Repository for use a LB proxy for OSD in GCP and expose the API using port 443 instead 6443.
- Install Google Auth Python3 lib:
pip3 install --user google-auth
- Generate the certificate with the Let’s Encrypt certification authority (CA), this can be done for example with certbot, but can be used any ACME client implementations:
certbot certonly --manual -d <domain> --preferred-challenges dns --preferred-chain 'ISRG Root X1'
- Install OSD in GCP cluster following the official documentation.
- Execute the Ansible Playbooks for deploy all the GCP infrastructure requirements:
ansible-playbook osd-api-proxy.yml -vv
- You need to create a DNS record of type A with the global static IP address generated, pointing to your custom domain that matches to the SSL Certificate generated.
- Access to the OSD cluster through the Load Balancer acting as a proxy and using the 443 port:
oc login --token=<token> --server=https://<domain>:443