CentOS 7
Sponsored Link

OpenShift Origin (OKD) 3.10 : Allow External Access2018/08/22

 
Allow Accesses to Applications in Openshift Cluster from the External Network.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------
           |10.0.0.25                    |10.0.0.51                    |10.0.0.52
+----------+-----------+      +----------+-----------+      +----------+-----------+
|  [ ctrl.srv.world ]  |      | [ node01.srv.world ] |      | [ node02.srv.world ] |
|     (Master Node)    |      |    (Compute Node)    |      |    (Compute Node)    |
|     (Infra Node)     |      |                      |      |                      |
|     (Compute Node)   |      |                      |      |                      |
+----------------------+      +----------------------+      +----------------------+

[1]
[2] On Master Node, Change settings.
[origin@ctrl ~]$
sudo vi /etc/origin/master/master-config.yaml
# line 135: change to own external network range seen from the Cluster

  externalIPNetworkCIDRs:
  - 10.0.0.0/24

[origin@ctrl ~]$
[3] Login with any Openshift user and Deploy an application with external access.
[cent@ctrl ~]$
oc whoami

cent
[cent@ctrl ~]$
oc get project

NAME           DISPLAY NAME   STATUS
test-project                  Active

# deploy [nodejs-ex]

[cent@ctrl ~]$
oc new-app https://github.com/openshift/nodejs-ex

--> Found image 3e763e7 (5 weeks old) in image stream "openshift/nodejs" under tag "8" for "nodejs"

    Node.js 8
    ---------
    Node.js 8 available as container is a base platform for building and running various Node.js 8 applications and frameworks. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

    Tags: builder, nodejs, nodejs8

    * The source repository appears to match: nodejs
    * A source build using source code from https://github.com/openshift/nodejs-ex will be created
      * The resulting image will be pushed to image stream "nodejs-ex:latest"
      * Use 'start-build' to trigger a new build
    * This image will be deployed in deployment config "nodejs-ex"
    * Port 8080/tcp will be load balanced by service "nodejs-ex"
      * Other containers can access this service through the hostname "nodejs-ex"

--> Creating resources ...
    imagestream "nodejs-ex" created
    buildconfig "nodejs-ex" created
    deploymentconfig "nodejs-ex" created
    service "nodejs-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/nodejs-ex' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/nodejs-ex'
    Run 'oc status' to view your app.

# few minutes later, deploy has finished and Pod becomes running state

[cent@ctrl ~]$
oc get pods

NAME                READY     STATUS      RESTARTS   AGE
nodejs-ex-1-58p8c   1/1       Running     0          49s
nodejs-ex-1-build   0/1       Completed   0          1m

# make sure Cluster IP

[cent@ctrl ~]$
oc get svc

NAME        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
nodejs-ex   ClusterIP   172.30.37.224   <none>        8080/TCP   1m

# make sure with internal access

[cent@ctrl ~]$
curl 172.30.37.224:8080

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Welcome to OpenShift</title>

.....
.....

</section>
</body>
</html>

# allow external access to the application

[cent@ctrl ~]$
oc expose service nodejs-ex

route "nodejs-ex" exposed
# make sure access path

[cent@ctrl ~]$
oc get routes

NAME        HOST/PORT                               PATH      SERVICES    PORT       TERMINATION   WILDCARD
nodejs-ex   nodejs-ex-test-project.apps.srv.world             nodejs-ex   8080-tcp                 None

# if you'd like to stop to receive external access, remove route like follows

[cent@ctrl ~]$
oc delete routes nodejs-ex

route "nodejs-ex" deleted
[4] Access to the access-path from any Clients in external network which the Clients can resolve access-path with DNS name to make sure the application responds.
[5]
For DNS name resolution for many applications in Openshift Cluster,
it's useful if you can add waildcard entry in DNS System like BIND or Dnsmasq.
On this example, Openshift default subdomain setting is [apps.srv.world] like the initial setting, and also we added DNS entry in BIND like follows. Then, it's possible to resolve hostname if any name are added on the head of the subdomain [apps.srv.world].
[root@dns ~]#
cat /var/named/srv.world.lan

$TTL 86400

.....

ctrl     IN  A       10.0.0.30

*.apps  IN  CNAME   ctrl.srv.world.

[cent@ctrl ~]$
dig ruby-ex.test-project.apps.srv.world

.....

;; QUESTION SECTION:
;ruby-ex.test-project.apps.srv.world. IN        A

;; ANSWER SECTION:
ruby-ex.test-project.apps.srv.world. 86400 IN CNAME ctrl.srv.world.
ctrl.srv.world.          86400   IN      A       10.0.0.30

.....
[cent@ctrl ~]$
dig nodejs.test-project.apps.srv.world

.....

;; QUESTION SECTION:
;nodejs.test-project.apps.srv.world. IN A

;; ANSWER SECTION:
nodejs.test-project.apps.srv.world. 86400 IN CNAME ctrl.srv.world.
ctrl.srv.world.          86400   IN      A       10.0.0.30

.....
[cent@ctrl ~]$
dig test.test.test.apps.srv.world

.....

;; QUESTION SECTION:
;test.test.test.apps.srv.world. IN      A

;; ANSWER SECTION:
test.test.test.apps.srv.world. 86400 IN CNAME   ctrl.srv.world.
ctrl.srv.world.          86400   IN      A       10.0.0.30

.....
Matched Content