问题描述
这是我试图用来更新已安装集群的所有路由以允许外部访问它的过程。
下面的程序对我来说似乎非常可行,但是我们遇到了一些问题,所以我希望您能帮助解决这个困扰我好几天的大问题... =|
程序:
我找到了所有具有路由...
的命名空间[root@okd4-services okd_bare_Metal]# oc get routes --all-namespaces
NAMESPACE NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
openshift-authentication oauth-openshift oauth-openshift.apps.mbr.okd.local oauth-openshift 6443 passthrough/Redirect None
openshift-console console console-openshift-console.apps.mbr.okd.local console https reencrypt/Redirect None
openshift-console downloads downloads-openshift-console.apps.mbr.okd.local downloads http edge/Redirect None
openshift-ingress-canary canary canary-openshift-ingress-canary.apps.mbr.okd.local ingress-canary 8080 edge/Redirect None
openshift-monitoring alertmanager-main alertmanager-main-openshift-monitoring.apps.mbr.okd.local alertmanager-main web reencrypt/Redirect None
openshift-monitoring grafana grafana-openshift-monitoring.apps.mbr.okd.local grafana https reencrypt/Redirect None
openshift-monitoring prometheus-k8s prometheus-k8s-openshift-monitoring.apps.mbr.okd.local prometheus-k8s web reencrypt/Redirect None
openshift-monitoring thanos-querier thanos-querier-openshift-monitoring.apps.mbr.okd.local thanos-querier web reencrypt/Redirect None
我找到了与每个命名空间相关的所有资源,并记下了路由配置路径...
[root@okd4-services okd_bare_Metal]# oc -n openshift-authentication get all
[...]
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/oauth-openshift oauth-openshift.apps.mbr.okd.local oauth-openshift 6443 passthrough/Redirect None
[root@okd4-services okd_bare_Metal]# oc -n openshift-console get all
[...]
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/console console-openshift-console.apps.mbr.okd.local console https reencrypt/Redirect None
route.route.openshift.io/downloads downloads-openshift-console.apps.mbr.okd.local downloads http edge/Redirect None
[root@okd4-services okd_bare_Metal]# oc -n openshift-ingress-canary get all
[...]
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/canary canary-openshift-ingress-canary.apps.mbr.okd.local ingress-canary 8080 edge/Redirect None
[root@okd4-services okd_bare_Metal]# oc -n openshift-monitoring get all
[...]
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/alertmanager-main alertmanager-main-openshift-monitoring.apps.mbr.okd.local alertmanager-main web reencrypt/Redirect None
route.route.openshift.io/grafana grafana-openshift-monitoring.apps.mbr.okd.local grafana https reencrypt/Redirect None
route.route.openshift.io/prometheus-k8s prometheus-k8s-openshift-monitoring.apps.mbr.okd.local prometheus-k8s web reencrypt/Redirect None
route.route.openshift.io/thanos-querier thanos-querier-openshift-monitoring.apps.mbr.okd.local thanos-querier web reencrypt/Redirect None
oc edit -n openshift-console route.route.openshift.io/console
oc edit -n openshift-console route.route.openshift.io/downloads
oc edit -n openshift-ingress-canary route.route.openshift.io/canary
oc edit -n openshift-monitoring route.route.openshift.io/alertmanager-main
oc edit -n openshift-monitoring route.route.openshift.io/grafana
oc edit -n openshift-monitoring route.route.openshift.io/prometheus-k8s
oc edit -n openshift-monitoring route.route.openshift.io/thanos-querier
换句话说,我修改了这样的东西...
apiVersion: route.openshift.io/v1
kind: Route
Metadata:
[...]
spec:
host: route-name.apps.mbr.okd.local
[...]
status:
[...]
host: route-name.apps.mbr.okd.local
[...]
...到这样的事情...
apiVersion: route.openshift.io/v1
kind: Route
Metadata:
[...]
spec:
host: route-name.apps.mbr.mydomain.net
[...]
status:
[...]
host: route-name.apps.mbr.mydomain.net
[...]
对于 route route.route.openshift.io/oauth-openshift
我需要修改 ingress...
oc edit ingress.config.openshift.io
apiVersion: config.openshift.io/v1
kind: Ingress
Metadata:
[...]
spec:
domain: apps.mbr.okd.local
[...]
...到这样的事情...
apiVersion: config.openshift.io/v1
kind: Ingress
Metadata:
[...]
spec:
domain: apps.mbr.mydomain.net
[...]
完成上述步骤后,我的所有路由都更新到了新域...
[root@okd4-services okd_bare_Metal]# oc get routes --all-namespaces
NAMESPACE NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
openshift-authentication oauth-openshift oauth-openshift.apps.mbr.mydomain.net oauth-openshift 6443 passthrough/Redirect None
openshift-console console console-openshift-console.apps.mbr.mydomain.net console https reencrypt/Redirect None
openshift-console downloads downloads-openshift-console.apps.mbr.mydomain.net downloads http edge/Redirect None
openshift-ingress-canary canary canary-openshift-ingress-canary.apps.mbr.mydomain.net ingress-canary 8080 edge/Redirect None
openshift-monitoring alertmanager-main alertmanager-main-openshift-monitoring.apps.mbr.mydomain.net alertmanager-main web reencrypt/Redirect None
openshift-monitoring grafana grafana-openshift-monitoring.apps.mbr.mydomain.net grafana https reencrypt/Redirect None
openshift-monitoring prometheus-k8s prometheus-k8s-openshift-monitoring.apps.mbr.mydomain.net prometheus-k8s web reencrypt/Redirect None
openshift-monitoring thanos-querier thanos-querier-openshift-monitoring.apps.mbr.mydomain.net thanos-querier web reencrypt/Redirect None
问题:
但是出现了以下新问题...
我可以访问新的Web 控制台 路由...
https://console-openshift-console.apps.mbr.mydomain.net/
... 然后重定向到下面的路由(旧域)...
https://oauth-openshift.apps.mbr.okd.local/oauth/authorize?client_id=console&redirect_uri=https%3A%2F%2Fconsole-openshift-console.apps.mbr.mydomain.net%2Fauth%2Fcallback&response_type=code&scope=user%3Afull&state=3ba1134a
...但是我们可以使用新的路由...
https://oauth-openshift.apps.mbr.mydomain.net/oauth/authorize?client_id=console&redirect_uri=https%3A%2F%2Fconsole-openshift-console.apps.mbr.mydomain.net%2Fauth%2Fcallback&response_type=code&scope=user%3Afull&state=3ba1134a
...这么棒的作品...
...我输入登录名、密码,点击登录,然后我被重定向到这个 URL...
https://console-openshift-console.apps.mbr.mydomain.net/error?error=invalid_code&error_type=auth
...然后重定向到这个(旧域)...
https://oauth-openshift.apps.mbr.okd.local/oauth/authorize?client_id=console&redirect_uri=https%3A%2F%2Fconsole-openshift-console.apps.mbr.mydomain.net%2Fauth%2Fcallback&response_type=code&scope=user%3Afull&state=da4a1dd0
结论:
即使我们成功地将路由更新为公开的,我们开始遇到登录问题和未更新的Web 控制台的 URL 到新域。
问题:
有人知道我们如何解决上述问题吗?
重要提示:
我 - 我们已经尝试过此过程 Customizing the web console URL ,但它不会更新所有路由,也不会更新 Web 控制台 中的 URL,并且还存在与上述相同的登录问题;
II - 我也试过这个程序 Creating a route through an Ingress object ,但同样地,在我看来它也不能解决所指出的问题。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)