CentOS 7
Sponsored Link

OpenShift Origin 3.6 : Allow External Access2017/11/28

 
Allow Accesses to Applications in Openshift Cluster from the External Network.
For HTTP or HTTPS Traffic, it's possible to relay them with Router in Openshift Cluster.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------
           |10.0.0.30                    |10.0.0.51                    |10.0.0.52
+----------+-----------+      +----------+-----------+      +----------+-----------+
|  [  dlp.srv.world ]  |      | [ node01.srv.world ] |      | [ node02.srv.world ] |
|     (Master Node)    |      |    (Compute Node)    |      |    (Compute Node)    |
|     (Compute Node)   |      |                      |      |                      |
+----------------------+      +----------------------+      +----------------------+

[1]
[2] On Master Node, Change settings.
[origin@dlp ~]$
sudo vi /etc/origin/master/master-config.yaml
# line 125: change to own external network range seen from the Cluster

  externalIPNetworkCIDRs:
  - 10.0.0.0/24

[origin@dlp ~]$
sudo systemctl restart origin-master

[3] Login with any Openshift user and Deploy an application with external access.
[cent@dlp ~]$
oc whoami

cent
[cent@dlp ~]$
oc get project

NAME           DISPLAY NAME   STATUS
test-project                  Active

# deploy [nodejs-ex]

[cent@dlp ~]$
oc new-app https://github.com/openshift/nodejs-ex

--> Found image 0129e5e (5 days old) in image stream "openshift/nodejs" under tag "6" for "nodejs"

    Node.js 6
    ---------
    Node.js 6 available as docker container is a base platform for building and running various Node.js 6 applications and frameworks. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

.....
.....

--> Creating resources ...
    imagestream "nodejs-ex" created
    buildconfig "nodejs-ex" created
    deploymentconfig "nodejs-ex" created
    service "nodejs-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/nodejs-ex' to track its progress.
    Run 'oc status' to view your app.

# few minutes later, deploy has finished and Pod becomes running state

[cent@dlp ~]$
oc get pods

NAME                READY     STATUS      RESTARTS   AGE
nodejs-ex-1-build   0/1       Completed   0          1m
nodejs-ex-1-vwfs6   1/1       Running     0          1m

# make sure Cluster IP

[cent@dlp ~]$
oc get svc

NAME        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
nodejs-ex   172.30.163.49   <none>        8080/TCP   1m

# make sure with internal access

[cent@dlp ~]$
curl 172.30.163.49:8080

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Welcome to OpenShift</title>

.....
.....

</section>
</body>
</html>

# allow external access to the application

[cent@dlp ~]$
oc expose service nodejs-ex

route "nodejs-ex" exposed
# make sure access path

[cent@dlp ~]$
oc get routes

NAME        HOST/PORT                               PATH      SERVICES    PORT       TERMINATION   WILDCARD
nodejs-ex   nodejs-ex-test-project.apps.srv.world             nodejs-ex   8080-tcp                 None


# if you'd like to stop to receive external access, remove route like follows

[cent@dlp ~]$
oc delete routes nodejs-ex

route "nodejs-ex" deleted
[4] Access to the access-path from any Clients in external network which the Clients can resolve access-path with DNS name to make sure the application responds.
[5]
For DNS name resolution for many applications in Openshift Cluster,
it's useful if you can add waildcard entry in DNS System like BIND or Dnsmasq.
On this example, Openshift default subdomain setting is [apps.srv.world] like the initial setting, and also we added DNS entry in BIND like follows. Then, it's possible to resolve hostname if any name are added on the head of the subdomain [apps.srv.world].
[root@dns ~]#
cat /var/named/srv.world.lan

$TTL 86400

.....

dlp     IN  A       10.0.0.30

*.apps  IN  CNAME   dlp.srv.world.

[cent@dlp ~]$
dig ruby-ex.test-project.apps.srv.world

.....

;; QUESTION SECTION:
;ruby-ex.test-project.apps.srv.world. IN        A

;; ANSWER SECTION:
ruby-ex.test-project.apps.srv.world. 86400 IN CNAME dlp.srv.world.
dlp.srv.world.          86400   IN      A       10.0.0.30

.....
[cent@dlp ~]$
dig nodejs.test-project.apps.srv.world

.....

;; QUESTION SECTION:
;nodejs.test-project.apps.srv.world. IN A

;; ANSWER SECTION:
nodejs.test-project.apps.srv.world. 86400 IN CNAME dlp.srv.world.
dlp.srv.world.          86400   IN      A       10.0.0.30

.....
[cent@dlp ~]$
dig test.test.test.apps.srv.world

.....

;; QUESTION SECTION:
;test.test.test.apps.srv.world. IN      A

;; ANSWER SECTION:
test.test.test.apps.srv.world. 86400 IN CNAME   dlp.srv.world.
dlp.srv.world.          86400   IN      A       10.0.0.30

.....
Matched Content