Getting started

OpenShift Dedicated 4

Getting started with OpenShift Dedicated 4

Red Hat OpenShift Documentation Team

Abstract

This document details how to get started with OpenShfit Dedicated

Chapter 1. Accessing your services

Once you have an OpenShift Dedicated subscription, you can access your services.

1.1. Creating your cluster

To create your OpenShift Dedicated cluster:

  1. Log in to cloud.redhat.com/openshift.
  2. Select Create ClusterRed Hat OpenShift Dedicated.
  3. Enter your Cluster name, number of Compute nodes, and select an AWS Region.
  4. Select your Node Type. The number and types of nodes available to you depend upon your OpenShift Dedicated subscription.
  5. If you want to configure your networking IP ranges under Advanced Options, the following are the default ranges available to use:

    1. Node CIDR: 10.0.0.0/16
    2. Service CIDR: 172.30.0.0/16
    3. Pod CIDR: 10.128.0.0/14
  6. Add your Identity provider by clicking the Add OAuth Configuration link.
  7. Add a user by clicking the Users tab, then Add User. Input the user’s name, then click Add.

In the Overview tab under the Details heading will have a Status indicator. This will indicate that your cluster is Ready for use.

1.2. Accessing your cluster

To access your OpenShift Dedicated cluster:

  1. From cloud.redhat.com/openshift, click on the cluster you want to access.
  2. Click Launch Console.

1.3. Requesting support

If you have questions about your environment or must open a support ticket, you can open or view a support case in the Red Hat Customer Portal.

Chapter 2. Scaling your cluster

2.1. Scaling your cluster

To scale your OpenShift Dedicated cluster:

  1. From cloud.redhat.com/openshift, click on the cluster you want to resize.
  2. Click the Actions button, then Scale Cluster.
  3. Select how many compute nodes are required, then click Apply.

Scaling occurs automatically. In the Overview tab under the Details heading,the Status indicator shows that your cluster is Ready for use.

Chapter 3. Deleting your cluster

To delete your OpenShift Dedicated cluster:

  1. From cloud.redhat.com/openshift, click on the cluster you want to delete.
  2. Click the Actions button, then Delete Cluster.
  3. Type the name of the cluster highlighted in bold, then click Delete.

Cluster deletion occurs automatically.

Chapter 4. Neworking

4.1. Configuring your application routes

When your cluster is provisioned, an AWS elastic load balancer (ELB) is created to route application traffic into the cluster. The domain for your ELB is configured to route application traffic via http(s)://*.<cluster-id>.<shard-id>.p1.openshiftapps.com. The <shard-id> is a random four-character string assigned to your cluster at creation time.

If you want to use custom domain names for your application routes, OpenShift Dedicated supports CNAME records in your DNS configuration that point to elb.apps.<cluster-id>.<shard-id>.p1.openshiftapps.com. While elb is recommended as a reminder for where this record is pointing, you can use any string for this value. You can create these CNAME records for each custom route you have, or you can create a wildcard CNAME record. For example:

*.openshift.example.com    CNAME    elb.apps.my-example.a1b2.p1.openshiftapps.com

This allows you to create routes like app1.openshift.example.com and app2.openshift.example.com without having to update your DNS every time.

4.2. Exposing TCP services

OpenShift Dedicated routes expose applications by proxying traffic through HTTP/HTTPS(SNI)/TLS(SNI) to pods and services. A LoadBalancer service creates an AWS Elastic Load Balancer (ELB) for your OpenShift Dedicated cluster, enabling direct TCP access to applications exposed by your LoadBalancer service.

Note

LoadBalancer services require an additional purchase. Contact your sales team if you are interested in using LoadBalancer services for your OpenShift Dedicated cluster.

4.2.1. Checking your LoadBalancer Quota

By purchasing LoadBalancer services, you are provided with a quota of LoadBalancers available for your OpenShift Dedicated cluster.

$ oc describe clusterresourcequota loadbalancer-quota
Name:       loadbalancer-quota
Labels:     <none>
...
Resource        Used    Hard
--------        ----    ----
services.loadbalancers  0   4

4.2.2. Exposing TCP service

You can expose your applications over an external LoadBalancer service, enabling access over the public Internet.

$ oc expose dc httpd-example --type=LoadBalancer --name=lb-service
service/lb-service created

4.2.3. Creating an internal-only TCP service

You can alternatively expose your applications internally only, enabling access only through AWS VPC Peering or a VPN connection.

$ oc expose dc httpd-example --type=LoadBalancer --name=internal-lb --dry-run -o yaml | awk '1;/metadata:/{ print "  annotations:\n    service.beta.kubernetes.io/aws-load-balancer-internal: \"true\"" }' | oc create -f -
service/internal-lb created

4.2.4. Enabling LoadBalancer access logs

You may, optionally, create an S3 bucket within your own AWS account, and configure the LoadBalancer service to send access logs to this S3 bucket at predefined intervals.

4.2.4.1. Prerequisites

You must first create the S3 bucket within your own AWS account, in the same AWS region that your OpenShift Dedicated cluster is deployed. This S3 bucket can be configured with all public access blocked, including system permissions. Once your S3 bucket is created, you must attach a policy to your bucket as outlined by AWS.

4.2.4.2. Configuring the LoadBalancer service

Update and apply the following annotations to your service YAML definition, prior to creating the object in your cluster.

metadata:
  name: my-service
  annotations:
    # Specifies whether access logs are enabled for the load balancer
    service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
    # The interval for publishing the access logs. You can specify an interval of either 5 or 60 (minutes).
    service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "60"
    # The name of the Amazon S3 bucket where the access logs are stored
    service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: "my-bucket"
    # The logical hierarchy you created for your Amazon S3 bucket, for example `my-bucket-prefix/prod`
    # This must match the prefix specified in the S3 policy
    service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: "my-bucket-prefix/prod"

4.2.4.3. Creating the LoadBalancer service

Once the annotations have been saved into a YAML file, you can create it from the command line:

$ oc create -f loadbalancer.yml
service/my-service created

4.2.5. Using your TCP Service

Once your LoadBalancer service is created, you can access your service by using the URL provided to you by OpenShift Dedicated. The LoadBalancer Ingress value is a URL unique to your service that remains static as long as the service is not deleted. If you prefer to use a custom domain, you can create a CNAME DNS record for this URL.

$ oc describe svc lb-service
Name:                     lb-service
Namespace:                default
Labels:                   app=httpd-example
Annotations:              <none>
Selector:                 name=httpd-example
Type:                     LoadBalancer
IP:                       10.120.182.252
LoadBalancer Ingress:     a5387ba36201e11e9ba901267fd7abb0-1406434805.us-east-1.elb.amazonaws.com
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  31409/TCP
Endpoints:                <none>
Session Affinity:         None
External Traffic Policy:  Cluster

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.