How to run Che on Openshift 3.11 in a local network
See original GitHub issueAfter reading: https://github.com/eclipse/che/issues/16280 i still was unable to start eclipse, using:
chectl server:start -n=che --platform=openshift --installer=operator --tls --self-signed-cert --che-operator-cr-patch-yaml=./patch.yaml
Inside patch.yaml
spec:
server:
selfSignedCert: true
tlsSupport: true
From log the error is:
Exception while retrieving OpenId configuration from endpoint: https://keycloak-che.192.168.69.245.nip.io/auth/realms/che/.well-known/openid-configuration
Using wget the URL is working (apart an unsigned certificate exception).
I’ve created certs and installed with:
CA_CN=eclipse-che-signer
DOMAIN=*.192.168.69.245.nip.io
OPENSSL_CNF=/etc/ssl/openssl.cnf
openssl genrsa -out rootCA.key 4096
openssl req -x509 \
-new -nodes \
-key rootCA.key \
-sha256 \
-days 1024 \
-out rootCA.crt \
-subj /CN=${CA_CN} \
-reqexts SAN \
-extensions SAN \
-config <(cat ${OPENSSL_CNF} \
<(printf '[SAN]\nbasicConstraints=critical, CA:TRUE\nkeyUsage=keyCertSign, cRLSign, digitalSignature, keyEncipherment'))
openssl genrsa -out domain.key 2048
openssl req -new -sha256 \
-key domain.key \
-subj "/O=EclipseChe/CN=${DOMAIN}" \
-reqexts SAN \
-config <(cat ${OPENSSL_CNF} \
<(printf "\n[SAN]\nsubjectAltName=DNS:${DOMAIN}\nbasicConstraints=critical, CA:FALSE\nkeyUsage=keyCertSign, digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth")) \
-out domain.csr
openssl x509 \
-req \
-sha256 \
-extfile <(printf "subjectAltName=DNS:${DOMAIN}\nbasicConstraints=critical, CA:FALSE\nkeyUsage=keyCertSign, digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth") \
-days 365 \
-in domain.csr \
-CA rootCA.crt \
-CAkey rootCA.key \
-CAcreateserial -out domain.crt
oc login -u system:admin --insecure-skip-tls-verify=true
oc project default
oc delete secret router-certs
cat domain.crt domain.key > minishift.crt
oc create secret tls router-certs --key=domain.key --cert=minishift.crt
oc rollout latest router
oc create namespace che
cp rootCA.crt ca.crt
oc create secret generic self-signed-certificate --from-file=ca.crt -n=che
Openshift is running on a Ubuntu 18.04 server pristine VM.
Issue Analytics
- State:
- Created 4 years ago
- Comments:25 (14 by maintainers)
Top Results From Across the Web
Managing Networking | OpenShift Container Platform 3.11
cluster.local ). For example, to access a service named db in a project myproject , use db.myproject.svc.
Read more >Configuring Clusters OpenShift Container Platform 3.11
Deploying the Registry. To deploy the integrated container image registry, use the oc adm registry command as a user with cluster administrator privileges....
Read more >OpenShift Container Platform 3.11 Configuring Clusters
Use these topics for the one-time tasks required to get OpenShift up and running. ... CHANGING THE VXLAN PORT FOR THE CLUSTER NETWORK....
Read more >Chapter 7. Master and Node Configuration
The method you use to configure your master and node configuration files must match the method that was used to install your OpenShift...
Read more >Chapter 5. Networking OpenShift Container Platform 3.11
If you are running multiple services, such as frontend and backend services for ... 4484 node.go:197] Started Kubelet for node openshiftdev.local, server at ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ultrafab thank you for this issue and for being active in the resolution process!
I am changing the title as the problem doesn’t related to TLS.
@mmorhun update it works now
referring to docs in: https://docs.openshift.com/container-platform/3.11/install/prerequisites.html i’ve found that Openshift 3.11 just inject DNS servers found in
/etc/resolv.conf
of host machines.I’ve create a static
/etc/resolv.conf
in Ubunu 18.04 host. so it’s not rewritten and added the IP address of the private DNS i’ve setup.Now Eclipse CHE starts and it’s reachable via
https://che-che.[privatedomain.lan]
Now i’m testing if it’s fully functional