Run OpenShift console on port 443

2016년 3월 9일Akram Ben Aissi2분 읽기

This post was originally written by Akram Ben Aissi in his blog: http://akrambenaissi.com/2016/02/21/run-openshift-console-on-port-443/

One thing that I really like on OpenShift, is that it very often eat its own food. To my opinion, it is generally a sign of a good design, but that’s another story.
In this blog, I wanted to give a clue on how to make the OpenShift console run on port 443 by using the openshift-router facilities, service and endpoints. This could be very useful for example, if you do have some network setup preventing access to port 8443, which is often the case on corporate networks.

As a disclaimer, I want just to state that this is not (well for now) a production-proof design but, at least you can use it for demonstration purposes or simply to understand the way OpenShift externalservices works.

You will guess that the idea here, is to create an OpenShift external service pointing to the OpenShift master URL and then create a route that will be served by openshift-router to forward request to the OpenShift master itself. It this road, need to create and OpenShift Endpoint as stated by documentation.
And the final trick, is to change your masterPublicURL and master publicURL parameters in master-config.yaml OpenShift configuration to match the route’s URL.

Here is the configuration: You will need to get:
– Your master internal IP address
– A wildcard entry or DNS entry pointing to your openshift-router nodes (can also the be the master itself if you are running the router on master)
– That’s all

So, let’s assume the following settings:
My master’s domaine name is: pass.mycompany.com
My master’s internal IP address is: 192.168.1.1
My openshift-router runs on IP 50.50.50.50 and my DNS entry pass.mycompany.com points to it

So you need to create a Service:

apiVersion: v1

kind: Service

metadata:

  creationTimestamp: null

  labels:

  name: openshift-master

spec:

  ports:

  - name: 8443-tcp

    port: 8443

    protocol: TCP

    targetPort: 8443

  selector: {}

status:

  loadBalancer: {}

and create manually the corresponding Endpoint

apiVersion: v1

kind: Endpoints

metadata:

  creationTimestamp: null

  name: openshift-master

subsets:

- addresses:

  - ip: 192.168.1.1

  ports:

  - name: 8443-tcp

    port: 443

    protocol: TCP

And then, you need a route with a host entry point to 50.50.50.50

apiVersion: v1

kind: Route

metadata:

  creationTimestamp: null

  name: openshift-master

spec:

  host: paas.mycompany.com

  port:

    targetPort: 8443

  to:

    kind: Service

    name: openshift-master

  tls:

    termination: passthrough

status:

  ingress: null

and the last point, is to modify your master-config.yaml to change any occurrences to masterPublicURL or publicURL to
https://paas.mycompany.com:443.
Keep in mind that the certificates that you have generated for the console must be valid for the host URL you are pointing to, and must update your corsAllowedOrigins to add the new domain you are pointing to.

apiLevels:

- v1

apiVersion: v1

assetConfig:

  extensionDevelopment: false

  extensionScripts: null

  extensionStylesheets: null

  extensions: null

  loggingPublicURL: ""

  logoutURL: ""

  masterPublicURL: https://paas.mycompany.com:443

  metricsPublicURL: https://paas.mycompany.com/hawkular/metrics

  publicURL: https://paas.mycompany.com:443/console/

  servingInfo:

    bindAddress: 0.0.0.0:8443

    bindNetwork: tcp4

    certFile: master.server.crt

    clientCA: ""

    keyFile: master.server.key

    maxRequestsInFlight: 0

    namedCertificates: null

    requestTimeoutSeconds: 0

controllerLeaseTTL: 0

controllers: '*'

corsAllowedOrigins:

- 127.0.0.1

- 50.50.50.50:8443

- localhost

- paas.mycompany.com

disabledFeatures: null

...