OpenShift Route Operations: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Internal= * OpenShift Operations =Expose a Service= oc expose") |
|||
| (27 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
* [[OpenShift Operations#Operations|OpenShift Operations]] | * [[OpenShift Operations#Operations|OpenShift Operations]] | ||
=Overview= | |||
=Route Information= | |||
oc get route | |||
oc edit route nexus | |||
=Expose a Service= | =Expose a Service= | ||
[[oc expose]] | Expose a service externally: | ||
[[oc expose]] service <''service-name''> [--hostname=<''fully-qualified-external-name''>] [--port=<''target-port>''] [--path=/<''target-path''>] | |||
oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080 | |||
If --hostname is not specified, the standard <appname>-<projectname>.<[[OpenShift_Concepts#Default_Routing_Subdomain|default-routing-subdomain]]> | |||
Note that if --path is used, the value must begin with "/", otherwise the "oc expose" command will fail. <font color=red>'''TODO''': 'path' requires research, an attempt to use it led to application being rendered inaccessible.</font> | |||
=Specifying Termination Policy= | |||
In some cases, services were not publicly exposed because their route did not have a termination policy. To add a termination policy: | |||
oc edit route <''route-name''> | |||
and then | |||
spec: | |||
... | |||
tls: | |||
insecureEdgeTerminationPolicy: Redirect | |||
termination: edge | |||
... | |||
=Unsecure Routes= | |||
<font color=red>'''TODO''': Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.</font> | |||
=Deploy a Route from a Template= | |||
<syntaxhighlight lang='yaml'> | |||
apiVersion: v1 | |||
kind: Template | |||
metadata: | |||
name: template1 | |||
objects: | |||
- apiVersion: v1 | |||
kind: Route | |||
metadata: | |||
name: route1 | |||
spec: | |||
host: some-service.apps.openshift.novaordis.io | |||
tls: | |||
insecureEdgeTerminationPolicy: Allow | |||
termination: edge | |||
to: | |||
kind: Service | |||
name: some-service | |||
wildcardPolicy: None | |||
</syntaxhighlight> | |||
Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in '''their''' configuration. | |||
Latest revision as of 23:21, 26 February 2018
Internal
Overview
Route Information
oc get route
oc edit route nexus
Expose a Service
Expose a service externally:
oc expose service <service-name> [--hostname=<fully-qualified-external-name>] [--port=<target-port>] [--path=/<target-path>]
oc expose service novaordis-session-servlet --hostname=noss-dev.apps.openshift.novaordis.io --port=8080
If --hostname is not specified, the standard <appname>-<projectname>.<default-routing-subdomain>
Note that if --path is used, the value must begin with "/", otherwise the "oc expose" command will fail. TODO: 'path' requires research, an attempt to use it led to application being rendered inaccessible.
Specifying Termination Policy
In some cases, services were not publicly exposed because their route did not have a termination policy. To add a termination policy:
oc edit route <route-name>
and then
spec:
...
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
...
Unsecure Routes
TODO: Unsecure routes do not work, this is because HAProxy only binds on 443, not 80. Fix this.
Deploy a Route from a Template
apiVersion: v1
kind: Template
metadata:
name: template1
objects:
- apiVersion: v1
kind: Route
metadata:
name: route1
spec:
host: some-service.apps.openshift.novaordis.io
tls:
insecureEdgeTerminationPolicy: Allow
termination: edge
to:
kind: Service
name: some-service
wildcardPolicy: None
Note that "some-service" must exists. The route mechanism will proxy to the port exposed by the service - and then by the pods, in their configuration.