OpenShift Route Operations: Difference between revisions
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 17: | Line 17: | ||
[[oc expose]] service <''service-name''> [--hostname=<''fully-qualified-external-name''>] [--port=<''target-port>''] [--path=/<''target-path''>] | [[oc expose]] service <''service-name''> [--hostname=<''fully-qualified-external-name''>] [--port=<''target-port>''] [--path=/<''target-path''>] | ||
oc expose service novaordis-session-servlet --port=8080 | oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080 | ||
If --hostname is not specified, the standard <appname>-<projectname>.<[[OpenShift_Concepts#Default_Routing_Subdomain|default-routing-subdomain]]> | If --hostname is not specified, the standard <appname>-<projectname>.<[[OpenShift_Concepts#Default_Routing_Subdomain|default-routing-subdomain]]> | ||
Line 41: | Line 41: | ||
<font color=red>'''TODO''': Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.</font> | <font color=red>'''TODO''': Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.</font> | ||
=Deploy a Route from a Template= | |||
<syntaxhighlight lang='yaml'> | |||
apiVersion: v1 | |||
kind: Template | |||
metadata: | |||
name: template1 | |||
objects: | |||
- apiVersion: v1 | |||
kind: Route | |||
metadata: | |||
name: route1 | |||
spec: | |||
host: some-service.apps.openshift.novaordis.io | |||
tls: | |||
insecureEdgeTerminationPolicy: Allow | |||
termination: edge | |||
to: | |||
kind: Service | |||
name: some-service | |||
wildcardPolicy: None | |||
</syntaxhighlight> | |||
Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in '''their''' configuration. |
Latest revision as of 23:21, 26 February 2018
Internal
Overview
Route Information
oc get route
oc edit route nexus
Expose a Service
Expose a service externally:
oc expose service <service-name> [--hostname=<fully-qualified-external-name>] [--port=<target-port>] [--path=/<target-path>]
oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080
If --hostname is not specified, the standard <appname>-<projectname>.<default-routing-subdomain>
Note that if --path is used, the value must begin with "/", otherwise the "oc expose" command will fail. TODO: 'path' requires research, an attempt to use it led to application being rendered inaccessible.
Specifying Termination Policy
In some cases, services were not publicly exposed because their route did not have a termination policy. To add a termination policy:
oc edit route <route-name>
and then
spec: ... tls: insecureEdgeTerminationPolicy: Redirect termination: edge ...
Unsecure Routes
TODO: Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.
Deploy a Route from a Template
apiVersion: v1
kind: Template
metadata:
name: template1
objects:
- apiVersion: v1
kind: Route
metadata:
name: route1
spec:
host: some-service.apps.openshift.novaordis.io
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: some-service
wildcardPolicy: None
Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in their configuration.