• Improve this Doc

    Show / Hide Table of Contents

    How to expose non-http services externally

    Overview

    UKCloud for Red Hat OpenShift enables you to develop, deploy, and manage digital and container-based applications seamlessly across local physical or virtual environments, with full portability to and from UKCloud.

    This article explains how you can expose services outside of your OpenShift cluster without using routes.

    Intended audience

    This article assumes familiarity with services and routes in OpenShift and access to an account with cluster-admin permissions.

    Prerequisites

    To complete the steps in this guide, your cluster must have been deployed from a version of our code that enables our non-http functionality. You can raise a Service Request to:

    • Check if your cluster already provides non-http functionality

    • Request a new cluster to be deployed incorporating our non-http functionality.

    Getting the external IP

    You'll need to raise a Service Request with us that provides the network you'd like to expose services on and the ports/protocols of the services you'll be exposing. We'll update your environment to create the virtual infrastructure needed and provide you with the publicly accessible IP and the local IP this maps to. The local IP will be important for the upcoming steps.

    Note

    You can request multiple ports/protocols and networks for external services.

    Exposing your service

    Now you need to create the service you would like to expose. Create the service as usual, then patch the local IP we gave you into the service as its external IP using the following command (the example uses a local IP of 10.2.1.120):

    oc patch svc <service_name> -p '{"spec":{"externalIPs":["10.2.1.120"]}}'
    

    Deploying ipfailover

    OpenShift has a feature called ipfailover that you can use to make an external IP accessible on a subset of nodes in the cluster. Use ipfailover to make your service available on the external IP. Enter the following commands to deploy ipfailover (you must have cluster-admin permissions):

    oc create sa ipfailover
    
    oc adm policy add-scc-to-user privileged -z ipfailover
    
    oc adm ipfailover --virtual-ips=10.2.1.120 --watch-port=0 --replicas=<amount_of_compute_nodes> --selector="node-role.kubernetes.io/compute=true" --vrrp-id-offset=0 --create
    

    You'll need to pass the IP you've patched into the service as an external IP, using the --virtual-ips argument. You can use any node-selector you like for the --selector argument but make sure it's a valid node label. You must set --watch-port to 0 for the ipfailover deployment to work. The --replicas argument should equal the amount of nodes matching your --selector label. You will need to increment --vrrp-id-offset by one for each ipfailover deployment in your cluster, for example to expose another external IP your command might look like the following:

    oc adm ipfailover --virtual-ips=10.2.1.121 --watch-port=0 --replicas=<amount_of_compute_nodes> --selector="node-role.kubernetes.io/compute=true" --vrrp-id-offset=1 --create
    
    Note

    You can only deploy one instance of ipfailover per project. Also, the deployment may sometimes go into a pending state. If this happens ensure that you've incremented --vrrp-id-offset (if necessary) and have given the ipfailover service account the required permissions inside the project you are deploying in:

    oc adm policy add-scc-to-user privileged -z ipfailover
    

    You can now access your service on the public IP tied to the external IP.

    Tip

    You can access multiple services on the same external IP, they just need to be running on a different port.

    Further reading

    OpenShift documentation on ipfailover: https://docs.openshift.com/container-platform/3.11/admin_guide/high_availability.html

    Feedback

    If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.

    ☀
    ☾
    Generated by DocFX
    Back to top
    © UKCloud Ltd, 2022. All Rights Reserved.
    Privacy Policy. Terms of Use. Contribute.

    The UKCloud Knowledge Centre uses cookies to ensure that we give you the best experience on our website. If you continue we assume that you consent to receive all cookies on this website.