×

Overview

Use NodePorts to expose the service nodePort on all nodes in the cluster.

Using NodePorts requires additional port resources.

A node port exposes the service on a static port on the node IP address.

NodePorts are in the 30000-32767 range by default, which means a NodePort is unlikely to match a service’s intended port (for example, 8080 may be exposed as 31020).

The administrator must ensure the external IPs are routed to the nodes and local firewall rules on all nodes allow access to the open port.

NodePorts and external IPs are independent and both can be used concurrently.

Administrator Prerequisites

Before starting this procedure, the administrator must:

  • Set up the external port to the cluster networking environment so that requests can reach the cluster. For example, names can be configured into DNS to point to specific nodes or other IP addresses in the cluster. The DNS wildcard feature can be used to configure a subset of names to an IP address in the cluster. This allows the users to set up routes within the cluster without further administrator attention.

  • Make sure that the local firewall on each node permits the request to reach the IP address.

  • Configure the OpenShift Container Platform cluster to use an identity provider that allows appropriate user access.

  • Make sure there is at least one user with cluster-admin role. To add this role to a user, run the following command:

    $ oc adm policy add-cluster-role-to-user cluster-admin <username>
  • Have an OpenShift Container Platform cluster with at least one master and at least one node and a system outside the cluster that has network access to the cluster. This procedure assumes that the external system is on the same subnet as the cluster. The additional networking required for external systems on a different subnet is out-of-scope for this topic.

Configuring the Service

You specify a port number for the nodePort when you create or modify a service. If you didn’t manually specify a port, system will allocate one for you.

  1. Log in to the master node.

  2. If the project you want to use does not exist, create a new project for your service:

    $ oc new-project <project_name>

    For example:

    $ oc new-project external-ip
  3. Edit the service definition to specify spec.type:NodePort and optionally specify a port in the 30000-32767 range.

    apiVersion: v1
    kind: Service
    metadata:
      name: mysql
      labels:
        name: mysql
    spec:
      type: NodePort
      ports:
        - port: 3306
          nodePort: 30036
          name: http
      selector:
        name: mysql
  4. Run the following command to create the service:

    $ oc create -f <file_name>

    For example:

    $ oc create -f mysql.yaml
  5. Run the following command to see that the new service is created:

    $ oc get svc
    
    NAME             CLUSTER_IP       EXTERNAL_IP   PORT(S)                      AGE
    mysql            172.30.89.219    <none>        3306:30036/TCP               2m

    Note that the external IP is listed as <none> and the node ports are listed.

You should be able to access the service using the <NodeIP>:<NodePort> address.