openshift-infra-router man page

openshift infra router — Start a router


openshift infra router [Options]


Start a router

This command launches a router connected to your cluster master. The router listens for routes and endpoints created by users and keeps a local router configuration up to date with those changes.

You may customize the router by providing your own --template and --reload scripts.

The router must have a default certificate in pem format. You may provide it via --default-cert otherwise one is automatically created.

You may restrict the set of routes exposed to a single project (with --namespace), projects your client has access to with a set of labels (--project-labels), namespaces matching a label (--namespace-labels), or all namespaces (no argument). You can limit the routes to those matching a --labels or --fields selector. Note that you must have a cluster-wide administrative role to view all namespaces.



Allow wildcard host names for routes


List of comma separated domains to allow in routes. If specified, only the domains in this list will be allowed routes. Note that domains in the denied list take precedence over the ones in the allowed list


DEPRECATED: The API version to use when talking to the server


Username to impersonate for the operation


Bind ports only after route state has been synchronized


Path to a cert. file for the certificate authority


Specifies the cipher suites to use. You can choose a predefined cipher set ('modern', 'intermediate', or 'old') or specify exact cipher suites by passing a : separated list.


Path to a client certificate file for TLS


Path to a client key file for TLS


The name of the kubeconfig cluster to use


Path to the config file to use for CLI requests.


The name of the kubeconfig context to use


The contents of a default certificate to use for routes that don't expose a TLS server cert; in PEM format


A path to a directory that contains a file named tls.crt. If tls.crt is not a PEM file which also contains a private key, it is first combined with a file named tls.key in the same directory. The PEM-format contents are then used as the default certificate. Only used if default-certificate and default-certificate-path are not specified.


A path to default certificate to use for routes that don't expose a TLS server cert; in PEM format


A path to a PEM file containing the default CA bundle to use with re-encrypt routes. This CA should sign for certificates in the Kubernetes DNS space (service.namespace.svc).


List of comma separated domains to deny in routes


Disables the namespace ownership checks for a route host with different paths or for overlapping host names in the case of wildcard routes. Please be aware that if namespace ownership checks are disabled, routes in a different namespace can use this mechanism to 'steal' sub-paths for existing domains. This is only safe if route creation privileges are restricted, or if all the users can be trusted.


Enable configuration via ingress resources


If set, then an additional extended validation step is performed on all routes admitted in by this router. Defaults to true and enables the extended validation checks.


A field selector to apply to routes to watch


If specified, a template that should be used to generate the hostname for a route without (e.g. '${name}-${namespace}')


If true, UDP endpoints will be considered as candidates for routing


If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure


Controls how often router reloads are invoked. Mutiple router reload requests are coalesced for the duration of this interval since the last reload time.

--kubernetes=" ⟨http://localhost:8080"⟩

The address of the Kubernetes server (host, host:port, or URL). If omitted defaults to the master.


A label selector to apply to the routes to watch


The name of an interface to listen on to expose metrics and health checking. If not specified, will not listen. Overrides stats port.

--master=" ⟨http://localhost:8080"⟩

The address the master can be reached on (host, host:port, or URL).


Specifies the maximum number of concurrent connections.


Specifies the type of metrics to gather. Supports 'haproxy'.


The name the router will identify itself with in the route status

-n, --namespace=""

If present, the namespace scope for this CLI request


A label selector to apply to namespaces to watch


Override the value for a route with --hostname-template


A label selector to apply to projects to watch; if '*' watches all projects the client can access


The path to the reload script to use


The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.


The interval at which the route list should be fully refreshed


CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.


The address and port of the Kubernetes API server


If the underlying router implementation can provide statistics this is the requested password for auth.


If the underlying router implementation can provide statistics this is a hint to expose it on this port. Ignored if listen-addr is specified.


If the underlying router implementation can provide statistics this is the requested username for auth.


Use strict-sni bind processing (do not use default cert).


The path to the template file to use


Bearer token for authentication to the API server


The name of the kubeconfig user to use


The working directory for the router plugin

Options Inherited from Parent Commands


Path to the file container Azure container registry configuration information.


The Google Cloud Platform Service Account JSON Key to use for authentication.


Maximum number of seconds between log flushes

See Also

openshift-infra(1), openshift-infra-router-version(1),


June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-infra(1), openshift-infra-router-version(1).

Openshift CLI User Manuals June 2016