OpenShift Route Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Overview

Route Information

oc get route 

oc edit route nexus

Expose a Service

Expose a service externally: 

oc expose service <service-name> [--hostname=<fully-qualified-external-name>] [--port=<target-port>] [--path=/<target-path>]

oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080

If --hostname is not specified, the standard <appname>-<projectname>.<default-routing-subdomain>

Note that if --path is used, the value must begin with "/", otherwise the "oc expose" command will fail. TODO: 'path' requires research, an attempt to use it led to application being rendered inaccessible.

Specifying Termination Policy

In some cases, services were not publicly exposed because their route did not have a termination policy. To add a termination policy: 

oc edit route <route-name>

and then 

spec:
  ...
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: edge
  ...

Unsecure Routes

TODO: Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.

Deploy a Route from a Template

apiVersion: v1
kind: Template
metadata:
  name: template1
objects:
- apiVersion: v1
  kind: Route
  metadata:
    name: route1
  spec:
    host: some-service.apps.openshift.novaordis.io
    tls:
      insecureEdgeTerminationPolicy: Allow
      termination: edge
    to:
      kind: Service
      name: some-service
    wildcardPolicy: None

Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in their configuration.

Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_Route_Operations&oldid=38466"