OpenShift 3.3 and later contain the functionality to route pod traffic to the external world via a well-defined IP address. This is useful for example if your external services are protected using a firewall and you do not want to open the firewall to all cluster nodes. The way it works is that a egress … Read moreOPENSHIFT NETWORKING FROM A CONTAINER/WORKLOAD POINT OF VIEW – PART 6: CONTROLLING EGRESS TRAFFIC
In the OpenShift world, Services take place on the OSI Layer 3 / IP, while Routing is an OSI Layer 7 / HTTP/TLS concept. Once you’ve wrapped your head around this backwards choice of naming, things are fairly easy: An OpenShift Router is a component which listens on a physical host’s HTTP/S ports for incoming … Read moreOPENSHIFT NETWORKING FROM A CONTAINER/WORKLOAD POINT OF VIEW – PART 5: OPENSHIFT ROUTER
To allow stable endpoints in an environment of ever changing starting and stopping Pods (and therefore constantly changing IP addresses), Kubernetes introduces (and OpenShift uses) the concept of services. Services are stable IP addresses (taken per default from the 172.30.0.0/16 subnet) that remain the same as long as the service exists. Connection requests to a … Read moreOPENSHIFT NETWORKING FROM A CONTAINER/WORKLOAD POINT OF VIEW – PART 4: CONTAINER NETWORKING USING OPENSHIFT/KUBERNETES SERVICES
So far, this sounds like a lot of effort to achieve a little more than a plain docker host – containers that can talk to each other and to the host network, potentially segregated based on kubernetes namespace. However OpenShift SDN also allows pods on different nodes to communicate with each other. To this end, … Read moreOPENSHIFT NETWORKING FROM A CONTAINER/WORKLOAD POINT OF VIEW – PART 3: CONTAINER NETWORKING ACROSS OPENSHIFT NODES
If you have followed my earlier posts, then you know, that I’m in the process of building an IoT Demo, with a Raspberry Pi2 as the Smart Gateway. During this process, I had to re-install my Raspberry multiple times, but after the second time I got a bit tired of doing the same steps over … Read moreBuilding the IoT Smart Gateway with Docker, Raspberry Pi and JBoss for the “lazy” ones – Ansible rules!
In my previous post I described how to manually export/import a Docker image from one system into the Docker registry of OpenShift. A next step would be to push an image from a non OpenShift system directly into the registry. The documentation of OpenShift recommends to secure the registry before opening it for external access. … Read moreSecuring the OpenShift V3 Registry
During many customer discussions on PaaS, the same question does come up: “Can I use my own Docker images in OpenShift?” While the simple answer obviously is: “Well, sure! OpenShift makes use of Docker und Kubernetes“ Making it work, is a little bit more complex – until one finally understands it. In this blog I … Read moreImporting an external and not yet published Docker Image into Red Hat OpenShift V3