openshift-infra-router man page

openshift infra router — Start a router

Synopsis

openshift infra router [Options]

Description

Start a router

This command launches a router connected to your cluster master. The router listens for routes and endpoints created by users and keeps a local router configuration up to date with those changes.

You may customize the router by providing your own --template and --reload scripts.

The router must have a default certificate in pem format. You may provide it via --default-cert otherwise one is automatically created.

You may restrict the set of routes exposed to a single project (with --namespace), projects your client has access to with a set of labels (--project-labels), namespaces matching a label (--namespace-labels), or all namespaces (no argument). You can limit the routes to those matching a --labels or --fields selector. Note that you must have a cluster-wide administrative role to view all namespaces.

Options

--allow-wildcard-routes=false

Allow wildcard host names for routes

--allowed-domains=[]

List of comma separated domains to allow in routes. If specified, only the domains in this list will be allowed routes. Note that domains in the denied list take precedence over the ones in the allowed list

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--bind-ports-after-sync=false

Bind ports only after route state has been synchronized

--certificate-authority=""

Path to a cert. file for the certificate authority

--ciphers=""

Specifies the cipher suites to use. You can choose a predefined cipher set ('modern', 'intermediate', or 'old') or specify exact cipher suites by passing a : separated list.

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--default-certificate=""

The contents of a default certificate to use for routes that don't expose a TLS server cert; in PEM format

--default-certificate-dir=""

A path to a directory that contains a file named tls.crt. If tls.crt is not a PEM file which also contains a private key, it is first combined with a file named tls.key in the same directory. The PEM-format contents are then used as the default certificate. Only used if default-certificate and default-certificate-path are not specified.

--default-certificate-path=""

A path to default certificate to use for routes that don't expose a TLS server cert; in PEM format

--default-destination-ca-path="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"

A path to a PEM file containing the default CA bundle to use with re-encrypt routes. This CA should sign for certificates in the Kubernetes DNS space (service.namespace.svc).

--denied-domains=[]

List of comma separated domains to deny in routes

--disable-namespace-ownership-check=false

Disables the namespace ownership checks for a route host with different paths or for overlapping host names in the case of wildcard routes. Please be aware that if namespace ownership checks are disabled, routes in a different namespace can use this mechanism to 'steal' sub-paths for existing domains. This is only safe if route creation privileges are restricted, or if all the users can be trusted.

--enable-ingress=false

Enable configuration via ingress resources

--extended-validation=true

If set, then an additional extended validation step is performed on all routes admitted in by this router. Defaults to true and enables the extended validation checks.

--fields=""

A field selector to apply to routes to watch

--hostname-template=""

If specified, a template that should be used to generate the hostname for a route without spec.host (e.g. '${name}-${namespace}.myapps.mycompany.com')

--include-udp-endpoints=false

If true, UDP endpoints will be considered as candidates for routing

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--interval=0

Controls how often router reloads are invoked. Mutiple router reload requests are coalesced for the duration of this interval since the last reload time.

--kubernetes=" ⟨http://localhost:8080"⟩

The address of the Kubernetes server (host, host:port, or URL). If omitted defaults to the master.

--labels=""

A label selector to apply to the routes to watch

--listen-addr=""

The name of an interface to listen on to expose metrics and health checking. If not specified, will not listen. Overrides stats port.

--master=" ⟨http://localhost:8080"⟩

The address the master can be reached on (host, host:port, or URL).

--max-connections=""

Specifies the maximum number of concurrent connections.

--metrics-type=""

Specifies the type of metrics to gather. Supports 'haproxy'.

--name="public"

The name the router will identify itself with in the route status

-n, --namespace=""

If present, the namespace scope for this CLI request

--namespace-labels=""

A label selector to apply to namespaces to watch

--override-hostname=false

Override the spec.host value for a route with --hostname-template

--project-labels=""

A label selector to apply to projects to watch; if '*' watches all projects the client can access

--reload=""

The path to the reload script to use

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--resync-interval=0

The interval at which the route list should be fully refreshed

--router-canonical-hostname=""

CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.

--server=""

The address and port of the Kubernetes API server

--stats-password=""

If the underlying router implementation can provide statistics this is the requested password for auth.

--stats-port=""

If the underlying router implementation can provide statistics this is a hint to expose it on this port. Ignored if listen-addr is specified.

--stats-user=""

If the underlying router implementation can provide statistics this is the requested username for auth.

--strict-sni=false

Use strict-sni bind processing (do not use default cert).

--template=""

The path to the template file to use

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

--working-dir="/var/lib/haproxy/router"

The working directory for the router plugin

Options Inherited from Parent Commands

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--log-flush-frequency=0

Maximum number of seconds between log flushes

See Also

openshift-infra(1), openshift-infra-router-version(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-infra(1), openshift-infra-router-version(1).

Openshift CLI User Manuals June 2016