Access to on-campus resources
Services hosted on-campus will need to allow access for Container Service applications. Firewall rules for on-campus systems that your application depends upon will need to be opened to compute nodes within the OpenShift cluster. The full subnet range will need to be specified, as nodes could have any IP in the range.
In the production cluster https://containers.aws.web.umich.edu your application will have an IP from within these ranges:
Container Service
Overview
Developers may wish to access the fully-managed RDS shared databases that the MiDatabase team makes available to Container Service customers from outside of the production Container Service cluster. For data security and reliability reasons, the shared MariaDB RDS instance is only accessible from within the Container Service cluster, and via the phpMyAdmin instance listed below. The shared Postgres instance can be accessed via computers in an on-campus data center, such as a MiServer, and via laptops on the VPN.
Overview
Review OpenShift Auto-scaling documentation.
Review OpenShift documentation on how Requests and Limits are used during auto-scaling.
Auto-Scaling
Overview
Occasionally you may need to copy files to a directory within one of your pods. This may be required if you are seeding a persistent volume with data that is not part of the build process. Or, you may need to copy files from the pod to your local computer to assist with debugging. The process below details how to execute this process via the cp and rsync commands.
Overview
Review OpenShift documentation on publishing routes.
OpenShift 4.x/ROSA: apps.aws.web.umich.edu
Users of the production cluster, https://containers.aws.web.umich.edu, can self-publish routes that end in: apps.aws.web.umich.edu. No DNS changes are required for URLs within apps.aws.web.umich.edu.
Overview
Review Openshift documentation on viewing metrics.
Review documentation on using the PromQL language.
Viewing Metrics For A Project
Options
There are several ways to use certificates to secure HTTPS traffic and get it to your application. Select the method that works best for you.
Method
Overview
The Container Service retains logs for customer applications for 180 days.
Logs can be viewed in the OpenShift UI, via Kibana, or via the CLI.
OpenShift documentation for viewing logs in Kibana.
OpenShift documentation for viewing logs via the CLI.
Overview
ITS Container Service Team provides commonly-used container images within the openshift namespace of the integrated OpenShift registry. These images are primarily sourced from the Red Hat and Docker Hub image registries, but customers can request images from other public registries. More information about the placement and nomenclature of tags is available in Developing an Application - Container Image Suggestions.