Configuring ingress cluster traffic for a service external IP

You can attach an external IP address to a service so that it is available to traffic outside the cluster. This is generally useful only for a cluster installed on bare metal hardware. The external network infrastructure must be configured correctly to route traffic to the service.

Prerequisites

Attaching an ExternalIP to a service

You can attach an ExternalIP to a service. If your cluster is configured to allocate an ExternalIP automatically, you might not need to manually attach an ExternalIP to the service.

Procedure

  1. Optional: To confirm what IP address ranges are configured for use with ExternalIP, enter the following command:

    1. $ oc get networks.config cluster -o jsonpath='{.spec.externalIP}{"\n"}'

    If autoAssignCIDRs is set, OKD automatically assigns an ExternalIP to a new Service object if the spec.externalIPs field is not specified.

  2. Attach an ExternalIP to the service.

    1. If you are creating a new service, specify the spec.externalIPs field and provide an array of one or more valid IP addresses. For example:

      1. apiVersion: v1
      2. kind: Service
      3. metadata:
      4.   name: svc-with-externalip
      5. spec:
      6.   ...
      7.   externalIPs:
      8.   - 192.174.120.10

    2. If you are attaching an ExternalIP to an existing service, enter the following command. Replace <name> with the service name. Replace <ip_address> with a valid ExternalIP address. You can provide multiple IP addresses separated by commas.

      1. $ oc patch svc <name> -p \
      2.   '{
      3.     "spec": {
      4.       "externalIPs": [ "<ip_address>" ]
      5.     }
      6.   }'

      For example:

      1. $ oc patch svc mysql-55-rhel7 -p '{"spec":{"externalIPs":["192.174.120.10"]}}'

      Example output

      1. "mysql-55-rhel7" patched

  3. To confirm that an ExternalIP address is attached to the service, enter the following command. If you specified an ExternalIP for a new service, you must create the service first.

    1. $ oc get svc

    Example output

    1. NAME               CLUSTER-IP      EXTERNAL-IP     PORT(S)    AGE
    2. mysql-55-rhel7     172.30.131.89   192.174.120.10  3306/TCP   13m

Additional resources