×

About Routers

There are many ways to get traffic into the cluster. The most common approach is to use the OKD router as the ingress point for external traffic destined for services in your OKD installation.

OKD provides and supports the following router plug-ins:

Configuring the Router Service Account

Router service account must have permissions to a security context constraint (SCC) that allows it to specify host ports.

To add a 'hostnetwork' SCC to the router service account in the default namespace:

$ oc adm policy add-scc-to-user hostnetwork system:serviceaccount:default:router

You can also use 'privileged' SCC for running your router, but it is recommended to use only the necessary SCC for running router.

Permission to Access Labels

When namespace labels are used, for example in creating router shards, the service account for the router must have cluster-reader permission.

$ oc adm policy add-cluster-role-to-user \
    cluster-reader \
    system:serviceaccount:default:router

With a service account in place, you can proceed to installing a default HAProxy Router or a customized HAProxy Router