back to Home


Openshift provides a number of means to access the cluster for different protocols including

  • router
  • Load Balancer
  • ExternalIP
  • NodePort.


  • HTTP/HTTPS, use the router.
  • TLS-encrypted protocol other than HTTPS (for example, TLS with the SNI header), use the router.
  • Otherwise, use Load Balancer, ExternalIP, or NodePort.

External Access Mechanisms


The most common way to access the Cluster which supports HTTP/HTTPS(SNI)/TLS(SNI), which covers web applications.


  • An administrator can create a wildcard DNS entry, and then set up a router
  • Users can self-service the edge router without having to contact the administrators.

Load Balancer Service

Load balancers are available on AWS and GCE clouds, and non-cloud options are also available.

Non-cloud load balancer allocates a unique IP from a configured pool. This has some limits

  • limited to a single edge router IP, which can be a VIP, but still will be a single machine for initial load balancing.

Service ExternalIP

  • Administrators can assign a list of externalIPs, for which nodes in the cluster will also accept traffic for the service.

Based on the external IP and range defined in: /etc/origin/master/master-config.yaml


One can add a loadbalencer service from a template file:

apiVersion: v1
kind: Service
  name: egress-1
  - name: db
    port: 5432
  type: LoadBalancer
    name: my-db-selector

Then create the loadbalencer service with:

oc create -f loadbalencer.yaml 

Ingress IP Self-Service

Ingress IP Self-Service streamlines the allocation of External IPs for accessing services in the cluster.

Cluster administrators can designate a range of addresses using a CIDR notation

When an Openshift Service is configured with the type LoadBalancer, an External IP address will be automatically assigned from the designated range.

A common use case for Ingress IP Self-Service is the ability to provide database services, such as PostgreSQL, to clients outside of the OpenShift Container Platform cluster, often using a Openshift Template

Port Forwarding

An administrator can setup port forwarding, for example with postgres (pod and port internal and external)

oc port-forward postgresql-1-qrv7w 5432

the command can also map ports a bit like docker

$ oc port-forward -p <pod> [<local_port>:]<pod_port> [[<local_port>:]<pod_port> ...]

This setups a temporary port forwarding connection.

Link to the offical page:

Node Port

Noe: NodePorts are only in the range of 30000-32767

To create a new NodePort service

oc create -f postgres.yaml 

based on a suitable template

apiVersion: v1
kind: Service
  name: postgres
    name: postgres
  type: NodePort
    - port: 5432
      nodePort: 32432
      name: http
    name: postgresql

Configuration Details

  • EDGE ROUTER IP RANGE - The ability for cluster administrators to automatically allocate External IP addresses using the edge router is enabled by default within OpenShift Container Platform and configured to use the range.

An alternate range can be specified by configuring the ingressIPNetworkCIDR parameter in the /etc/origin/master-config.yaml file:

accessing_openshift.txt · Last modified: 2019/11/24 08:14 by root
RSS - 200 © CrosswireDigitialMedia Ltd