[WIP] Docker registry re-deployment tips#8666
[WIP] Docker registry re-deployment tips#8666miminar wants to merge 1 commit intoopenshift:masterfrom
Conversation
openshift-ci-robot
added
the
size/L
miminar
force-pushed
the
registry-redeploy
branch
2 times, most recently
from
6279b96 to
eca7637
Compare
There was a problem hiding this comment.
I think roullout is supported since like Kubernetes 1.7
There was a problem hiding this comment.
don't say unfortunately, we apologize for nothing! :) (but seriously, it strikes an awkward tone. just state the facts).
There was a problem hiding this comment.
I think roullout is supported since like Kubernetes 1.7
Well, this is what I get with oc v3.9.16-1+23bf34b-dirty:
$ oc rollout latest ds/docker-registry
error: docker-registry is not a deployment config
don't say unfortunately
My disappontment leaked into the text. I'll try to be less emotional ;-).
There was a problem hiding this comment.
You said oc rollout, not oc rollout latest. DS (with rolling Update strategy set) rollout automatically on config change. You can do e.g. oc rollout undo daemonset <daemonset-name> --to-revision=<revision> to rollback. If you need to force redeployment without a change in PodSpec you need to e.g. annotate the pod template with current time until we implement rolling-restart.
There was a problem hiding this comment.
@tnozicka thanks, that looks promising, I think I'll use this.
There was a problem hiding this comment.
not sure, but feel free to create an issue if that's not supported. oc create service and using the labels from DS should work though
There was a problem hiding this comment.
@tnozicka Is there a better command that will not cause noticeable down-time?
There was a problem hiding this comment.
https://v1-9.docs.kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
set the strategy to rollingUpdate and insert a label with current time into the pod template in the DS to force it to redeploy (rolling-restart command is planned to avoid this)
There was a problem hiding this comment.
oc rollout? (won't cause downtime if the strategy is rolling)
There was a problem hiding this comment.
(not applicable to daemonsets of course)
There was a problem hiding this comment.
oc patch ds <ds_name> -p='{"spec":{"template":{"metadata":{"annotations":{"timestamp":"'$(date +%s%N)'"}}}}}'
There was a problem hiding this comment.
You want my contribution to become the least readable piece ever. I'm missing a note type [NerdsOnly] :-)
There was a problem hiding this comment.
But I like the hack nevertheless.
There was a problem hiding this comment.
AFAIK image streams are created with an IP address and it's asynchronously replaced by the FQDN, so FQDN may appear with a little delay.
There was a problem hiding this comment.
I think that happens only when you have master config misconfigured, at least from the issues we have been seeing with double deployments.
There was a problem hiding this comment.
The hostname specified in the configuration file takes precedence. If not present, OPENSHIFT_DEFAULT_REGISTRY env var is used. When unset, the master evaluates service's "${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT}".
With oc cluster up, all is unset until the service exists (or maybe is up - need to verify so just the service's existence matters). Nevetheless, good point - I need to explain the empty output as well.
There was a problem hiding this comment.
TL;DR; if there's no output, no explicit address is configured and the service does not yet exist.
There was a problem hiding this comment.
s/is/are/
(docs team may have a better suggestion on cleaning up the informal language)
There was a problem hiding this comment.
unclear what this means. Do you mean mean the service ip will not be changed as a result of redeploying, or is this a command to the user ("don't change the service ip when you redeploy")?
There was a problem hiding this comment.
The latter. It's very easy to change the service IP and it should be avoided. I'll try to be more clear.
There was a problem hiding this comment.
this is confusing after having just read that the IP won't be changed. why do i need to know this if the IP isn't going to change? When do i need to know it?
There was a problem hiding this comment.
If you choose to change the service IP. I'll rephrase.
There was a problem hiding this comment.
again unclear if this means "you must keep the service ip the same" or "the system will keep the service ip the same"
There was a problem hiding this comment.
s/though/when the DNS name is used/
There was a problem hiding this comment.
if what isn't the case? if they don't match? again what if they were using a hostname?
and what if a custom IP is being used? (custom ip for what? the service ip?)
There was a problem hiding this comment.
don't you need to delete the existing "docker-registry" service first?
There was a problem hiding this comment.
oc rollout? (won't cause downtime if the strategy is rolling)
There was a problem hiding this comment.
(not applicable to daemonsets of course)
There was a problem hiding this comment.
why is this the error when the docker-registry service does not exist? That env var doesn't have anything to do w/ the service.
There was a problem hiding this comment.
Yeah, this is a bit misleading. The REGISTRY_OPENSHIFT_SERVER_ADDR is the preferred env var for configuring this. If it's unset as well as some other deprecated vars with the same meaning, the registry looks for the variables inherited from the associated service ("DOCKER_REGISTRY_SERVICE_HOST").
I'm putting the explanation in there.
miminar
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
Apparently, there's a new deploy_registry.yml playbook for the re-deployment. I'll give it a shot and include it here. Also the point of mainaining the registry's service IP is already in the docs but it's a bit outdated. I'm now merging the two. |
Resolves: openshift/origin#10585 Signed-off-by: Michal Minář <miminar@redhat.com>
miminar
force-pushed
the
registry-redeploy
branch
from
eca7637 to
ed3ad18
Compare
| reload their internal registry address. | ||
| + | ||
| ---- | ||
| $ oc env -n default ds/docker-registry "TIMESTAMP=$(date +%s%N)" |
There was a problem hiding this comment.
Env works as well but pollutes pod's env a bit (program can see it), annotation is clearer. I'll leave the choice with you :)
I get it's shorter but people will likely just copy paste it.
|
Rewritten. Merged a similar section from the extended configuration. Rendered here. I still need to include instructions for using the stand-alone registry playbook. |
| {"op":"add","path":"/spec/sessionAffinity","value":"ClientIP"}, | ||
| {"op":"add","path":"/spec/selector","value":{"docker-registry":"default"}} | ||
| ]' --local=true -o json | \ | ||
| oc replace -n default -f - --force <2> |
There was a problem hiding this comment.
Couldn't find out anything simpler. Originally I wanted to use oc adm registry and filter out everything but the service template. But I couldn't pull it off without using external tools like jq.
| include the hostnames by which you expect the registry to be referenced. | ||
| See xref:securing_and_exposing_registry.adoc#securing-the-registry[securing | ||
| the registry] for instructions on adding hostnames to the server certificate. | ||
| - |
openshift-bot
added
the
needs-rebase
|
@miminar: PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@miminar - is this PR still valid? |
|
@vikram-redhat I'm afraid this needs a complete rewrite. Also with the upcoming registry operator this will become obsolete. Unfortunately, I don't have time to continue work on this now. |
|
@miminar - thanks for letting us know and closing this PR. |
7 participants
Resolves: openshift/origin#10585