OpenShift Origin (OKD) 3.10 : Allow External Access2018/08/22 |
Allow Accesses to Applications in Openshift Cluster from the External Network.
For HTTP or HTTPS Traffic,
it's possible to relay them with Router in Openshift Cluster.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------ |10.0.0.25 |10.0.0.51 |10.0.0.52 +----------+-----------+ +----------+-----------+ +----------+-----------+ | [ ctrl.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | (Master Node) | | (Compute Node) | | (Compute Node) | | (Infra Node) | | | | | | (Compute Node) | | | | | +----------------------+ +----------------------+ +----------------------+ |
[1] | |
[2] | On Master Node, Change settings. |
# line 135: change to own external network range seen from the Cluster
externalIPNetworkCIDRs:
- 10.0.0.0/24
[origin@ctrl ~]$ |
[3] | Login with any Openshift user and Deploy an application with external access. |
[cent@ctrl ~]$ oc whoami cent [cent@ctrl ~]$ oc get project NAME DISPLAY NAME STATUS test-project Active # deploy [nodejs-ex] [cent@ctrl ~]$ oc new-app https://github.com/openshift/nodejs-ex --> Found image 3e763e7 (5 weeks old) in image stream "openshift/nodejs" under tag "8" for "nodejs" Node.js 8 --------- Node.js 8 available as container is a base platform for building and running various Node.js 8 applications and frameworks. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. Tags: builder, nodejs, nodejs8 * The source repository appears to match: nodejs * A source build using source code from https://github.com/openshift/nodejs-ex will be created * The resulting image will be pushed to image stream "nodejs-ex:latest" * Use 'start-build' to trigger a new build * This image will be deployed in deployment config "nodejs-ex" * Port 8080/tcp will be load balanced by service "nodejs-ex" * Other containers can access this service through the hostname "nodejs-ex" --> Creating resources ... imagestream "nodejs-ex" created buildconfig "nodejs-ex" created deploymentconfig "nodejs-ex" created service "nodejs-ex" created --> Success Build scheduled, use 'oc logs -f bc/nodejs-ex' to track its progress. Application is not exposed. You can expose services to the outside world by executing one or more of the commands below: 'oc expose svc/nodejs-ex' Run 'oc status' to view your app. # few minutes later, deploy has finished and Pod becomes running state [cent@ctrl ~]$ oc get pods NAME READY STATUS RESTARTS AGE nodejs-ex-1-58p8c 1/1 Running 0 49s nodejs-ex-1-build 0/1 Completed 0 1m # make sure Cluster IP [cent@ctrl ~]$ oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nodejs-ex ClusterIP 172.30.37.224 <none> 8080/TCP 1m # make sure with internal access [cent@ctrl ~]$ curl 172.30.37.224:8080 <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Welcome to OpenShift</title> ..... ..... </section> </body> </html> # allow external access to the application [cent@ctrl ~]$ oc expose service nodejs-ex route "nodejs-ex" exposed # make sure access path [cent@ctrl ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD nodejs-ex nodejs-ex-test-project.apps.srv.world nodejs-ex 8080-tcp None # if you'd like to stop to receive external access, remove route like follows [cent@ctrl ~]$ oc delete routes nodejs-ex route "nodejs-ex" deleted |
[4] | Access to the access-path from any Clients in external network which the Clients can resolve access-path with DNS name to make sure the application responds. |
[5] |
For DNS name resolution for many applications in Openshift Cluster,
On this example, Openshift default subdomain setting is [apps.srv.world]
like the initial setting, and also we added DNS entry in BIND like follows. Then, it's possible to resolve hostname
if any name are added on the head of the subdomain [apps.srv.world].
it's useful if you can add waildcard entry in DNS System like BIND or Dnsmasq. |
[root@dns ~]# cat /var/named/srv.world.lan $TTL 86400 ..... ctrl IN A 10.0.0.30 *.apps IN CNAME ctrl.srv.world.[cent@ctrl ~]$ dig ruby-ex.test-project.apps.srv.world ..... ;; QUESTION SECTION: ;ruby-ex.test-project.apps.srv.world. IN A ;; ANSWER SECTION: ruby-ex.test-project.apps.srv.world. 86400 IN CNAME ctrl.srv.world. ctrl.srv.world. 86400 IN A 10.0.0.30 .....[cent@ctrl ~]$ dig nodejs.test-project.apps.srv.world ..... ;; QUESTION SECTION: ;nodejs.test-project.apps.srv.world. IN A ;; ANSWER SECTION: nodejs.test-project.apps.srv.world. 86400 IN CNAME ctrl.srv.world. ctrl.srv.world. 86400 IN A 10.0.0.30 .....[cent@ctrl ~]$ dig test.test.test.apps.srv.world ..... ;; QUESTION SECTION: ;test.test.test.apps.srv.world. IN A ;; ANSWER SECTION: test.test.test.apps.srv.world. 86400 IN CNAME ctrl.srv.world. ctrl.srv.world. 86400 IN A 10.0.0.30 ..... |
Sponsored Link |