generated from miethe/hobby-meat
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
65 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
+++ | ||
title = "Networking" | ||
description = ''' | ||
Load Balancing and external service access in OpenShift. | ||
''' | ||
categories = ["Engineering"] | ||
tags = ["OpenShift", "Networking", "Ingress", "Load Balancer", "External IP"] | ||
+++ | ||
|
||
Whenever a service needs to be accessed from outside a cluster (external to the network), there are several options available. The primary and most appropriate method is through using a Load Balancer. However, in some situations, such as during dev or test in an ephemeral or local cluster, it is easier to use methods such as exposing NodePorts. In this post, we will be explaining the various options available. | ||
|
||
## Load Balancers | ||
|
||
### HAproxy - OCP Default | ||
|
||
### MetalLB | ||
|
||
MetalLB is a powerful Load Balancer available as an Operator in OpenShift which provides Load Balancing for clusters deployed on bare-metal or other environments without native load balancers: on-prem, IBM Power, Z, vSphere, etc. | ||
|
||
MetalLB can operate on either L2 or L3, in addition to utilizing BGP. While the L2 functionality is similar to IP failover, it leverages a gossip-based protocol to identify node failure, via **VRRP** and `keepalived`. This makes MetalLB preferable over more basic options like IP failover. | ||
|
||
The MetalLB Operator works within the cluster by providing a platform-native load balancer to any `Service` of type `LoadBalancer`, automating the entire process for every `Service`. | ||
|
||
## Other Methods | ||
|
||
### NodePorts | ||
|
||
One of the most simple methods for exposing a `Service` outside of a cluster is by using a `NodePort`. `Nodeports` are a specific port on all OpenShift hosts (nodes) which is assigned to a specific service. This allows access to the service in a similar manner to accessing the OpenShift Web Console, at the core OpenShift IP but at the given port. | ||
|
||
Assuming you have a `Service` which you are trying to expose, you can do the following to create a `NodePort`: | ||
|
||
From within the given `project`: | ||
|
||
```bash | ||
oc edit svc <service_name> | ||
``` | ||
|
||
```yaml | ||
spec: | ||
ports: | ||
- name: 8443-tcp | ||
nodePort: 31234 | ||
port: 8443 | ||
protocol: TCP | ||
targetPort: 8443 | ||
sessionAffinity: None | ||
type: NodePort | ||
``` | ||
|
||
Validate your service is updated w/ the given port: | ||
|
||
```bash | ||
oc get svc | ||
``` | ||
|
||
```bash | ||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | ||
httpd NodePort 172.xx.xx.xx <none> 8443:31234/TCP 12s | ||
``` | ||
|
||
## Resources | ||
|
||
* [Using Integrated Load Balancing With On-Premises OpenShift 4 IPI](https://cloud.redhat.com/blog/using-integrated-load-balancing-with-on-premises-openshift-4-ipi) | ||
* [Configuring ingress cluster traffic using a NodePort - Configuring ingress cluster traffic | Networking | OpenShift Container Platform 4.13](https://docs.openshift.com/container-platform/4.13/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.html) | ||
* [About MetalLB and the MetalLB Operator - Load balancing with MetalLB | Networking | OpenShift Container Platform 4.13](https://docs.openshift.com/container-platform/4.13/networking/metallb/about-metallb.html) |