This post was originally written by Akram Ben Aissi in his blog: http://akrambenaissi.com/2016/02/21/run-openshift-console-on-port-443/
One thing that I really like on OpenShift, is that it very often eat its own food. To my opinion, it is generally a sign of a good design, but that’s another story.
In this blog, I wanted to give a clue on how to make the OpenShift console run on port 443 by using the openshift-router facilities, service and endpoints. This could be very useful for example, if you do have some network setup preventing access to port 8443, which is often the case on corporate networks.
As a disclaimer, I want just to state that this is not (well for now) a production-proof design but, at least you can use it for demonstration purposes or simply to understand the way OpenShift externalservices works.
You will guess that the idea here, is to create an OpenShift external service pointing to the OpenShift master URL and then create a route that will be served by openshift-router to forward request to the OpenShift master itself. It this road, need to create and OpenShift Endpoint as stated by documentation.
And the final trick, is to change your masterPublicURL and master publicURL parameters in master-config.yaml OpenShift configuration to match the route’s URL.
Here is the configuration: You will need to get:
– Your master internal IP address
– A wildcard entry or DNS entry pointing to your openshift-router nodes (can also the be the master itself if you are running the router on master)
– That’s all
So, let’s assume the following settings:
My master’s domaine name is: pass.mycompany.com
My master’s internal IP address is: 192.168.1.1
My openshift-router runs on IP 220.127.116.11 and my DNS entry pass.mycompany.com points to it
So you need to create a Service:
- name: 8443-tcp
and create manually the corresponding Endpoint
- ip: 192.168.1.1
- name: 8443-tcp
And then, you need a route with a host entry point to 18.104.22.168
and the last point, is to modify your master-config.yaml to change any occurrences to masterPublicURL or publicURL to
Keep in mind that the certificates that you have generated for the console must be valid for the host URL you are pointing to, and must update your corsAllowedOrigins to add the new domain you are pointing to.
Your OpenShift master console should now be available on port 443
Akram Ben Aissi
Cloud and Platform Architect,
Red Hat Consulting