Description of problem: I would like to be able to map default SSL port 443 on an Enterprise Load Balancer back to default 8443 ports on a cluster of masters. Something like: master.ose.example.com:443 [LB] -> master[1:3].ose.example.com:8443 In order to do this, we need support for specifying a new var in the installer inventory file. Version-Release number of selected component (if applicable): 3.1
Hi Eric, I'm a little confused by the request. Today you can specify the following variables in your ansible inventory: [OSEv3:vars] openshift_master_cluster_hostname=master.ose.example.com openshift_master_cluster_public_hostname=master.ose.example.com Now if you had masters master[1:3].ose.example.com:8443 the certificates would be created to match master.ose.example.com and the Nodes would reach aster.ose.example.com:443. The job of configuring the load balancer will be on the admin though. To see an example of how this works we even have support for a reference haproxy configuration (note, this is just a single haproxy instance today so the haproxy install is not HA): [lb] master.ose.example.com openshift_ip=xxx.xxx.xxx.xxx openshift_public_ip=xxx.xxx.xxx.xxx openshift_hostname=master.ose.example.com openshift_public_hostname=master.ose.example.com
Brenton, My concern is that the URL that's ultimately written to the master for the OpenShift console includes the port number in it. I.e: assetConfig: logoutURL: "" masterPublicURL: https://master.example.com:8443 publicURL: https://master.example.com:8443/console/ So if I have 3 masters behind an F5 VIP to which master.example.com resolves, I have to have that LB VIP listen on 8443 in order for redirects in the console to work. I want to be able to leave all of my `atomic-openshift-master-api` services bound to 8443, but use 443 on the load balancer so that the publicUrl values look like: assetConfig: logoutURL: "" masterPublicURL: https://master.example.com publicURL: https://master.example.com/console/
Eric, Can you try setting these values in your inventory? openshift_master_api_port=443 openshift_master_console_port=443 Looking at the playbooks now it does appear there is a convention being enforced to keep the proxy and backend service ports the same. I'm sure we could make that more flexible if absolutely required but it would definitely make things more complicated.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days