rancher 2.0 networking in project namespace - docker

can i ping one workload from other workload by workloadname?
I accustomed on rancher 1.0, where if i created stack with more conteiner so i can ping one from other conteiner by name.
for example: I have api and database and I need api to communicate with databases. When i click on execute shell on api and write "ping database", so not working.
I write connection string to database in api environmental variable.
And YES i can create database and take database ip a write it to ENV, but this ip will change after each restart.
It's possible to call by some not generate name?
thanks
EDIT:
Service discovery:
Shell:
As you see, so translate database name is work. Only ping database container not working.

To communicate between services you can communicate with cluster IP or with Service Name.
Using the ServiceName will be easier.
The service discovery add a DNS for each of your service. So if you have api, app and database you will have a DNS entry for each of those services.
So within your services, you can refer directly to the DNS.
Example: To connect in JDBC to a schema name test in your database, you would do something like this:
jdbc:mysql://database/test
see:
https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/service-discovery/
If you want to know the clusterIP of you services you can run this command: kubectl get services --all-namespaces
Edit 1: Adding ClusterIP as a way to communicate with a service.

Kubernetes Service IP is implemented using "iptables" on the linux hosts which are part of the cluster. If you examine those rules closely, ONLY the port specified as part of the Service is exposed, not the ICMP port, which means, one cannot ping the Service IP addresses by default. But you would still be able to communicate with the Service on the designated port.

Related

Forward TCP connections through docker container

I have springboot microservice running inside docker container (Kubernetes) which can access unmanaged services (SQL, Elasticsearch, etc), which are not accessible from my laptop directly, so I'm forced to run commands via kubectl to access them. Is there a posibility to forward TCP connections through docker containers to enable direct access to those service, something like ssh port forwarding?
For this you have to create a"service without selector"and defineendpointsfor your "external" resources
Kubernetes doc on such services here
Of course, your service can be of type"NodePort", so with the help of your load balancer in front of OCP, you can access the service from outside your cluster and the service will reach your external resource
Yep, you can use kubectl port-forward to do exactly this. If you'd like to read the documentation it's here.

Service IP & Port discovery with Kubernetes for external App

I'm creating an App that will have to communicate with a Kubernetes service, via REST APIs. The service hosts a docker image that's listening on port 8080 and responds with a JSON body.
I noticed that when I create a deployment via -
kubectl expose deployment myapp --target-port=8080 --type=NodePort --name=app-service
It then creates a service entitled app-service
To then locally test this, I obtain the IP:port for the created service via -
minikube service app-service --url
I'm using minikube for my local development efforts. I then get a response such as http://172.17.118.68:31970/ which then when I enter on my browser, works fine (I get the JSON responses i'm expecting).
However, it seems the IP & port for that service are always different whenever I start this service up.
Which leads to my question - how is a mobile App supposed to find that new IP:Port then if it's subject to change? Is the common way to work around this to register that combination via a DNS server (such as Google Cloud's DNS system?)
Or am I missing a step here with setting up Kubernetes public services?
Which leads to my question - how is a mobile App supposed to find that new IP:Port then if it's subject to change?
minikube is not meant for production use. It is only meant for development purpose. You should create a real kubernetes cluster and use LoadBalancer type service or an Ingress(for L7 traffic) to expose your service to external world. Since you need to expose your backend REST api, Ingress is good choice.

IP of bosh instance - cloud foundry

Database service is running in specific org and space. Two apps are bound to this DB service.
To apply liquibase change from Jenkins to DB service, we need JDBC connection between Jenkins and bosh instance.
Jenkins is outside PCF
How to retrieve IP address of Database service host?
How to retrieve IP address of Database service host?
Load the hostname from VCAP_SERVICES and then resolve it. You can use jq to read VCAP_SERVICES and pull out the hostname. You can then use dig <hostname> or host <hostname> to resolve the hostname. Then you have the IP.
If you're trying to access a service from outside CF, make sure that you have network and firewall access to said service. Network access is often restricted/blocked outside of the CF environment.
Hope that helps!

Remote Docker container by hostname

How do you access remote Docker container by its hostname?
I need to access remote Docker containers by its hostnames (or some constant IP's) for development and testing purposes. I have tried:
looking for any DNS approach (have not found any clues),
importing /ets/hosts (probably impossible),
creating tunnes (only this works but it is very time consuming).
It's the same as running any other process on a host, Docker or not Docker: you access it via the host name or IP address of the host and the port the service is listening on (the first port of the docker run -p argument). Docker containers don't have externally visible individual IP addresses any more than non-Docker HTTP or ssh daemons do.
If you do have DNS infrastructure available to you, you could set up CNAME records to resolve particular service names to the specific hosts that are running them.
One solution that may help you is some sort of service registry; in the past I've used Consul with some success. You can configure Consul with some health checks or other probes ("look for an HTTP service on port 12345 that answers GET / calls"), and it will provide its own DNS service ("okay, http://whatevername.service.consul:12345/ will reach your service on whichever hosts it happens to be running on").
Nothing in the Docker infrastructure specifically helps this. Using /etc/hosts is distinctly not a best practice: the name-to-IP mapping needs to be kept in sync across all machines and you'll start wishing you had a network service to publish it for you, which is exactly what DNS is for.

How to programmatically specify the IP and port of a dependent docker container created by Marathon?

I am learning Micro-services architecture by writing a small web app. The app has the following components, each of which will be hosted by a docker container.
In my API Gateway which is written in NodeJS, there is some place I will call:
request('http://service_b_ip_addr:port/get_service_b', callback);
However, both service_b_ip_addr and port are not known until Marathon has the Service B's docker container created.
With some Service Discovery mechanism, such as mesos-dns or marathon-lb, I guess that I could just change service_b_ip_addr to something like service_b.marathon.com.
But I've no idea how should I put the port in my program.
Thanks in advance for your help.
PS:
I am using BRIDGED network mode given that multiple instances of a Service could locate on the same Mesos slave. So port is a NATted random number.
Take a look at this answer.
If you use marathon-lb then there is no need to pass a port because it's a proxy and it will know where service is just by name.
If you use mesos-dns you should make a SRV request to get ip and port. In node you can do it with dns.resolveSrv(hostname, callback) but your DNS must be exposed on defaul (53) port and supports SRV request (mesos-dns supports it).

Resources