Systems that do not support CMN/CAN/CHN will not have services provisioned with external IP addresses on CMN/CAN/CHN. Kubernetes will report a <pending> status for the external IP address of the service experiencing connectivity issues.
If SSH access to a non-compute node (NCN) is available, it is possible to override resolution of external hostnames and forward local ports into the cluster for the cluster IP address of the corresponding service.
WARNING: This will bypass the OAuth2 Proxy and Istio ingress gateway, which handle authentication and authorization.
Enable systems without CMN to provision services with external hostnames.
The Customer Management Network (CMN) is not supported on the system.
Search for the VirtualService object that corresponds to the desired service.
The command below will list all external hostnames.
kubectl get vs -A | grep -v '[*]'
Example output:
NAMESPACE NAME GATEWAYS HOSTS AGE
istio-system kiali [services/services-gateway] [kiali-istio.cmn.SYSTEM_DOMAIN_NAME] 2d16h
nexus nexus [services/services-gateway] [packages.local registry.local nexus.cmn.SYSTEM_DOMAIN_NAME] 2d16h
services gitea-vcs-external [services/services-gateway] [vcs.cmn.SYSTEM_DOMAIN_NAME] 2d16h
services sma-grafana [services-gateway] [sma-grafana.cmn.SYSTEM_DOMAIN_NAME] 2d16h
services sma-kibana [services-gateway] [sma-kibana.cmn.SYSTEM_DOMAIN_NAME] 2d16h
sysmgmt-health cray-sysmgmt-health-alertmanager [services/services-gateway] [alertmanager.cmn.SYSTEM_DOMAIN_NAME] 2d16h
sysmgmt-health cray-sysmgmt-health-grafana [services/services-gateway] [grafana.cmn.SYSTEM_DOMAIN_NAME] 2d16h
sysmgmt-health cray-sysmgmt-health-prometheus [services/services-gateway] [vmselect.cmn.SYSTEM_DOMAIN_NAME] 2d16h
Lookup the cluster IP and port for service.
The example below is for the cray-sysmgmt-health-kube-p-prometheus service.
kubectl -n sysmgmt-health get service cray-sysmgmt-health-kube-p-prometheus
Example output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cray-sysmgmt-health-grafana ClusterIP 10.25.124.159 <none> 9090/TCP 23h
Setup port forwarding from a laptop or workstation to access the service.
Use the cluster IP and port for the service obtained in the previous step. If the port is unprivileged, use the same port number on the local side.
Replace the cluster IP, port, and system name values in the example below.
# ssh -L 9090:10.25.124.159:9090 root@SYSTEM_NCN_DOMAIN_NAME
Visit http://localhost:9090/ in a laptop or workstation browser.
There is no clusterip for vmselect due to headless service
Below are the steps to access headless service
a) Lookup the service and port for vmselect service
The example below is for the vmselect-vms service.
kubectl -n sysmgmt-health get service vmselect-vms
Example output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
vmselect-vms ClusterIP None <none> 8481/TCP 14d
Use kubectl port-forward to connect to a vmselect server running in a Kubernetes cluster
kubectl port-forward -n sysmgmt-health service/vmselect-vms 8082:8481
Setup port forwarding from a laptop or workstation to access the service.
Use the cluster IP and port for the service obtained in the previous step. If the port is unprivileged, use the same port number on the local side.
Replace the cluster IP, port, and system name values in the example below.
# ssh -L 9090:10.25.124.159:8082 root@SYSTEM_NCN_DOMAIN_NAME
b Visit http://localhost:9090/ in a laptop or workstation browser.