Bug 1409240

Description of problem:
Because of https://access.redhat.com/support/cases/#/case/01750238, I am now working on a solution with a "shadow project". Now, I would like to achieve to setup a service in the main project that points to a service in the shadow project.

I found the following documentation of kubernetes:
http://kubernetes.io/docs/user-guide/services/#services-without-selectors
Where they mention:
"You want to point your service to a service in another Namespace or on another cluster."
-> This is exactly what I would like to achieve.

So, I tested two things:
1. ExternalName
{
    "kind": "Service",
    "apiVersion": "v1",
    "metadata": {
        "name": "egress-proxy",
        "namespace": "openpaas-egress-test"
    },
    "spec": {
        "type": "ExternalName",
        "externalName": "egress-squid.openpaas-egress-test-egress.svc.cluster.local"
    }
}
-> ends with:
oc create -f external-endpoint.json
The Service "egress-proxy" is invalid.
* spec.ports: Required value
* spec.type: Unsupported value: "ExternalName": supported values: ClusterIP, LoadBalancer, NodePort

I read on the same kubernetes page, that this comes with kube-dns 1.7 (http://kubernetes.io/docs/user-guide/services/#publishing-services---service-types).

So I guess this is not yet supported in OpenShift.
How can I check kube-dns version in OpenShift?
Will kube-dns replace skydns? (I see after upgrade that a project kube-system now exists, but it is empty. OpenShift documentation 3.3 still talks about skydns.)
If yes, what are the plans?


2. External service
As documented in https://docs.openshift.com/container-platform/3.3/dev_guide/integrating_external_services.html, I tried the following:
A. service
{
    "kind": "Service",
    "apiVersion": "v1",
    "metadata": {
        "name": "egress-https-proxy",
        "namespace": "openpaas-egress-test"
        "labels": {
            "app": "egress-https-proxy",
            "axa-cloud.com/kind": "egress-http-proxy"
        }
    },
    "spec": {
        "ports": [
            {
                "name": "8080-tcp",
                "protocol": "TCP",
                "port": 8080,
                "targetPort": 8080
            }
        ]
    },
    "selector": {}
}
B. Endpoints
{
    "kind": "Endpoints",
    "apiVersion": "v1",
    "metadata": {
        "name": "egress-https-proxy",
        "namespace": "openpaas-egress-test"
        "labels": {
            "app": "egress-https-proxy",
            "axa-cloud.com/kind": "egress-http-proxy"
        }
    },
    "subsets": [
        {
            "addresses": [
                { "ip": "172.30.69.193" }
            ],
            "ports": [
                {
                    "name": "8080-tcp",
                    "port": 8080
                }
            ]
        }
    ]
}

I could set that up, then tested it via a testpod in the main project. So, oc rsh pod, then curl -v url.
I peered the projects through: oc adm pod-network join-projects --to=openpaas-egress-test-egress openpaas-egress-test.
I am able to curl the service in the shadow namespace directly:
curl -v egress-https-proxy.openpaas-egress-test-egress
But I cannot curl the service in the main project that points to the service in the shadow project:
curl -v egress-https-proxy

I guess, this is really only for external services outside of the cluster. Is this correct?
Is it somehow possible to achieve what I would like to?




Version-Release number of selected component (if applicable):
3.3.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: