rh-mobb / osd-api-proxy

Repository for use a proxy and expose the API using port 443 instead 6443

OSD in GCP API Proxy

Repository for use a LB proxy for OSD in GCP and expose the API using port 443 instead 6443.

Requirements

Install Google Auth Python3 lib:

pip3 install --user google-auth

Generate the certificate with the Let’s Encrypt certification authority (CA), this can be done for example with certbot, but can be used any ACME client implementations:

certbot certonly --manual -d <domain> --preferred-challenges dns --preferred-chain 'ISRG Root X1'

Install OSD in GCP cluster following the official documentation.

Usage

Execute the Ansible Playbooks for deploy all the GCP infrastructure requirements:

ansible-playbook osd-api-proxy.yml -vv

You need to create a DNS record of type A with the global static IP address generated, pointing to your custom domain that matches to the SSL Certificate generated.

Access to the OSD cluster using 443 port

Access to the OSD cluster through the Load Balancer acting as a proxy and using the 443 port:

oc login --token=<token> --server=https://<domain>:443

About

Repository for use a proxy and expose the API using port 443 instead 6443

GNU Affero General Public License v3.0