← Back to Datawire Open Source Documentation

Get started with OpenShift

A short introduction: accessing the cluster

  1. Install Telepresence (see below).
  2. Run a service in the cluster:

    $ oc run myservice --image=datawire/hello-world --port=8000 --expose
    $ oc get service myservice
    myservice    <none>        8000/TCP   1m

    It may take a minute or two for the pod running the server to be up and running, depending on how fast your cluster is.

  3. You can now run a local process using Telepresence that can access that service, even though the process is local but the service is running in the OpenShift cluster:

    $ telepresence --run curl http://myservice:8000/
    Hello, world!

    (This will not work if the hello world pod hasn't started yet... if so, try again.)

curl got access to the cluster even though it's running locally! In the more extended tutorial that follows you'll see how you can also route traffic to a local process from the cluster.

A longer introduction: exposing a service to the cluster

Install Telepresence with Homebrew/apt/dnf

Debugging a service locally with Telepresence

Imagine you have a service running in a staging cluster, and someone reports a bug against it. In order to figure out the problem you want to run the service locally... but the service depends on other services in the cluster, and perhaps on cloud resources like a database.

In this tutorial you'll see how Telepresence allows you to debug your service locally. We'll use the telepresence command line tool to swap out the version running in the staging cluster for a debug version under your control running on your local machine. Telepresence will then forward traffic from OpenShift to the local process.

You should start a new application and publicly expose it:

$ oc new-app --docker-image=datawire/hello-world --name=hello-world
$ oc expose service hello-world

Important: It might be necessary to define security context constraint in order for Telepresence to run privileged containers. Execute following using an account with sufficient permission (i.e. for local cluster login first as system:admin):

$ oc adm policy add-scc-to-user anyuid -z default -n hello-world
$ oc adm policy add-scc-to-user privileged -z default -n hello-world

The service will be running once the following shows a pod with Running status that doesn't have "deploy" in its name:

$ oc get pod | grep hello-world
hello-world-1-hljbs   1/1       Running   0          3m

To find the address of the resulting app you can run:

$ oc get route hello-world
hello-world   example.openshiftapps.com

In the above output the address is http://example.openshiftsapps.com, but you will get a different value. It may take a few minutes before this route will be live; in the interim you will get an error page. If you do wait a minute and try again.

Once you know the address you can store its value (don't forget to replace this with the real address!):

$ export HELLOWORLD=

And you send it a query and it will be served by the code running in your cluster:

Hello, world!

Swapping your deployment with Telepresence

Important: Starting telepresence the first time may take a little while, since OpenShift needs to download the server-side image.

At this point you want to switch to developing the service locally, replace the version running on your cluster with a custom version running on your laptop. To simplify the example we'll just use a simple HTTP server that will run locally on your laptop:

$ mkdir /tmp/telepresence-test
$ cd /tmp/telepresence-test
$ echo "hello from your laptop" > file.txt
$ python3 -m http.server 8001 &
[1] 2324
$ curl http://localhost:8001/file.txt
hello from your laptop
$ kill %1

We want to expose this local process so that it gets traffic from OpenShift, replacing the existing hello-world deployment.

Important: you're about to expose a web server on your laptop to the Internet. This is pretty cool, but also pretty dangerous! Make sure there are no files in the current directory that you don't want shared with the whole world.

Here's how you should run telepresence (you should make sure you're still in the /tmp/telepresence-test directory you created above):

$ cd /tmp/telepresence-test
$ telepresence --swap-deployment hello-world --expose 8000 \
--run python3 -m http.server 8000 &

This does three things:

  • Starts a VPN-like process that sends queries to the appropriate DNS and IP ranges to the cluster.
  • --swap-deployment tells Telepresence to replace the existing hello-world pod with one running the Telepresence proxy. On exit, the old pod will be restored.
  • --run tells Telepresence to run the local web server and hook it up to the networking proxy.

As long as you leave the HTTP server running inside telepresence it will be accessible from inside the OpenShift cluster. You've gone from this...

graph RL subgraph OpenShift in Cloud server["datawire/hello-world server on port 8000"] end

...to this:

graph RL subgraph Laptop code["python HTTP server on port 8000"]---client[Telepresence client] end subgraph OpenShift in Cloud client-.-proxy["Telepresence proxy, listening on port 8000"] end

We can now send queries via the public address of the Service we created, and they'll hit the web server running on your laptop instead of the original code that was running there before. Wait a few seconds for the Telepresence proxy to startup; you can check its status by doing:

$ oc get pod | grep hello-world
hello-world-2169952455-874dd   1/1       Running       0          1m
hello-world-3842688117-0bzzv   1/1       Terminating   0          4m

Once you see that the new pod is in Running state you can use the new proxy to connect to the web server on your laptop:

$ curl $HELLOWORLD/file.txt
hello from your laptop

Finally, let's kill Telepresence locally so you don't have to worry about other people accessing your local web server by bringing it to the foreground and hitting Ctrl-C:

$ fg
telepresence --swap-deployment hello-world --expose 8000 --run python3 -m http.server 8000
Keyboard interrupt received, exiting.

Now if we wait a few seconds the old code will be swapped back in. Again, you can check status of swap back by running:

$ oc get pod | grep hello-world

When the new pod is back to Running state you can see that everything is back to normal:

$ curl $HELLOWORLD/file.txt
Hello, world!

What you've learned: Telepresence lets you replace an existing deployment with a proxy that reroutes traffic to a local process on your machine. This allows you to easily debug issues by running your code locally, while still giving your local process full access to your staging or testing cluster.

Now it's time to clean up the service:

$ oc delete dc,service,route,imagestream hello-world

Telepresence can do much more than this: see the reference section of the documentation, on the top-left, for details.

Install Telepresence with Homebrew/apt/dnf

Still have questions? Ask in our Slack chatroom or file an issue on GitHub.

If this tutorial was useful to you, we'd appreciate it if you'd share it online.

results matching ""

    No results matching ""