Changing the SSL Certificate for OpenShift Console

OpenShift has an internal CA for generating certificates to authenticate intra-cluster communication, but your browser doesn’t trust this CA. Perhaps you want to fix that without mucking with the internal SSL communication? I did. Here is how.

This OpenShift doc explains how to do this, but it isn’t very clear, to me at least.

Overview

An outline of the steps:

• Only make changes to the public URLs and not any internal URLs.
• Create a namedCertificates section in both /servingInfo and /assetConfig/servingInfo sections of /etc/origin/master/master-config.yaml.
• In those repeated sections:
  • identify a certificate and key
  • identify the hostname(s) to match with that cert/key pair

Your installation may include the following hosts:

Continue reading

OpenShift High Availability - Routing

Highly availabile containers in OpenShift are baked into the cake thanks to replication controllers and service load balancing, but there are plenty of other single points of failure. Here is how to eliminate many of those.

Single Points of Failure

The components of OpenShift include:

• Master controller manager server and API endpoint
• Etcd configuration and state storage
• Docker Registry
• Router haproxy

This post is mostly about adding high availability to the routing layer.

Continue reading