Using a NodePort to Get Traffic into the Cluster
Use NodePorts to expose the service nodePort on all nodes in the cluster.
Using NodePorts requires additional port resources.
A node port exposes the service on a static port on the node IP address.
NodePorts are in the 30000-32767 range by default, which means a NodePort is unlikely to match a service’s intended port (for example, 8080 may be exposed as 31020).
The administrator must ensure the external IPs are routed to the nodes and local firewall rules on all nodes allow access to the open port.
NodePorts and external IPs are independent and both can be used concurrently.
Before starting this procedure, the administrator must:
Set up the external port to the cluster networking environment so that requests can reach the cluster. For example, names can be configured into DNS to point to specific nodes or other IP addresses in the cluster. The DNS wildcard feature can be used to configure a subset of names to an IP address in the cluster. This allows the users to set up routes within the cluster without further administrator attention.
Make sure that the local firewall on each node permits the request to reach the IP address.
Configure the OKD cluster to use an identity provider that allows appropriate user access.
Make sure there is at least one user with cluster admin role. To add this role to a user, run the following command:
oadm policy add-cluster-role-to-user cluster-admin username
Have an OKD cluster with at least one master and at least one node and a system outside the cluster that has network access to the cluster. This procedure assumes that the external system is on the same subnet as the cluster. The additional networking required for external systems on a different subnet is out-of-scope for this topic.
You specify a port number for the nodePort when you create or modify a service. If you didn’t manually specify a port, system will allocate one for you.
Log into the master node.
If the project you want to use does not exist, create a new project for your service:
$ oc new-project <project_name>
$ oc new-project external-ip
Edit the service definition to specify
spec.type:NodePortand optionally specify a port in the in the 30000-32767 range.
apiVersion: v1 kind: Service metadata: name: mysql labels: name: mysql spec: type: NodePort ports: - port: 3036 nodePort: 30036 name: http selector: name: mysql
Execute the following command to create the service:
$ oc new-app <file-name>
oc new-app mysql.yaml
Execute the following command to see that the new service is created:
oc get svc NAME CLUSTER_IP EXTERNAL_IP PORT(S) AGE mysql 172.30.89.219 <nodes> 3036:30036/TCP 2m
Note that the external IP is listed as
<nodes>and the node ports are listed.
You should be able to access the service using the