back to Home

Overview

Openshift provides a number of means to access the cluster for different protocols including

  • router
  • Load Balancer
  • ExternalIP
  • NodePort.

for

  • HTTP/HTTPS, use the router.
  • TLS-encrypted protocol other than HTTPS (for example, TLS with the SNI header), use the router.
  • Otherwise, use Load Balancer, ExternalIP, or NodePort.

External Access Mechanisms

Router

The most common way to access the Cluster which supports HTTP/HTTPS(SNI)/TLS(SNI), which covers web applications.

Setup:

  • An administrator can create a wildcard DNS entry, and then set up a router
  • Users can self-service the edge router without having to contact the administrators.

Load Balancer Service

Load balancers are available on AWS and GCE clouds, and non-cloud options are also available.

Non-cloud load balancer allocates a unique IP from a configured pool. This has some limits

  • limited to a single edge router IP, which can be a VIP, but still will be a single machine for initial load balancing.

Service ExternalIP

  • Administrators can assign a list of externalIPs, for which nodes in the cluster will also accept traffic for the service.

Based on the external IP and range defined in: /etc/origin/master/master-config.yaml

networkConfig:
  ingressIPNetworkCIDR: 172.29.0.0/16

One can add a loadbalencer service from a template file:

apiVersion: v1
kind: Service
metadata:
  name: egress-1
spec:
  ports:
  - name: db
    port: 5432
  loadBalancerIP: 172.29.0.1
  type: LoadBalancer
  selector:
    name: my-db-selector

Then create the loadbalencer service with:

oc create -f loadbalencer.yaml 

Ingress IP Self-Service

Ingress IP Self-Service streamlines the allocation of External IPs for accessing services in the cluster.

Cluster administrators can designate a range of addresses using a CIDR notation

When an Openshift Service is configured with the type LoadBalancer, an External IP address will be automatically assigned from the designated range.

A common use case for Ingress IP Self-Service is the ability to provide database services, such as PostgreSQL, to clients outside of the OpenShift Container Platform cluster, often using a Openshift Template

Port Forwarding

An administrator can setup port forwarding, for example with postgres (pod and port internal and external)

oc port-forward postgresql-1-qrv7w 5432

the command can also map ports a bit like docker

$ oc port-forward -p <pod> [<local_port>:]<pod_port> [[<local_port>:]<pod_port> ...]

This setups a temporary port forwarding connection.

Link to the offical page: https://docs.openshift.com/enterprise/3.0/dev_guide/port_forwarding.html

Node Port

Noe: NodePorts are only in the range of 30000-32767

To create a new NodePort service

oc create -f postgres.yaml 

based on a suitable template

apiVersion: v1
kind: Service
metadata:
  name: postgres
  labels:
    name: postgres
spec:
  type: NodePort
  ports:
    - port: 5432
      nodePort: 32432
      name: http
  selector:
    name: postgresql

Configuration Details

  • EDGE ROUTER IP RANGE - The ability for cluster administrators to automatically allocate External IP addresses using the edge router is enabled by default within OpenShift Container Platform and configured to use the 172.46.0.0/16 range.

An alternate range can be specified by configuring the ingressIPNetworkCIDR parameter in the /etc/origin/master-config.yaml file:

networkConfig:
  ingressIPNetworkCIDR: 10.9.54.0/25
 
accessing_openshift.txt · Last modified: 2019/11/24 08:14 by root
 
RSS - 200 © CrosswireDigitialMedia Ltd