oc-adm-router man page

oc adm router — Install a router

Synopsis

oc adm router [Options]

Description

Install or configure a router

This command helps to setup a router to take edge traffic and balance it to your application. With no arguments, the command will check for an existing router service called 'router' and create one if it does not exist. If you want to test whether a router has already been created add the --dry-run flag and the command will exit with 1 if the registry does not exist.

If a router does not exist with the given name, this command will create a deployment configuration and service that will run the router. If you are running your router in production, you should pass --replicas=2 or higher to ensure you have failover protection.

Options

--ciphers=""

Specifies the cipher suites to use. You can choose a predefined cipher set ('modern', 'intermediate', or 'old') or specify exact cipher suites by passing a : separated list. Not supported for F5.

--create=false

deprecated; this is now the default behavior

--default-cert=""

Optional path to a certificate file that be used as the default certificate.  The file should contain the cert, key, and any CA certs necessary for the router to serve the certificate. Does not apply to external appliance based routers (e.g. F5)

--disable-namespace-ownership-check=false

Disables the namespace ownership check and allows different namespaces to claim either different paths to a route host or overlapping host names in case of a wildcard route. The default behavior (false) to restrict claims to the oldest namespace that has claimed either the host or the subdomain. Please be aware that if namespace ownership checks are disabled, routes in a different namespace can use this mechanism to 'steal' sub-paths for existing domains. This is only safe if route creation privileges are restricted, or if all the users can be trusted.

--dry-run=false

If true, show the result of the operation without performing it.

--extended-logging=false

If true, then configure the router with additional logging.

--external-host=""

If the underlying router implementation connects with an external host, this is the external host's hostname.

--external-host-http-vserver=""

If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTP connections.

--external-host-https-vserver=""

If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTPS connections.

--external-host-insecure=false

If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.

--external-host-internal-ip=""

If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.

--external-host-partition-path=""

If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.

--external-host-password=""

If the underlying router implementation connects with an external host, this is the password for authenticating with the external host.

--external-host-private-key=""

If the underlying router implementation requires an SSH private key, this is the path to the private key file.

--external-host-username=""

If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.

--external-host-vxlan-gw=""

If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.

--force-subdomain=""

A router path format to force on all routes used by this router (will ignore the route host value)

--host-network=true

If true (the default), then use host networking rather than using a separate container network stack. Not required for external appliance based routers (e.g. F5)

--host-ports=true

If true (the default), when not using host networking host ports will be exposed. Not required for external appliance based routers (e.g. F5)

--images="openshift/origin-${component}:${version}"

The image to base this router on - ${component} will be replaced with --type

--labels="router=<name>"

A set of labels to uniquely identify the router and its components.

--latest-images=false

If true, attempt to use the latest images for the router instead of the latest release.

--local=false

If true, do not contact the apiserver

--max-connections=""

Specifies the maximum number of concurrent connections. Not supported for F5.

--mutual-tls-auth="none"

Controls access to the router using mutually agreed upon TLS configuration (example client certificates). You can choose one of 'required', 'optional', or 'none'. The default is none.

--mutual-tls-auth-ca=""

Optional path to a file containing one or more CA certificates used for mutual TLS authentication. The CA certificate[s] are used by the router to verify a client's certificate.

--mutual-tls-auth-crl=""

Optional path to a file containing the certificate revocation list used for mutual TLS authentication. The certificate revocation list is used by the router to verify a client's certificate.

--mutual-tls-auth-filter=""

Optional regular expression to filter the client certificates. If the client certificate subject field does not match this regular expression, requests will be rejected by the router.

-o, --output=""

Output results as yaml or json instead of executing, or use name for succint output (resource/name).

--output-version=""

The preferred API versions of the output objects

--ports="80:80,443:443"

A comma delimited list of ports or port pairs that set the port in the router pod containerPort and hostPort. It also sets service port and targetPort to expose on the router pod. This does not modify the env variables. That can be done using oc set env or by editing the router's dc. This is used when host-network=false.

--replicas=1

The replication factor of the router; commonly 2 when high availability is desired.

--router-canonical-hostname=""

CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.

--secrets-as-env=false

If true, use environment variables for master secrets.

--selector=""

Selector used to filter nodes on deployment. Used to run routers on a specific set of nodes.

--service-account="router"

Name of the service account to use to run the router pod.

-a, --show-all=true

When printing, show all resources (false means hide terminated pods.)

--show-labels=false

When printing, show all labels as the last column (default hide labels column)

--sort-by=""

If non-empty, sort list types using this field specification.  The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.

--stats-password=""

If the underlying router implementation can provide statistics this is the requested password for auth.  If not set a password will be generated. Not available for external appliance based routers (e.g. F5)

--stats-port=1936

If the underlying router implementation can provide statistics this is a hint to expose it on this port. Specify 0 if you want to turn off exposing the statistics.

--stats-user="admin"

If the underlying router implementation can provide statistics this is the requested username for auth. Not available for external appliance based routers (e.g. F5)

--strict-sni=false

Use strict-sni bind processing (do not use default cert). Not supported for F5.

--subdomain=""

The template for the route subdomain exposed by this router, used for routes that are not externally specified. E.g. '${name}-${namespace}.apps.mycompany.com'

--template=""

Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].

--threads=0

Specifies the number of threads for the haproxy router.

--type="haproxy-router"

The type of router to use - if you specify --images this flag may be ignored.

Options Inherited from Parent Commands

--allow_verification_with_non_compliant_keys=false

Allow a SignatureVerifier to use keys which are technically non-compliant with RFC6962.

--alsologtostderr=false

log to standard error as well as files

--application_metrics_count_limit=100

Max number of application metrics to store (per container)

--as=""

Username to impersonate for the operation

--as-group=[]

Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

--azure-container-registry-config=""

Path to the file containing Azure container registry configuration information.

--boot_id_file="/proc/sys/kernel/random/boot_id"

Comma-separated list of files to check for boot-id. Use the first one that exists.

--cache-dir="/builddir/.kube/http-cache"

Default HTTP cache directory

--certificate-authority=""

Path to a cert file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

CIDRs opened in GCE firewall for LB traffic proxy health checks

--cluster=""

The name of the kubeconfig cluster to use

--container_hints="/etc/cadvisor/container_hints.json"

location of the container hints file

--containerd="unix:///var/run/containerd.sock"

containerd endpoint

--context=""

The name of the kubeconfig context to use

--default-not-ready-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

--default-unreachable-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

--docker="unix:///var/run/docker.sock"

docker endpoint

--docker-tls=false

use TLS to connect to docker

--docker-tls-ca="ca.pem"

path to trusted CA

--docker-tls-cert="cert.pem"

path to client certificate

--docker-tls-key="key.pem"

path to private key

--docker_env_metadata_whitelist=""

a comma-separated list of environment variable keys that needs to be collected for docker containers

--docker_only=false

Only report docker containers in addition to root stats

--docker_root="/var/lib/docker"

DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker)

--enable_load_reader=false

Whether to enable cpu load reader

--event_storage_age_limit="default=24h"

Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types

--event_storage_event_limit="default=100000"

Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types

--global_housekeeping_interval=0

Interval between global housekeepings

--housekeeping_interval=0

Interval between container housekeepings

--httptest.serve=""

if non-empty, httptest.NewServer serves on this address and blocks

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--kubeconfig=""

Path to the kubeconfig file to use for CLI requests.

--log-flush-frequency=0

Maximum number of seconds between log flushes

--log_backtrace_at=:0

when logging hits line file:N, emit a stack trace

--log_cadvisor_usage=false

Whether to log the usage of the cAdvisor container

--log_dir=""

If non-empty, write log files in this directory

--logtostderr=true

log to standard error instead of files

--machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"

Comma-separated list of files to check for machine-id. Use the first one that exists.

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

-s, --server=""

The address and port of the Kubernetes API server

--stderrthreshold=2

logs at or above this threshold go to stderr

--storage_driver_buffer_duration=0

Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

--storage_driver_db="cadvisor"

database name

--storage_driver_host="localhost:8086"

database host:port

--storage_driver_password="root"

database password

--storage_driver_secure=false

use secure connection with database

--storage_driver_table="stats"

table name

--storage_driver_user="root"

database username

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

-v, --v=0

log level for V logs

--version=false

Print version information and quit

--vmodule=

comma-separated list of pattern=N settings for file-filtered logging

Example

  # Check the default router ("router")
  oc adm router --dry-run
  
  # See what the router would look like if created
  oc adm router -o yaml
  
  # Create a router with two replicas if it does not exist
  oc adm router router-west --replicas=2
  
  # Use a different router image
  oc adm router region-west --images=myrepo/somerouter:mytag
  
  # Run the router with a hint to the underlying implementation to _not_ expose statistics.
  oc adm router router-west --stats-port=0

See Also

oc-adm(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

oc-adm(1).

Openshift CLI User Manuals June 2016