If you use an external infrastructure node to route external Db2 traffic
into the Red Hat®
OpenShift® cluster, the cluster might
be in a private zone and you need to configure an external-facing HA Proxy to route the traffic to
the OpenShift nodes.
About this task
Because Db2 is externally exposed through a NodePort, the HA Proxy also needs to
expose the NodePort in order to allow traffic into the cluster.
The configuration below is only applicable with an HA Proxy. For more detail about configuring
networking, see Understanding networking in the OpenShift documentation.
If you don't have an HA proxy, you can use the OpenShift TLS route. For more information, see Connecting to Db2 with an OpenShift TLS route.
Procedure
-
On the infrastructure node, open the HA Proxy configuration file located at
/etc/haproxy/haproxy.cfg.
- Run the following command to obtain the Db2 NodePort value:
oc get svc service-identifier -o jsonpath='{.spec.ports[*]}{"\n"}'
{"name":"legacy-server","nodePort":31505,"port":50000,"protocol":"TCP","targetPort":50000} {"name":"ssl-server","nodePort":30414,"port":50001,"protocol":"TCP","targetPort":50001}
Where service-identifier is the Cloud Pak for Data identifier for the Db2 service,
for example c-db2wh-1651177484587666-db2u-engn-svc.
-
Modify the haproxy.cfg file to include the OpenShift NodePort:
frontend db2
bind *:Db2 NodePort
default_backend db2u
mode tcp
option tcplog
backend db2u
balance source
mode tcp
server master0 Master0-privateIP:Db2 NodePort check
server master1 Master1-privateIP:Db2 NodePort check
server master2 Master3-privateIP:Db2 NodePort check
-
Reload HA Proxy: