The following services are exposed on the Customer Access Network (CAN). Each of these services requires an IP address on the CAN subnet so they are reachable on the CAN. This IP address is allocated by the MetalLB component.
Services under Istio Ingress Gateway and Keycloak Gatekeeper Ingress share an ingress, so they all use the IP allocated to the Ingress.
Each service is given a DNS name that is served by the External DNS service to make them resolvable from the site network. This makes it possible to access each of these services by name rather than finding the allocated IP. The DNS name is pre-pended to the system-name.site-domain specified during csi config init. For example, if the system is named TestSystem, and the site is example.com, the HPE Cray EX domain would be testsystem.example.com.
See External DNS for more information.
| Service | DNS Name | Address Pool | Requires CAN IP | External Port | Notes |
|---|---|---|---|---|---|
| Istio Ingress Gateway | Â | customer-access | Yes | 80/443, 8081, 8888 | Â |
| HPE Cray EX REST API | api | Â | No | Uses the IP address of Istio Ingress Gateway |
|
| Authentication | auth | Â | No | Uses the IP address of Istio Ingress Gateway |
|
| S3 | s3 | customer-access | Yes | 8080 | Â |
| External DNS | Â | customer-access | Yes | 53 | Â |
| Keycloak Gatekeeper Ingress | Â | customer-access | Yes | 443 | Â |
| Sysmgmt-health Prometheus | prometheus | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Sysmgmt-health Alert Manager | alertmanager | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Sysmgmt-health Grafana | grafana | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Istio Prometheus | prometheus-istio | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Istio Kiali | kiali-istio | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Istio Jaeger | jaeger-istio | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| VCS | vcs | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| SMA Kibana | sma-kibana | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| SMA Grafana | sma-grafana | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Nexus | nexus | Â | No | Uses the IP address of Keycloak Gatekeeper Ingress |
|
| Rsyslog Aggregator | rsyslog | customer-access | Yes | 514/8514 | Â |
| UAI | Â | customer-access | Yes (multiple) | 22 | Can be several of these each with a unique ID |
| IMS | <uid>.ims | customer-access | Yes (multiple) | 22 | Can be several of these each with a unique ID |