openshift deployed custers. An example image which does is available at: dockerhub, and the code reference which handles the random uid scenario in OpenShift clusters.
OBP openshift ATM Postgress curl (time sink: cluster registry permissions/access) undocumented use of generate-jetty-start.sh in unknown repo, perhaps refers to image: index.docker.io/tawoe/obp-api however the tags are undocumented (tag "hw" exists and is most recently modified but no information, "lastest" tag is 9 days go) Neither will run on a production Openshift cluster chrisjsimpson/obpapi-kube will.
********************************************************************
WARNING: User is 1012560000
The user should be (re)set to 'jetty' in the Dockerfile
********************************************************************
/generate-jetty-start.sh: 10: cannot create /var/lib/jetty/jetty.start: Permission denied
jetty dry run failed: