I suggest you open a github issue too. On Mon, Oct 1, 2018 at 10:05 AM Gaurav Ojha <[email protected]> wrote:
> Basically facing two different issues. > > 1. OpenShift Origin 3.10 keeps switching between the custom named > certificate deployed and the internal certificate being used. The web > console randomly reports Server Connection Interrupted, and then switches > to the internal certificate, but a fresh loading of the page serves the > custom certificate. > 2. Even though the publicMasterURL is configured, the browser still > redirects to the masterURL > > oc v3.10.0+0c4577e-1 > kubernetes v1.10.0+b81c8f8 > features: Basic-Auth GSSAPI Kerberos SPNEGO > > Server https://lb.okd.cloud.rnoc.gatech.edu:8443 > openshift v3.10.0+fd501dd-48 > kubernetes v1.10.0+b81c8f8 > > Steps To Reproduce > > 1. Configure a publicMasterURL and a masterURL. In my case they are > publicMasterURL=okd-cluster.cloud.mydomain.com and masterURL= > lb.cloud.mydomain.com. Note that here lb refers to the load balancer > of my multi-master cluster. > 2. Deploy the certificates generated when installing through ansible. > This works fine, I can see in my master-config.yml the correct values. The > value for publicMasterURL points to okd-cluster.cloud.mydomain.com:8443 > and masterURL to lb.cloud.mydomain.com:8443. In the servingInfo, the > correct certificates are pointed to. The generated certificate has a common > name of lb.cloud.mydomain.com and an alternative name of > okd-cluster.cloud.mydomain.com. > 3. Access the web console. The certificate served is valid. > > Here, okd-cluster.cloud.mydomain.com is a CNAME to lb.cloud.mydomain.com > Current Result > > 1. Even though I enter okd-cluster.cloud.mydomain.com:8443, the > browser redirects to lb.cloud.mydomain.com:8443. I have checked and > nowhere does the publicMasterURL points to lb.cloud.mydomain.com > 2. When logged in, the console randomly throws an error saying Server > Connection Interrupted, and at times, refreshes and now reverts to the > internal certificate and serves it. This goes away if I close the browser > and reload the page. The correct certificate is again served, but again > randomly reverts to the internal certificate. > > My expectation is that once deployed, accessing > okd-cluster.cloud.mydomain.com should always use that address, and the > certificate should be served correctly always. > > Is it because comman name is same as the masterURL and the alternative > name holds the same value as the publicMasterURL ? I am not sure if this is > the case, but it would be great to get some retrospective on this problem I > am seeing. > > > Regards > > Gaurav > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
