Using NodePorts requires additional port resources.
Use NodePorts to expose the service nodePort on all nodes in the cluster.
Using NodePorts requires additional port resources.
A node port exposes the service on a static port on the node IP address.
NodePorts are in the 30000-32767 range by default, which means a NodePort is unlikely to match a service’s intended port (for example, 8080 may be exposed as 31020).
The administrator must ensure the external IPs are routed to the nodes and local firewall rules on all nodes allow access to the open port.
NodePorts and external IPs are independent and both can be used concurrently.
Before starting this procedure, the administrator must:
Set up the external port to the cluster networking environment so that requests can reach the cluster. For example, names can be configured into DNS to point to specific nodes or other IP addresses in the cluster. The DNS wildcard feature can be used to configure a subset of names to an IP address in the cluster. This allows the users to set up routes within the cluster without further administrator attention.
Make sure that the local firewall on each node permits the request to reach the IP address.
Configure the OpenShift Origin cluster to use an Identity Provider that allows appropriate user access.
Make sure there is at least one user with cluster admin role. To add this role to a user, run the following command:
oadm policy add-cluster-role-to-user cluster-admin username
Have an OpenShift Origin cluster with at least one master and at least one node and a system outside the cluster that has network access to the cluster. This procedure assumes that the external system is on the same subnet as the cluster. The additional networking required for external systems on a different subnet is out-of-scope for this topic.
The first step in allowing access to a service is to define an external IP address range in the master configuration file:
Log into OpenShift Origin as a user with the cluster admin role.
$ oc login Authentication required (openshift) Username: admin Password: Login successful. You have access to the following projects and can switch between them with 'oc project <projectname>': * default Using project "default".
Configure the externalIPNetworkCIDRs
parameter in the /etc/origin/master/master-config.yaml file as shown:
networkConfig: externalIPNetworkCIDRs: - <ip_address>/<cidr>
For example:
networkConfig: externalIPNetworkCIDRs: - 192.168.120.0/24
Restart the OpenShift Origin master service to apply the changes.
# systemctl restart origin-master-api origin-master-controllers
The IP address pool must terminate at one or more nodes in the cluster. |
You specify a port number for the nodePort when you create or modify a service. If you didn’t manually specify a port, system will allocate one for you.
Log into the master node.
If the project you want to use does not exist, create a new project for your service:
$ oc new-project <project_name>
For example:
$ oc new-project external-ip
Edit the service definition to specify spec.type:NodePort
and optionally specify a port in the in the 30000-32767 range.
apiVersion: v1 kind: Service metadata: name: mysql labels: name: mysql spec: type: NodePort ports: - port: 3036 nodePort: 30036 name: http selector: name: mysql
Execute the following command to create the service:
$ oc new-app <file-name>
For example:
oc new-app mysql.yaml
Execute the following command to see that the new service is created:
oc get svc NAME CLUSTER_IP EXTERNAL_IP PORT(S) AGE mysql 172.30.89.219 <nodes> 3036:30036/TCP 2m
Note that the external IP is listed as <nodes>
and the node ports are listed.
You should be able to access the service using the <NodeIP>:<NodePort>
address.