Router
Last updated
Was this helpful?
Last updated
Was this helpful?
An OpenShift Origin administrator can deploy routers to nodes in an OpenShift Origin cluster, which enable routes created by developers to be used by external clients. The routing layer in OpenShift Origin is pluggable, and are provided and supported by default.
An OpenShift Origin route exposes a service at a host name, like www.example.com, so that external clients can reach it by name.
Routes are first-class objects that are HA-capable simply by scaling up your application component to two or more replicas. There is never a need to recreate your application or change its DNS entry.
Your administrator may have configured a DNS wildcard entry that will resolve to the OpenShift Origin node that is running the OpenShift Origin router.
Each route consists of a name (limited to 63 characters), a service selector, and an optional security configuration.
Router HA
Routers that have permission to view all of thein all projects can select routes to admit based on the labels. This is called. This is useful when balancing incoming traffic load among a set of routers and when isolating traffic to a specific router. For example, company A goes to one router and company B to another.
Since a router runs on a specific node, when it or the node fails traffic ingress stops. The impact of this can be reduced by creating redundant routers on different nodes and using to switch the router IP address when a node fails.
Two available router plug-ins are provided and supported by default.
HAProxy template router is the default plug-in.
The router’s container listens on the host network interface, unlike most containers that listen only on private IPs. The router proxies external requests for route names to the IPs of actual pods identified by the service associated with the route.
The F5 router integrates with an existing F5 BIG-IP® system in your environment to synchronize routes.
IP failover manages a pool of Virtual IP (VIP) addresses on a set of nodes.
Permission to specify host ports
Router service account must have permissions to a security context constraint (SCC) that allows it to specify host ports.
To add a 'hostnetwork' SCC to the router service account in the default namespace
Permission to Access Labels
For example, if you want to create a router namedrouterand have it placed on a node labeled withregion=infra:
For example, if you have multiple routers, and 100 routes, you can attach labels to the routes so that a portion of them are handled by one router, whereas the rest are handled by another.
Add the label to the desired routes:
To verify that the label has been attached to the route, check the route configuration:
When are used, for example in creating , the service account for the router must havecluster-readerpermission.
To deploy the router to any node(s) that match a specified:
During, theopenshift_hosted_router_selectorandopenshift_registry_selectorAnsible settings are set toregion=infraby default. The default router and registry will only be automatically deployed if a node exists that matches theregion=infralabel.
Using theenvironment variable, you can filter routes so that they are used only by specific routers.
After, use theROUTE_LABELSenvironment variable to tag the router: