Application Deployment
During application deployment, the oam-kubernetes-runtime
and verrazzano-application-operator
cooperate through the generation and update of Kubernetes resources.
The oam-kubernetes-runtime
processes the ApplicationConfiguration and Component resources provided by the user and generates workload and Trait resources.
The verrazzano-application-operator
processes Verrazzano specific workload and Trait resources.
These are then used to generate additional child and related resources.
Troubleshooting application deployments should follow three general steps:
- Review the status of the
oam-kubernetes-runtime
andverrazzano-application-operator
operator pods. - Review the logs of the
oam-kubernetes-runtime
andverrazzano-application-operator
operator pods. - Review the resources generated by the
oam-kubernetes-runtime
and theverrazzano-application-operator
.
Review oam-kubernetes-runtime
operator status
For application deployment to succeed, the oam-kubernetes-runtime
pod must have a status of Running
.
Use the following command to get the pod status:
$ kubectl get pods \
-n verrazzano-system \
-l app.kubernetes.io/name=oam-kubernetes-runtime
If the pod status is not Running
, then see the instructions for reviewing the oam-kubernetes-runtime
pod logs.
Review verrazzano-application-operator
operator status
For application deployment to succeed, the verrazzano-application-operator
pod must have a status of Running
.
Use the following command to get the pod status:
$ kubectl get pods \
-n verrazzano-system \
-l app=verrazzano-application-operator
If the pod status is not Running
, then see the instructions for reviewing the verrazzano-application-operator
logs.
Review oam-kubernetes-runtime
operator logs
Review the oam-kubernetes-runtime
pod logs for any indication that pod startup or the generation of workloads or traits has failed.
Use the following command to get the logs:
$ kubectl logs \
-n verrazzano-system \
-l app.kubernetes.io/name=oam-kubernetes-runtime
Review verrazzano-application-operator
logs
Review the verrazzano-application-operator
logs for any indication that pod startup or resource generation has failed.
Use the following command to get the logs:
$ kubectl logs \
-n verrazzano-system \
-l app=verrazzano-application-operator
Review generated workload resources
The processing of a Component reference within an ApplicationConfiguration results in the generation of workloads. For example, a referenced Component might result in the generation of a VerrazzanoHelidonWorkload workload resource. In turn, the VerrazzanoHelidonWorkload workload resource will be processed and result in the generation of related Deployment and Service resources.
If the expected workload resource, for example VerrazzanoHelidonWorkload, is missing, then review the oam-kubernetes-runtime
logs.
If the expected related resources, for example Deployment or Service, are missing, then review the verrazzano-application-operator
logs.
The following commands are examples of checking for the resources related to a VerrazzanoHelidonWorkload deployment:
$ kubectl get -n hello-helidon verrazzanohelidonworkload hello-helidon-workload
$ kubectl get -n hello-helidon deployment hello-helidon-deployment
$ kubectl get -n hello-helidon service hello-helidon-deployment
Review generated Trait resources
The processing of traits embedded with an ApplicationConfiguration results in the generation of Trait resources. For example, an IngressTrait embedded within an ApplicationConfiguration will result in the generation of an IngressTrait resource. In turn, the IngressTrait resource will be processed and result in the generation of related Certificate, Gateway, and VirtualService resources.
If the expected Trait resource, for example IngressTrait, is missing, then review the oam-kubernetes-runtime
logs.
If the expected related resources, for example Certificate, Gateway, and VirtualService, are missing, then review the verrazzano-application-operator
logs.
The following commands are examples of checking for the resources related to an IngressTrait:
$ kubectl get -n hello-helidon ingresstrait hello-helidon-ingress
$ kubectl get -n istio-system Certificate hello-helidon-hello-helidon-appconf-cert
$ kubectl get -n hello-helidon gateway hello-helidon-hello-helidon-gw
$ kubectl get -n hello-helidon virtualservice hello-helidon-ingress-rule-0-vs
Check for RBAC privilege issues
The use of generic Kubernetes resources as workloads and traits can result in deployment failures if privileges are insufficient.
In this case, the oam-kubernetes-runtime
logs will contain errors containing the term forbidden
.
The following command shows how to query for this type of failure message:
$ kubectl logs \
-n verrazzano-system \
-l app.kubernetes.io/name=oam-kubernetes-runtime | grep forbidden
Check resource owners
Kubernetes maintains the child to parent relationship within metadata fields.
The following example returns the parent of the IngressTrait, named hello-helidon-ingress
, in the hello-helidon
namespace:
$ kubectl get IngressTrait \
-n hello-helidon hello-helidon-ingress \
-o jsonpath='{range .metadata.ownerReferences[*]}{.name}{"\n"}{end}'
The results of this command can help identify the lineage of a given resource.
Check related resources
Some resources also record the related resources affected during their processing. For example, when processed, an IngressTrait will create related Gateway, VirtualService, and Certificate resources.
The following command is an example of how to obtain the related resources of an IngressTraits:
$ kubectl get IngressTrait \
-n hello-helidon hello-helidon-ingress \
-o jsonpath='{range .status.resources[*]}{.kind}: {.name}{"\n"}{end}'
The results of this command can help identify which other resources, the given resource affected.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.