Menu
Suppose this scenario:
There are two applications deployed in Openshift (maybe in the same namespace or may not) that want to send HTTP requests to each other.
The overall problem:
It seems that applications running inside Openshift cannot use their routes (created by Openshift) to call each other. The only solution that I came up with is to deploy the applications in the same namespace and make them to call the clusterIP address of services associated with applications.
The problem in my case:
I developed an IoT platform. In the platfrom, there is a Resource Registry (RR) that keeps the information about the available hosts. Either machines or humans can query the RR and find how to communicate with the available hosts. By the above problem, if RR stores the ClusterIP address of the services, only hosts running inside a namespace in Openshift can send requests to each other. On the other hand, if RR stores the routes (created by Openshift), all hosts running inside the Openshift cannot send requests to each other.
Question:
How can two applications inside the Openshift send requests to each other? Is there any unified way that an application outside the Openshift sends requests to another application inside Openshift as the same way as two applications inside the Openshift send requests to each other?
581
asked Mar 15 '17 20:03
Access via node IP means all pods running on a given node can access external systems. An egress router is a pod that has two interfaces (eth0) and (macvlan0). Eth0 is sitting on the cluster network in OpenShift (internal) and macvlan0 has an IP and gateway from the external physical network.
OpenShift Container Platform uses a software-defined networking (SDN) approach to provide a unified cluster network that enables communication between pods across the OpenShift Container Platform cluster.
A route allows you to host your application at a public URL. It can either be secure or unsecured, depending on the network security configuration of your application.
For each service, a hostname is setup in an internal DNS. So if you have a service called mybackend, then anything in the same project can access it using the hostname mybackend.
If the service is another project, you append the other project, separated by a . such as mybackend.myotherproject.
By default things in one project can't create direct connections to services in other projects, so to allow that, an admin needs to set up a pod network to allow applications in different projects to connect to each other. See the oc adm pod-network command for the latter.
In other words, you should never have to deal with the IP addresses yourself. You should use the hostnames created from the service name as that will work even if you destroy and recreate applications and the IP changes due to service having been recreated.
For more information on DNS and networking see:
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
