Skip to content

Follow-up edits to PR#4648 #12661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 25, 2018
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 12 additions & 14 deletions dev_guide/getting_traffic_into_cluster.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -520,25 +520,23 @@ virtual IP address to the host in a configured pool of hosts. If the host goes
down, the virtual IP address is automatically transferred to another host in the
pool.


[[host-network]]
== Using Host Networking

You can choose to let the pods use the networking of the host that
they are on rather than containerizing the networking and using
the SDN. This is how the router works, and it can be a useful
technique when you have to proxy a Layer 7 protocol that is not
http/https/or TLS with SNI. You can look at the way the router is
configured to see how to set it up, but basically you need to set
`hostNetwork: true` in the pod definition, and then run the router
with a service account that has the `hostnetwork` permission. You can
grant the permission with `oc adm policy add-scc-to-user hostnetwork
You can choose to let the pods use the networking of the host that they are on
rather than containerizing the networking and using the SDN. This is how the
router works, and it can be a useful technique when you have to proxy a Layer 7
protocol that is not http/https/ or TLS with SNI. You can look at the way the
router is configured to see how to set it up, but basically you must set
`hostNetwork: true` in the pod definition, and then run the router with a
service account that has the `hostnetwork` permission. You can grant the
permission with `oc adm policy add-scc-to-user hostnetwork
system:serviceaccount:default:someserviceaccountname`.

Once configured, the pod can access all of the network interfaces on
the node that it is running on, including the host's SDN interface.
This allows you to make your own proxy, or allows you to run a program
directly on the host interfaces directly.
Once configured, the pod can access all of the network interfaces on the node
that it is running on, including the host's SDN interface. This allows you to
make your own proxy, or allows you to run a program directly on the host
interfaces directly.

[[ingress-load-balancer]]
== Non-Cloud Edge Router Load Balancer
Expand Down