We have an OpenShift cluster that is all internal, for dev purposes. It consists of a master + 2 nodes, all of which have a private IP. As long as the three hosts can communicate (are on the same network or can route to one another, AND can resolve each other's hostnames in DNS) then you're good. These three hosts run CentOS 7 Atomic. A wildcard DNS record points to the IPs of the two nodes, where the routers run, so its a round-robin DNS thing. Not the most optimal HA set up, but its simple and works well thus far.
Also, we used a regular CentOS 7 host (not Atomic) that's not part of the cluster that acts as the "utility" server. It has Ansible installed and can ssh to all the cluster hosts in order to fire off the playbooks. We are just getting started so haven't set up our production cluster yet. For that, I imagine we'll need public IPs (assigned to our nodes that are running routers) so that the world can get to our apps. So anyway, I *think* the answer to your question is you need public IPs on the openshift nodes that run your routers if the applications are to be publicly accessible. The blog post here suggests running your router on just the master: https://tobrunet.ch/articles/dive-into-openshift-v3 ...A wildcard DNS entry pointing to the IP address of the master. It is at this master where routers will run to allow for external clients to request application resources running within OpenShift. From: [email protected] [mailto:[email protected]] On Behalf Of Den Cowboy Sent: Thursday, December 08, 2016 9:34 AM To: Frederic Giloux <[email protected]> Cc: [email protected] Subject: Re: Which openshift instances need a public IP Thanks for your reply. Just the main goal we want to obtain is to keep our traffic from pod to pod (using routes, router, dns-wildcard) internal. So performing al this stuf on a private IP. Is that possible? I just checked this blog: http://dustymabe.com/2016/12/07/installing-an-openshift-origin-cluster-on-fedora-25-atomic-host-part-1/#comment-42901 He is using public ip's + private ip's. Are the privates useful in this case? We're able to use both and use and we can setup our own dns server but we don't want that our routes are going outside of our cluster. In public and than going back in the cluster. So main goal: translations of routes through router should stay in the private network. Is that possible? Thanks ________________________________ Van: Frederic Giloux <[email protected]<mailto:[email protected]>> Verzonden: donderdag 8 december 2016 13:35:12 Aan: Den Cowboy CC: [email protected]<mailto:[email protected]> Onderwerp: Re: Which openshift instances need a public IP Hi Den, you may need internet connectivity. Public IPs is not a requirement for that (confer proxy and NAT). Another option is to install OpenShift disconnected. See: https://docs.openshift.com/container-platform/3.3/install_config/install/disconnected_install.html. Disconnected Installation - Installing a Cluster ...<https://docs.openshift.com/container-platform/3.3/install_config/install/disconnected_install.html> docs.openshift.com An OpenShift Container Platform disconnected installation differs from a regular installation in two primary ways: Also, editing etc/hosts is not enough. You will require a proper DNS server (dnsmasq for instance) as the containers don't use /etc/hosts of the host for name resolution. Regards, Frédéric On Thu, Dec 8, 2016 at 1:37 PM, Den Cowboy <[email protected]<mailto:[email protected]>> wrote: Hi, We have our own Registry (like dockerhub) from where we can pull images. (the registry is in the same private network 192.168.25.x). Now we're trying to install OpenShift (very basic: 1 master + 1 node) on 192.168.25.1 and 192.168.25.2. We have experience with those installs but than we used public ip's. We have SSH acces from our master to our node. But: prereqs: you need ansible on the master, git, docker on master and node, ... - So initially we need public ip's on our servers to install those prerequisitions? - Do we need a public IP on every instance when we want to run the playbook? (it failed for resolving something to check ik yum-utils were installed). - Is this a good solution?: (public IP and private on master and node). Install prereqs and execute playbook. So we have a cluster. After that deleting the public network and reexecuting the playbook with only private ip's (or only a public ip on the master). Will this work? So as you can see we can use some input in using the setup. We want that the traffic between our nodes goes internally. So we probably need our own DNS server for hosts, routing, wildcards. (initially we try to cover this in /etc/hosts). If someone has experience with the setup of OpenShift where the communication over routes (through the router) happends internally (so no public wildcard). Please share some knowledge :). _______________________________________________ users mailing list [email protected]<mailto:[email protected]> http://lists.openshift.redhat.com/openshiftmm/listinfo/users -- Frédéric Giloux Senior Middleware Consultant Red Hat GmbH MesseTurm, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main Mobile: +49 (0) 174 1724661<callto:00491741724661> E-Mail: [email protected]<mailto:[email protected]>, http://www.redhat.de/ <http://www.redhat.de> Delivering value year after year Red Hat ranks # 1 in value among software vendors http://www.redhat.com/promo/vendor/ Freedom...Courage...Commitment...Accountability ________________________________________________________________________ Red Hat GmbH, http://www.de.redhat.com/ Sitz: Grasbrunn, Handelsregister: Amtsgericht München, HRB 153243 Geschäftsführer: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
