OpenShift Origin 3.6 : Allow External Access2017/11/28 |
Allow Accesses to Applications in Openshift Cluster from the External Network.
For HTTP or HTTPS Traffic, it's possible to relay them with Router in Openshift Cluster.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------ |10.0.0.30 |10.0.0.51 |10.0.0.52 +----------+-----------+ +----------+-----------+ +----------+-----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | (Master Node) | | (Compute Node) | | (Compute Node) | | (Compute Node) | | | | | +----------------------+ +----------------------+ +----------------------+ |
[1] | |
[2] | On Master Node, Change settings. |
# line 125: change to own external network range seen from the Cluster
externalIPNetworkCIDRs:
- 10.0.0.0/24
[origin@dlp ~]$ |
[3] | Login with any Openshift user and Deploy an application with external access. |
[cent@dlp ~]$ oc whoami cent [cent@dlp ~]$ oc get project NAME DISPLAY NAME STATUS test-project Active # deploy [nodejs-ex] [cent@dlp ~]$ oc new-app https://github.com/openshift/nodejs-ex --> Found image 0129e5e (5 days old) in image stream "openshift/nodejs" under tag "6" for "nodejs" Node.js 6 --------- Node.js 6 available as docker container is a base platform for building and running various Node.js 6 applications and frameworks. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ..... ..... --> Creating resources ... imagestream "nodejs-ex" created buildconfig "nodejs-ex" created deploymentconfig "nodejs-ex" created service "nodejs-ex" created --> Success Build scheduled, use 'oc logs -f bc/nodejs-ex' to track its progress. Run 'oc status' to view your app. # few minutes later, deploy has finished and Pod becomes running state [cent@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE nodejs-ex-1-build 0/1 Completed 0 1m nodejs-ex-1-vwfs6 1/1 Running 0 1m # make sure Cluster IP [cent@dlp ~]$ oc get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE nodejs-ex 172.30.163.49 <none> 8080/TCP 1m # make sure with internal access [cent@dlp ~]$ curl 172.30.163.49:8080 <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Welcome to OpenShift</title> ..... ..... </section> </body> </html> # allow external access to the application [cent@dlp ~]$ oc expose service nodejs-ex route "nodejs-ex" exposed # make sure access path [cent@dlp ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD nodejs-ex nodejs-ex-test-project.apps.srv.world nodejs-ex 8080-tcp None # if you'd like to stop to receive external access, remove route like follows [cent@dlp ~]$ oc delete routes nodejs-ex route "nodejs-ex" deleted |
[4] | Access to the access-path from any Clients in external network which the Clients can resolve access-path with DNS name to make sure the application responds. |
[5] |
For DNS name resolution for many applications in Openshift Cluster,
On this example, Openshift default subdomain setting is [apps.srv.world]
like the initial setting, and also we added DNS entry in BIND like follows.
Then, it's possible to resolve hostname if any name are added on the head of the subdomain [apps.srv.world].
it's useful if you can add waildcard entry in DNS System like BIND or Dnsmasq. |
[root@dns ~]# cat /var/named/srv.world.lan $TTL 86400 ..... dlp IN A 10.0.0.30 *.apps IN CNAME dlp.srv.world.[cent@dlp ~]$ dig ruby-ex.test-project.apps.srv.world ..... ;; QUESTION SECTION: ;ruby-ex.test-project.apps.srv.world. IN A ;; ANSWER SECTION: ruby-ex.test-project.apps.srv.world. 86400 IN CNAME dlp.srv.world. dlp.srv.world. 86400 IN A 10.0.0.30 .....[cent@dlp ~]$ dig nodejs.test-project.apps.srv.world ..... ;; QUESTION SECTION: ;nodejs.test-project.apps.srv.world. IN A ;; ANSWER SECTION: nodejs.test-project.apps.srv.world. 86400 IN CNAME dlp.srv.world. dlp.srv.world. 86400 IN A 10.0.0.30 .....[cent@dlp ~]$ dig test.test.test.apps.srv.world ..... ;; QUESTION SECTION: ;test.test.test.apps.srv.world. IN A ;; ANSWER SECTION: test.test.test.apps.srv.world. 86400 IN CNAME dlp.srv.world. dlp.srv.world. 86400 IN A 10.0.0.30 ..... |
Sponsored Link |