Description of problem: Enable service-catalog in openshift-ansible, after complete install, configure catalog ui, As svc-catalog need authorization, so I can't access it successfully in web, then login the catalog console always failed Version-Release number of selected component (if applicable): openshift v3.6.136 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 How reproducible: Always Steps to Reproduce: 1. Check service-catalog status [root@host-8-174-68 dma]# oc get route NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD apiserver apiserver-kube-service-catalog.***.com apiserver secure passthrough None [root@host-8-174-68 dma]# oc get po NAME READY STATUS RESTARTS AGE apiserver-c6j4l 1/1 Running 2 7h controller-manager-06lzq 1/1 Running 4 7h 2. Enalbe catalog console as below 1) $ cat /etc/origin/master/catalog-ui.js window.OPENSHIFT_CONSTANTS.ENABLE_TECH_PREVIEW_FEATURE = { service_catalog_landing_page: true, pod_presets: true }; window.OPENSHIFT_CONFIG.additionalServers = [{ hostPort: "apiserver-kube-service-catalog.***.com", prefix: "/apis" }]; 2) $ vim /etc/origin/master/master-config.yaml assetConfig: extensionScripts: - /etc/origin/master/catalog-ui.js 3) $ systemctl restart atomic-openshift-master 3. Access service-catalog route in web & login catalog console Actual results: 3. Always reture "User "system:anonymous" cannot get at the cluster scope.: "User \"system:anonymous\" cannot \"get\" on \"/\""" Expected results: 3. We login catalog console success Additional info: [root@host-8-174-68 dma]# curl https://10.128.0.7:6443 -k -H "Authorization: Bearer qcprN_9fbXfqPr6C1VZVgiYBMyE-MyFsUFDzCEubSlw" { "paths": [ "/apis", "/apis/servicecatalog.k8s.io", "/apis/servicecatalog.k8s.io/v1alpha1", "/healthz", "/healthz/ping", "/healthz/poststarthook/start-service-catalog-apiserver-informers", "/metrics", "/swaggerapi/", "/version" ] }
It blocker our test of ansible-service-broker & apb testing in console.
If you are using the service catalog that is installed by the ansible installer you should not be including this in the extension anymore: window.OPENSHIFT_CONFIG.additionalServers = [{ hostPort: "apiserver-kube-service-catalog.***.com", prefix: "/apis" }]; This was temporary until the service catalog was aggregated under the main API server. Please remove this from your extension and let us know if you are still having a problem accessing the console.
Yes, After remove this I can login the catalog console, but can't see the serviceclass in catalog console. In backend, I can see below. [root@host-8-174-68 dma]# oc create -f broker.yaml broker "ansible-service-broker" created [root@host-8-174-68 dma]# [root@host-8-174-68 dma]# oc describe broker ansible-service-broker Name: ansible-service-broker Namespace: Labels: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 11s 11s 1 service-catalog-controller-manager Normal FetchedCatalog Successfully fetched catalog entries from broker. [root@host-8-174-68 dma]# oc get serviceclass NAME KIND mediawiki-apb ServiceClass.v1alpha1.servicecatalog.k8s.io postgresql-apb ServiceClass.v1alpha1.servicecatalog.k8s.io [root@host-8-174-68 dma]# [root@host-8-174-68 dma]# [root@host-8-174-68 dma]# [root@host-8-174-68 dma]# cat broker.yaml apiVersion: servicecatalog.k8s.io/v1alpha1 kind: Broker metadata: finalizers: - kubernetes-incubator/service-catalog name: ansible-service-broker spec: url: http://asb.openshift-ansible-service-broker.svc:1338
Created attachment 1297037 [details] catalog-ui.jpeg
Can you check the Network tab of the browser console and check for a request for serviceclasses? Also if you check the /apis request that is going to the master API this should appear as part of the response { "name": "servicecatalog.k8s.io", "versions": [ { "groupVersion": "servicecatalog.k8s.io/v1alpha1", "version": "v1alpha1" } ], "preferredVersion": { "groupVersion": "servicecatalog.k8s.io/v1alpha1", "version": "v1alpha1" }, "serverAddressByClientCIDRs": null } Or if you can provide the URL and login info for this server we can take a look.
If things are configured correctly you should also see a request to <master-hostname>/apis/servicecatalog.k8s.io/v1alpha1
Is this related? Need enable apis/servicecatalog.k8s.io/v1alpha1 in master-config.yaml ? https://github.com/openshift/origin/pull/14984/files
Not related, the change in that PR is necessary to test PodPresets are actually working as part of Binding (i.e. the environment variable actually get injected into the pods). But I just hit the server and I see the serviceclasses including mediawiki. Maybe you were getting something cached? Try clearing your browser cache and see if you still do not see the service classes. Adding attachment to show it working for me.
Created attachment 1297059 [details] working serviceclasses
Yes, Now i can get it, thanks for your help, I'll close the bug.