Chapter 12. Configuring network access to Data Grid

Expose Data Grid clusters so you can access Data Grid Console, the Data Grid command line interface (CLI), REST API, and Hot Rod endpoint.

12.1. Getting the service for internal connections

By default, Data Grid Operator creates a service that provides access to Data Grid clusters from clients running on OpenShift.

This internal service has the same name as your Data Grid cluster, for example:

metadata:
  name: infinispan

Procedure

  • Check that the internal service is available as follows:

    oc get services

12.2. Exposing Data Grid through a LoadBalancer service

Use a LoadBalancer service to make Data Grid clusters available to clients running outside OpenShift.

Note

To access Data Grid with unencrypted Hot Rod client connections you must use a LoadBalancer service.

Procedure

  1. Include spec.expose in your Infinispan CR.
  2. Specify LoadBalancer as the service type with the spec.expose.type field.
  3. Optionally specify the network port where the service is exposed with the spec.expose.port field.

    spec:
      expose:
        type: LoadBalancer
        port: 65535
  4. Apply the changes.
  5. Verify that the -external service is available.

    oc get services | grep external

12.3. Exposing Data Grid through a NodePort service

Use a NodePort service to expose Data Grid clusters on the network.

Procedure

  1. Include spec.expose in your Infinispan CR.
  2. Specify NodePort as the service type with the spec.expose.type field.
  3. Configure the port where Data Grid is exposed with the spec.expose.nodePort field.

    spec:
      expose:
        type: NodePort
        nodePort: 30000
  4. Apply the changes.
  5. Verify that the -external service is available.

    oc get services | grep external

12.4. Exposing Data Grid through a Route

Use an OpenShift Route with passthrough encryption to make Data Grid clusters available on the network.

Note

To access Data Grid with Hot Rod client, you must configure TLS with SNI.

Procedure

  1. Include spec.expose in your Infinispan CR.
  2. Specify Route as the service type with the spec.expose.type field.
  3. Optionally add a hostname with the spec.expose.host field.

    spec:
      expose:
        type: Route
        host: www.example.org
  4. Apply the changes.
  5. Verify that the route is available.

    oc get routes

Route ports

When you create a Route, it exposes a port on the network that accepts client connections and redirects traffic to Data Grid services that listen on port 11222.

The port where the Route is available depends on whether you use encryption or not.

PortDescription

80

Encryption is disabled.

443

Encryption is enabled.

12.5. Network services

Reference information for network services that Data Grid Operator creates and manages.

ServicePortProtocolDescription

<cluster_name>

11222

TCP

Access to Data Grid endpoints within the OpenShift cluster or from an OpenShift Route.

<cluster_name>-admin

11223

TCP

Access to Data Grid endpoints within the OpenShift cluster for internal Data Grid Operator use. This port utilises a different security-realm to port 11222 and should not be accessed by user applications.

<cluster_name>-ping

8888

TCP

Cluster discovery for Data Grid pods.

<cluster_name>-external

11222

TCP

Access to Data Grid endpoints from a LoadBalancer or NodePort service.

<cluster_name>-site

7900

TCP

JGroups RELAY2 channel for cross-site communication.

Note

The Data Grid Console should only be accessed via OpenShift services or an OpenShift Route exposing port 11222.