Configuring the Db2 NodePort with an HA Proxy

If you use an external infrastructure node to route external Db2 traffic into the Red Hat® OpenShift® cluster, the cluster might be in a private zone and you need to configure an external-facing HA Proxy to route the traffic to the OpenShift nodes.

About this task

Because Db2 is externally exposed through a NodePort, the HA Proxy also needs to expose the NodePort in order to allow traffic into the cluster.

The configuration below is only applicable with an HA Proxy. For more detail about configuring networking, see Understanding networking in the OpenShift documentation.

If you don't have an HA proxy, you can use the OpenShift TLS route. For more information, see Connecting to Db2 with an OpenShift TLS route.

Procedure

  1. On the infrastructure node, open the HA Proxy configuration file located at /etc/haproxy/haproxy.cfg.
  2. Run the following command to obtain the Db2 NodePort value:
    oc get svc service-identifier -o jsonpath='{.spec.ports[*]}{"\n"}'
    {"name":"legacy-server","nodePort":31505,"port":50000,"protocol":"TCP","targetPort":50000} {"name":"ssl-server","nodePort":30414,"port":50001,"protocol":"TCP","targetPort":50001}

    Where service-identifier is the Cloud Pak for Data identifier for the Db2 service, for example c-db2wh-1651177484587666-db2u-engn-svc.

  3. Modify the haproxy.cfg file to include the OpenShift NodePort:
    frontend db2
            bind *:Db2 NodePort
            default_backend db2u
            mode tcp
            option tcplog
    backend db2u
            balance source
            mode tcp
            server master0 Master0-privateIP:Db2 NodePort check
            server master1 Master1-privateIP:Db2 NodePort check
            server master2 Master3-privateIP:Db2 NodePort check
  4. Reload HA Proxy:
    systemctl reload haproxy