How to re-route the Openshift private address to a

2019-05-24 23:25发布

问题:

I set up openshift V3 all-in-one on a VM in the cloud so how can I contact it as the address is private and internal. I think I have to start Vagrand with some magic parameters but I haven't clue about them. Thanks

回答1:

When testing Openshift, I deployed the all in one VM in an Openstack instance. To be able to access Openshift, I had to change master-config.yaml configuration (which in the VM is located in /var/lib/origin/openshift.local.config/master/master-config.yaml)

Changing all references of the internal IP (10.2.2.2) to my public domain (https://my-domain.com:8443) did the trick.

I also had to regenerate the server certificates, including the public IP of my Openstack instance, this way:

oadm ca create-server-cert --cert=master.server.crt --key=master.server.key --signer-cert=/var/lib/origin/openshift.local.config/master/ca.crt --signer-key=/var/lib/origin/openshift.local.config/master/ca.key --signer-serial=/var/lib/origin/openshift.local.config/master/ca.serial.txt --hostnames=kubernetes.default.svc,kubernetes.default.svc.cluster.local,localhost,openshift.default.svc.cluster.local,127.0.0.1,10.2.2.2,yourdomain.com,yourpublicIP

Hope this helps



回答2:

Here is what I've tried (in an answer to better document my attempts)

1 -

systemctl stop origin

2 -

oadm ca create-server-cert --cert=/var/lib/origin/openshift.local.config/master/master.server.crt --key=/var/lib/origin/openshift.local.config/master/master.server.key --signer-cert=/var/lib/origin/openshift.local.config/master/ca.crt --signer-key=/var/lib/origin/openshift.local.config/master/ca.key --signer-serial=/var/lib/origin/openshift.local.config/master/ca.serial.txt --hostnames=kubernetes.default.svc,kubernetes.default.svc.cluster.local,localhost,openshift.default.svc.cluster.local,127.0.0.1,192.168.76.120

3 -

edit /var/lib/origin/openshift.local.config/master/master-config.yaml, replace all occurences of "10.2.2.2" with "192.168.76.120"

4 -

edit /etc/systemd/system/origin.service, replace "10.2.2.2" with "192.168.76.120"

5 -

systemctl daemon-reload

6 -

systemctl start origin

Following these steps, I get the following in the /var/log/messages:

Dec 29 21:12:29 localhost systemd: Starting Session 7 of user root.
Dec 29 21:13:30 localhost systemd: Starting OpenShift...
Dec 29 21:13:30 localhost openshift: W1229 16:13:30.512389    9725 start_master.go:272] Warning: assetConfig.loggingPublicURL: Invalid value: "": required to view aggregated container logs in the console, master start will continue.
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.525718    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.ClusterPolicyBinding: client: etcd cluster is unavailable or misconfigured
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.525809    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.ClusterPolicy: client: etcd cluster is unavailable or misconfigured
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.526034    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.Policy: client: etcd cluster is unavailable or misconfigured
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.526127    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.PolicyBinding: client: etcd cluster is unavailable or misconfigured
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.526417    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.Group: client: etcd cluster is unavailable or misconfigured
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.527610    9725 reflector.go:203] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/admission.go:154: Failed to list *api.LimitRange: Get https://10.2.2.2:8443/api/v1/limitranges?resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.528199    9725 reflector.go:203] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/lifecycle/admission.go:122: Failed to list *api.Namespace: Get https://10.2.2.2:8443/api/v1/namespaces?resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.530127    9725 reflector.go:203] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/admission.go:154: Failed to list *api.LimitRange: Get https://10.2.2.2:8443/api/v1/limitranges?resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.530246    9725 reflector.go:214] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go:103: Failed to list *api.ServiceAccount: Get https://10.2.2.2:8443/api/v1/serviceaccounts?resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.530309    9725 reflector.go:214] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go:119: Failed to list *api.Secret: Get https://10.2.2.2:8443/api/v1/secrets?fieldSelector=type%3Dkubernetes.io%2Fservice-account-token&resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.530494    9725 reflector.go:214] github.com/openshift/origin/vendor/k8s.io/kubernetes/plugin/pkg/admission/resourcequota/resource_access.go:83: Failed to list *api.ResourceQuota: Get https://10.2.2.2:8443/api/v1/resourcequotas?resourceVersion=0: dial tcp 10.2.2.2:8443: getsockopt: connection refused
Dec 29 21:13:30 localhost openshift: E1229 16:13:30.530524    9725 cacher.go:220] unexpected ListAndWatch error: pkg/storage/cacher.go:163: Failed to list *api.OAuthAccessToken: client: etcd cluster is unavailable or misconfigured