Access to on-campus resources
Services hosted on-campus will need to allow access for Container Service applications. Firewall rules for on-campus systems that your application depends upon will need to be opened to compute nodes within the OpenShift cluster. The full subnet range will need to be specified, as nodes could have any IP in the range.
In the production cluster https://containers.it.umich.edu your application could have any IP within this range:
- 10.196.40.0/23
- 10.196.42.0/23
- 10.196.44.0/23
In the non-production cluster https://containersnp.it.umich.edu your application could have any IP within this range:
- 10.196.48.0/23
- 10.196.50.0/23
- 10.196.52.0/23
Access to Public Internet Resources
An IP address is configured as the outbound address for all traffic emanating from the OpenShift cluster to the public Internet. Firewall rules may need to be adjusted on non-campus resources to allow access via this IP.
For the production cluster, that IP is:
52.14.160.190
For the non-production cluster, that IP is:
18.216.218.151
Accessing Services in Other OpenShift Projects
By default, pods running within the OpenShift cluster will only have direct access to services running in the same project. However, Container Service personnel can join networks of two or more other projects. this allows pods running within one project to directly access services within another project. Please request this from Container Service personnel by sending an email to: its-container-service-support@umich.edu.