K
Q

Exposing openshift service to aws public ip

1/18/2019

I am running openshift in aws

[centos@ip-10-0-0-14 ~]$ oc version
oc v3.6.1+008f2d5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://ip-10-0-0-14.ec2.internal:8443
openshift v3.6.1+008f2d5
kubernetes v1.6.1+5115d708d7

I have one master and two nodes. How can I expose a service to aws public ip? I can access service internally:

links http://blogroute-project-a.router.default.svc.cluster.local

How can I expose it to public ip? Is it possible to be done in openshfit web console? I have tried to follow https://docs.openshift.com/container-platform/3.4/dev_guide/expose_service/expose_internal_ip_service.html but failed.

In command:

oc patch svc blog -p '{"spec":{"externalIPs":["what ip?"]}}'

doc states about ip visible in ifconfig, (but it's not aws public ip). Which ip should I use, aws public ip, or private ip (eg 10-0-0-14) from aws local network?

Should I use ip of master node? Or of worker? If I have two worker nodes shoudl I write ips of both of them?

Currently there are following routes:

[centos@ip-10-0-0-14 ~]$ oc get routes
NAME             HOST/PORT                                                   PATH      SERVICES         PORT       TERMINATION   WILDCARD
blog             blog-project-a.router.default.svc.cluster.local                       blog             8080-tcp                 None
blog-django-py   blog-django-py-project-a.router.default.svc.cluster.local             blog-django-py   8080-tcp                 None
blog2            ec2-3-90-171-97.compute-1.amazonaws.com                     /blog2    blog             8080-tcp                 None
blogroute        blogroute-project-a.router.default.svc.cluster.local                  blog             8080-tcp                 None

for following services:

[centos@ip-10-0-0-14 ~]$ oc get svc
NAME             CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
blog             172.30.111.64   3.90.171.97   8080/TCP   5d
blog-django-py   172.30.184.15   <none>        8080/TCP   5d
-- bastiat
amazon-web-services
kubernetes
kubernetes-ingress
openshift

Similar Questions

How to filter logs based on severity in fluentd and send it to 2 different logging systems
Not able to access external database in a pod using kubeadm-dind-cluster
Google Kubernetes Engine Service loadBalancerSourceRanges not allowing connection on IP range
Kubernetes cron job needs one command to finish first?

1 Answer

1/19/2019

You can do this by creating a load balancer with public IP and pointing it to all nodes at port 80 (haproxy is listening on port 80). Then you have to create a wildcard DNS, something like *.apps.yourdomain.com, and point that to the load balancer you created.

Afterwards you must configure your domain in the OpenShift cluster, see https://docs.openshift.com/container-platform/3.6/install_config/install/advanced_install.html#configuring-cluster-variables.

Then you can expose your service and create a route, for example blog.apps.yourdomain.com.

-- Tony Stark
Source: StackOverflow