Is there any way to use it with web console about openshift-acme HOT 12 CLOSED

I would also love to know if this is possible.

from openshift-acme.

It's not out of the box possible. One solution could be to create a route and a matching endpoint object to access the console via the router.

from openshift-acme.

One solution could be to create a route and a matching endpoint object to access the console via the router.

+1

I think in 3.9 OpenShift runs web console as a pod on master, either there is a service or you could create one selecting that pod and point the Route there.

Both of those options are fairly feasible. To do this without using a Route you'd need to provide the certificates for masters which is not easy. I want to explore few ideas there as well like mounting the secret over master certificate, plugable self serving certs, ... It will take time though.

from openshift-acme.

yes I tried to generate certificate using letsencrypt then set it for master, but it seems not feasable for me, because 80/443 ports are being used by the server, the only choice to verify and get the certificate is to use DNS txt records, which for the moment, I have no access.
It is really good idea to put the console in saperate pod , good decision for 3.9
I tried to create a route to match the console, but after I opened it up, the URL switches back to the original 8443 port console URL, which looks pretty ugly

from openshift-acme.

I think the console shouldn't redirect back if you expose it by Route. Please file a bug in https://github.com/openshift/origin/issues/new

from openshift-acme.

Okay, sometime this weekend let me do it again, then write down the exact steps , then we will see if it is bug or my mistake

from openshift-acme.

Got confused again, followed https://github.com/jmarley/openshift-console-on-port-443, but redirection happens again, not sure what went wrong, didn't even got time to enable acme for the route

from openshift-acme.

/lifecycle stale

from openshift-acme.

here is my setup for 3.11, hope that helps

kind: Service
apiVersion: v1
metadata:
  name: apiserver
  namespace: kube-system
spec:
  selector:
    openshift.io/component: api
  ports:
    - name: "443"
      protocol: TCP
      port: 443
      targetPort: 8443
  type: ClusterIP

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: api.<your_domain>
  namespace: kube-system
  annotations:
    kubernetes.io/tls-acme: "true"
spec:
  host: api.<your_domain>
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: reencrypt
    # to get the destinationCACertificate run `openssl s_client -connect <apiserverip>:8443 -showcerts`
    destinationCACertificate: |-
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
  to:
    kind: Service
    name: apiserver

from openshift-acme.

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

from openshift-acme.

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

from openshift-acme.

@openshift-bot: Closing this issue.

from openshift-acme.