OpenShift Network Operations: Difference between revisions
(Created page with "=Internal= * OpenShift Operations") |
|||
(32 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=External= | |||
* https://docs.openshift.com/container-platform/3.5/admin_guide/managing_networking.html#admin-guide-pod-network | |||
=Internal= | =Internal= | ||
* [[OpenShift_Operations#Subjects|OpenShift Operations]] | * [[OpenShift_Operations#Subjects|OpenShift Operations]] | ||
* [[oadm]] | |||
=Information about the Network Plugin and the Network Status= | |||
[[Oc_get#clusternetwork|oc get clusternetwork]] | |||
=Information about Virtual Networks Assigned to Each Project= | |||
Displays the [[OpenShift_Network_Plugins#Virtual_Network_ID_.28VNID.29|Virtual Network ID (VNID)]] assigned to each project. It only makes sense for an [[OpenShift_Network_Plugins#multitenant|ovs-multitenant]] SDN plugin. | |||
oc get netnamespaces | |||
NAME NETID | |||
default 0 | |||
kube-system 11092823 | |||
logging 6208947 | |||
management-infra 5562275 | |||
openshift 8714409 | |||
openshift-infra 13183382 | |||
pizzaparty-dev 5721085 | |||
playground 7804116 | |||
For a specific project name: | |||
oc get netnamespaces <''project-name''> | |||
=Pod Network Management= | |||
==Isolating Projects== | |||
[[Oadm#Commands|oadm pod-network]] isolate-projects <''project-1''> <''project-2''> ... | |||
As result of executing the command, all pods and services in project-1 and project-2 cannot access any pods and services from other non-global projects in the cluster and vice-versa. | |||
==Joining Projects== | |||
Allow project project2 to use project's project1 network: | |||
[[Oadm#Commands|oadm pod-network]] join-projects --to=<''project1-name''> <''project2-name''> | |||
==Making Projects Global== | |||
[[Oadm#Commands|oadm pod-network]] make-projects-global <''project1-name''> <''project2-name''> ... | |||
As result of executing the command, all pods and services in project1 and project2 can now access any pods and services from other non-global projects in the cluster and vice-versa, becoming [[OpenShift_Concepts#Global_Project|global]] projects. The command performs a PUT https://master/oapi/v1/netnamespaces/''<project-name>'' setting the "pod.network.openshift.io/multitenant.change-network:global" annotation, which in fact sets the project's VIND to 0. | |||
=Port Forwarding= | |||
[[oc port-forward]] -p <''pod-name''> -p <''app-name''> localPort:8787 | |||
=Deploy a Simple Pod that Allows Arbitrary Commands in a Project= | |||
{{Internal|OpenShift Simple Pod Running inside an OpenShift Project|Simple Pod Running inside an OpenShift Project}} |
Latest revision as of 22:02, 8 December 2017
External
Internal
Information about the Network Plugin and the Network Status
oc get clusternetwork
Information about Virtual Networks Assigned to Each Project
Displays the Virtual Network ID (VNID) assigned to each project. It only makes sense for an ovs-multitenant SDN plugin.
oc get netnamespaces
NAME NETID default 0 kube-system 11092823 logging 6208947 management-infra 5562275 openshift 8714409 openshift-infra 13183382 pizzaparty-dev 5721085 playground 7804116
For a specific project name:
oc get netnamespaces <project-name>
Pod Network Management
Isolating Projects
oadm pod-network isolate-projects <project-1> <project-2> ...
As result of executing the command, all pods and services in project-1 and project-2 cannot access any pods and services from other non-global projects in the cluster and vice-versa.
Joining Projects
Allow project project2 to use project's project1 network:
oadm pod-network join-projects --to=<project1-name> <project2-name>
Making Projects Global
oadm pod-network make-projects-global <project1-name> <project2-name> ...
As result of executing the command, all pods and services in project1 and project2 can now access any pods and services from other non-global projects in the cluster and vice-versa, becoming global projects. The command performs a PUT https://master/oapi/v1/netnamespaces/<project-name> setting the "pod.network.openshift.io/multitenant.change-network:global" annotation, which in fact sets the project's VIND to 0.
Port Forwarding
oc port-forward -p <pod-name> -p <app-name> localPort:8787