OpenShift Route Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 17: Line 17:
  [[oc expose]] service <''service-name''> [--hostname=<''fully-qualified-external-name''>] [--port=<''target-port>''] [--path=/<''target-path''>]
  [[oc expose]] service <''service-name''> [--hostname=<''fully-qualified-external-name''>] [--port=<''target-port>''] [--path=/<''target-path''>]


  oc expose service novaordis-session-servlet --port=8080
  oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080


If --hostname is not specified, the standard <appname>-<projectname>.<[[OpenShift_Concepts#Default_Routing_Subdomain|default-routing-subdomain]]>
If --hostname is not specified, the standard <appname>-<projectname>.<[[OpenShift_Concepts#Default_Routing_Subdomain|default-routing-subdomain]]>
Line 41: Line 41:


<font color=red>'''TODO''': Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.</font>
<font color=red>'''TODO''': Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.</font>
=Deploy a Route from a  Template=
<syntaxhighlight lang='yaml'>
apiVersion: v1
kind: Template
metadata:
  name: template1
objects:
- apiVersion: v1
  kind: Route
  metadata:
    name: route1
  spec:
    host: some-service.apps.openshift.novaordis.io
    tls:
      insecureEdgeTerminationPolicy: Allow
      termination: edge
    to:
      kind: Service
      name: some-service
    wildcardPolicy: None
</syntaxhighlight>
Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in '''their''' configuration.

Latest revision as of 23:21, 26 February 2018

Internal

Overview

Route Information

oc get route 
oc edit route nexus

Expose a Service

Expose a service externally:

oc expose service <service-name> [--hostname=<fully-qualified-external-name>] [--port=<target-port>] [--path=/<target-path>]
oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080

If --hostname is not specified, the standard <appname>-<projectname>.<default-routing-subdomain>

Note that if --path is used, the value must begin with "/", otherwise the "oc expose" command will fail. TODO: 'path' requires research, an attempt to use it led to application being rendered inaccessible.

Specifying Termination Policy

In some cases, services were not publicly exposed because their route did not have a termination policy. To add a termination policy:

oc edit route <route-name>

and then

spec:
  ...
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: edge
  ...

Unsecure Routes

TODO: Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.

Deploy a Route from a Template

apiVersion: v1
kind: Template
metadata:
  name: template1
objects:
- apiVersion: v1
  kind: Route
  metadata:
    name: route1
  spec:
    host: some-service.apps.openshift.novaordis.io
    tls:
      insecureEdgeTerminationPolicy: Allow
      termination: edge
    to:
      kind: Service
      name: some-service
    wildcardPolicy: None

Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in their configuration.