OpenShift - List egress IP using the oc get netnamespace command

Egress provides a way for an application deployed on OpenShift to access an external URL, such as http://www.example.com.

NetNamespace is used to assign an egress IP address to one or more namespaces, so that all egress traffic from the namespace is using a dedicated IP address. By assigning a specific egress IP address to a namespace, all outbound (egress) requests from applications in the project will come from the dedicated egress IP address, making it easier to find the requests that came from applications in the project. This also makes it possible to have two (or more) different projects share the same egress IP address, as a way to group similar projects together.

 

An OpenShift route or an Ingress route will provide a URL such as http://route001-project001.apps.openshift.example.com:8080 which is used to route a request onto a service, which is then routed onto a pod, and then to the container in the pod, and finally to the application running in the container.

 

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc get netnamespaces command can be used to list the netid and egress IP addresses associated with a project / namespace. By default, a project will not have a dedicated egress IP address.

~]# oc get netnamespaces
NAME                 NETID      EGRESS IPS
project001           10932896
project002           13410851
project003           13513887

 

The oc patch netnamespaces command can be used after the project / namespace has been created to assign an egress IP address to the project. By assigning a specific egress IP address to a project / namespace, all outbound requests from applications / services in the project will come from the egress IP address, making it easy to find the requests that came from applications / services in the project. 

AVOID TROUBLE

The egress IP address must be in the same subnet as the nodes primary IP address. For example, if the node's primary IP address is 10.7.1.2/8 then the egress IP adress would need to be in the 10.x.x.x/8 subnet.

~]# oc patch netnamespace project001 --type merge --patch '{ "egressIPs": [ "10.7.11.10" ] }'
netnamespace.network.openshift.io/project001 patched

 

Or, a specific project / namespace can be listed.

~]# oc get netnamespace project001
NAME                 NETID      EGRESS IPS
project001           10932896   ["10.7.11.10"]



Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 07f7a in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |