Comments (12)
I would also love to know if this is possible.
from openshift-acme.
It's not out of the box possible. One solution could be to create a route and a matching endpoint object to access the console via the router.
from openshift-acme.
One solution could be to create a route and a matching endpoint object to access the console via the router.
+1
I think in 3.9 OpenShift runs web console as a pod on master, either there is a service or you could create one selecting that pod and point the Route there.
Both of those options are fairly feasible. To do this without using a Route you'd need to provide the certificates for masters which is not easy. I want to explore few ideas there as well like mounting the secret over master certificate, plugable self serving certs, ... It will take time though.
from openshift-acme.
yes I tried to generate certificate using letsencrypt then set it for master, but it seems not feasable for me, because 80/443 ports are being used by the server, the only choice to verify and get the certificate is to use DNS txt records, which for the moment, I have no access.
It is really good idea to put the console in saperate pod , good decision for 3.9
I tried to create a route to match the console, but after I opened it up, the URL switches back to the original 8443 port console URL, which looks pretty ugly
from openshift-acme.
I think the console shouldn't redirect back if you expose it by Route. Please file a bug in https://github.com/openshift/origin/issues/new
from openshift-acme.
Okay, sometime this weekend let me do it again, then write down the exact steps , then we will see if it is bug or my mistake
from openshift-acme.
Got confused again, followed https://github.com/jmarley/openshift-console-on-port-443, but redirection happens again, not sure what went wrong, didn't even got time to enable acme for the route
from openshift-acme.
/lifecycle stale
from openshift-acme.
here is my setup for 3.11, hope that helps
kind: Service
apiVersion: v1
metadata:
name: apiserver
namespace: kube-system
spec:
selector:
openshift.io/component: api
ports:
- name: "443"
protocol: TCP
port: 443
targetPort: 8443
type: ClusterIP
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: api.<your_domain>
namespace: kube-system
annotations:
kubernetes.io/tls-acme: "true"
spec:
host: api.<your_domain>
tls:
insecureEdgeTerminationPolicy: Redirect
termination: reencrypt
# to get the destinationCACertificate run `openssl s_client -connect <apiserverip>:8443 -showcerts`
destinationCACertificate: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
to:
kind: Service
name: apiserver
from openshift-acme.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
/remove-lifecycle stale
from openshift-acme.
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen
.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Exclude this issue from closing again by commenting /lifecycle frozen
.
/close
from openshift-acme.
@openshift-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting
/reopen
.
Mark the issue as fresh by commenting/remove-lifecycle rotten
.
Exclude this issue from closing again by commenting/lifecycle frozen
./close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from openshift-acme.
Related Issues (20)
- Document effect of cert renewal on Route HOT 6
- Routes being deleted by openshift-acme HOT 3
- Route is missing CertKey, no exposer route created HOT 2
- Error creating new order :: too many failed authorizations HOT 5
- Exposer pods continue to run after cert is issued HOT 2
- Adding an option to have an alternate certificate chain HOT 5
- Add support for NetworkPolicy HOT 7
- OpenShift's "haproxy.router.openshift.io/rewrite-target" gets copied to exposer route HOT 4
- Exposer route gets HostAlreadyClaimed HOT 9
- Failure to apply certificate on web console HOT 5
- Publish openshift-acme as an operator in https://operatorhub.io/ HOT 2
- 'AcmeFailedOrder' Order failed: <nil> HOT 5
- Removing `DST Root CA X3` certificate from the docker image HOT 6
- Require image for ARM64 architecture HOT 1
- exposer routes rejected for a passthrough route with a secret to mount HOT 1
- certs not updating. leader-election blocked by lock? HOT 5
- Cert renewal errors and fails to recover if signing cert took too long.
- Route needs new certificate: Route is missing CertKey
- Update images at quay.io because of security issues
- Versions updated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openshift-acme.