Description of problem: Because of https://access.redhat.com/support/cases/#/case/01750238, I am now working on a solution with a "shadow project". Now, I would like to achieve to setup a service in the main project that points to a service in the shadow project. I found the following documentation of kubernetes: http://kubernetes.io/docs/user-guide/services/#services-without-selectors Where they mention: "You want to point your service to a service in another Namespace or on another cluster." -> This is exactly what I would like to achieve. So, I tested two things: 1. ExternalName { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "egress-proxy", "namespace": "openpaas-egress-test" }, "spec": { "type": "ExternalName", "externalName": "egress-squid.openpaas-egress-test-egress.svc.cluster.local" } } -> ends with: oc create -f external-endpoint.json The Service "egress-proxy" is invalid. * spec.ports: Required value * spec.type: Unsupported value: "ExternalName": supported values: ClusterIP, LoadBalancer, NodePort I read on the same kubernetes page, that this comes with kube-dns 1.7 (http://kubernetes.io/docs/user-guide/services/#publishing-services---service-types). So I guess this is not yet supported in OpenShift. How can I check kube-dns version in OpenShift? Will kube-dns replace skydns? (I see after upgrade that a project kube-system now exists, but it is empty. OpenShift documentation 3.3 still talks about skydns.) If yes, what are the plans? 2. External service As documented in https://docs.openshift.com/container-platform/3.3/dev_guide/integrating_external_services.html, I tried the following: A. service { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "egress-https-proxy", "namespace": "openpaas-egress-test" "labels": { "app": "egress-https-proxy", "axa-cloud.com/kind": "egress-http-proxy" } }, "spec": { "ports": [ { "name": "8080-tcp", "protocol": "TCP", "port": 8080, "targetPort": 8080 } ] }, "selector": {} } B. Endpoints { "kind": "Endpoints", "apiVersion": "v1", "metadata": { "name": "egress-https-proxy", "namespace": "openpaas-egress-test" "labels": { "app": "egress-https-proxy", "axa-cloud.com/kind": "egress-http-proxy" } }, "subsets": [ { "addresses": [ { "ip": "172.30.69.193" } ], "ports": [ { "name": "8080-tcp", "port": 8080 } ] } ] } I could set that up, then tested it via a testpod in the main project. So, oc rsh pod, then curl -v url. I peered the projects through: oc adm pod-network join-projects --to=openpaas-egress-test-egress openpaas-egress-test. I am able to curl the service in the shadow namespace directly: curl -v egress-https-proxy.openpaas-egress-test-egress But I cannot curl the service in the main project that points to the service in the shadow project: curl -v egress-https-proxy I guess, this is really only for external services outside of the cluster. Is this correct? Is it somehow possible to achieve what I would like to? Version-Release number of selected component (if applicable): 3.3.0 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0884