Multiple wildcard DNS values in an OpenShift clusteropenshift + wordpress + gitDeploying a local django app using openshiftOpenShift docker registry can't pull an image from registry-1.docker.ioHow do I make an existing OpenShift node a GlusterFS node?Persistent Volume and OpenShift 3.11openshift secret token expiryoc cluster up now will not restartAccess openshift cluster available in a VM from host network
How do we separate rules of logic from non-logical constraints?
Does Latin have any neuter words for humans?
Most elegant way to write a one-shot 'if'
Why would anyone even use a Portkey?
Which is better for keeping data: primary partition or logical partition?
How can I tell what kind of genitals people have without gender?
Preferred word for "preferred", "target", "chosen" in end user support documentation
Thin wall to block LED light from hitting photodiode?
Put my student loan in parents’ second mortgage - help?
Adjective for 'made of pus' or 'corrupted by pus' or something of something of pus
How do I tell the reader that my character is autistic in Fantasy?
Could human civilization live 150 years in a nuclear-powered aircraft carrier colony without resorting to mass killing/ cannibalism?
If two black hole event horizons overlap (touch) can they ever separate again?
I need help with pasta
Why was Mal so quick to drop Bester in favour of Kaylee?
Sacrifice blocking creature before damage is dealt no longer working (MtG Arena)?
Variable dimensional integrals
Could this problem be tackled using Mathematica?
Why wasn't EBCDIC designed with contiguous alphanumeric characters?
How is this practical and very old scene shot?
The warming up game
Using “ser” without "un/una"?
How receiver knows the exact frequency in the channel to "listen to"?
Just graduated with a master’s degree, but I internalised nothing
Multiple wildcard DNS values in an OpenShift cluster
openshift + wordpress + gitDeploying a local django app using openshiftOpenShift docker registry can't pull an image from registry-1.docker.ioHow do I make an existing OpenShift node a GlusterFS node?Persistent Volume and OpenShift 3.11openshift secret token expiryoc cluster up now will not restartAccess openshift cluster available in a VM from host network
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
The OpenShift installation manual details the use of a wildcard DNS that will be appended to the route URLs. It is setup in the Ansible hosts file, e.g:
openshift_master_default_subdomain=cloud.myorg.com
I have been working in several clients where, while there is only one OCP cluster, they have different subdomains, depending on the environment (OCP Projects). For instance:
project: departament1-dev
subdomain: clouddev.myorg.com
App URL: myapp-department1-dev.clouddev.myorg.com
project: departament1-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department1-uat.cloudpre.myorg.com
project: departament1-pro
subdomain: cloud.myorg.com
App URL: myapp-department1-pro.cloud.myorg.com
project: departament2-dev
subdomain: clouddev.myorg.com
App URL: myapp-department2-dev.clouddev.myorg.com
project: departament2-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department2-uat.cloudpre.myorg.com
project: departament2-pro
subdomain: cloud.myorg.com
App URL: myapp-department2-pro.cloud.myorg.com
1) How can I configure multiple subdomains in a cluster (associated to OCP projects)?
2) Is that a good practice? I sounds like a good way to distinguish environments directly in the URL.
openshift openshift-origin okd
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
add a comment |
The OpenShift installation manual details the use of a wildcard DNS that will be appended to the route URLs. It is setup in the Ansible hosts file, e.g:
openshift_master_default_subdomain=cloud.myorg.com
I have been working in several clients where, while there is only one OCP cluster, they have different subdomains, depending on the environment (OCP Projects). For instance:
project: departament1-dev
subdomain: clouddev.myorg.com
App URL: myapp-department1-dev.clouddev.myorg.com
project: departament1-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department1-uat.cloudpre.myorg.com
project: departament1-pro
subdomain: cloud.myorg.com
App URL: myapp-department1-pro.cloud.myorg.com
project: departament2-dev
subdomain: clouddev.myorg.com
App URL: myapp-department2-dev.clouddev.myorg.com
project: departament2-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department2-uat.cloudpre.myorg.com
project: departament2-pro
subdomain: cloud.myorg.com
App URL: myapp-department2-pro.cloud.myorg.com
1) How can I configure multiple subdomains in a cluster (associated to OCP projects)?
2) Is that a good practice? I sounds like a good way to distinguish environments directly in the URL.
openshift openshift-origin okd
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
add a comment |
The OpenShift installation manual details the use of a wildcard DNS that will be appended to the route URLs. It is setup in the Ansible hosts file, e.g:
openshift_master_default_subdomain=cloud.myorg.com
I have been working in several clients where, while there is only one OCP cluster, they have different subdomains, depending on the environment (OCP Projects). For instance:
project: departament1-dev
subdomain: clouddev.myorg.com
App URL: myapp-department1-dev.clouddev.myorg.com
project: departament1-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department1-uat.cloudpre.myorg.com
project: departament1-pro
subdomain: cloud.myorg.com
App URL: myapp-department1-pro.cloud.myorg.com
project: departament2-dev
subdomain: clouddev.myorg.com
App URL: myapp-department2-dev.clouddev.myorg.com
project: departament2-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department2-uat.cloudpre.myorg.com
project: departament2-pro
subdomain: cloud.myorg.com
App URL: myapp-department2-pro.cloud.myorg.com
1) How can I configure multiple subdomains in a cluster (associated to OCP projects)?
2) Is that a good practice? I sounds like a good way to distinguish environments directly in the URL.
openshift openshift-origin okd
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
The OpenShift installation manual details the use of a wildcard DNS that will be appended to the route URLs. It is setup in the Ansible hosts file, e.g:
openshift_master_default_subdomain=cloud.myorg.com
I have been working in several clients where, while there is only one OCP cluster, they have different subdomains, depending on the environment (OCP Projects). For instance:
project: departament1-dev
subdomain: clouddev.myorg.com
App URL: myapp-department1-dev.clouddev.myorg.com
project: departament1-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department1-uat.cloudpre.myorg.com
project: departament1-pro
subdomain: cloud.myorg.com
App URL: myapp-department1-pro.cloud.myorg.com
project: departament2-dev
subdomain: clouddev.myorg.com
App URL: myapp-department2-dev.clouddev.myorg.com
project: departament2-uat
subdomain: cloudpre.myorg.com
App URL: myapp-department2-uat.cloudpre.myorg.com
project: departament2-pro
subdomain: cloud.myorg.com
App URL: myapp-department2-pro.cloud.myorg.com
1) How can I configure multiple subdomains in a cluster (associated to OCP projects)?
2) Is that a good practice? I sounds like a good way to distinguish environments directly in the URL.
openshift openshift-origin okd
openshift openshift-origin okd
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
asked Mar 25 at 14:06
codependentcodependent
8,20110 gold badges66 silver badges142 bronze badges
8,20110 gold badges66 silver badges142 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
This can be solved with extra DNS entries and custom route configuration.
The wildcard subdomain set up during OpenShift installation is mostly for developer convenience and to reduce the operational complexity of needing to request separate DNS entries and certificates per OpenShift route. Operations teams can just set up a single wildcard dns name and certificate and the rest is taken care of for all future applications.
It is not required however that all routes use the wildcard subdomain DNS name, and in fact this is not what is recommended for production use-cases for security reasons (as evidenced by the fact that the IETF recommends against using wildcard certificates). You can use any DNS name you like for a given route as long as the value matches what is configured in the Route's spec.host field and the DNS name resolves to the OpenShift hosts running the HAProxy router.
Unfortunately you can only configure a single routing subdomain in the master-config.yml file on the OpenShift master hosts, so in your case every other wildcard route will have to be manually included in those route definitions, but multiple wildcard DNS entries at least cuts down on the number of DNS records/tickets.
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55339663%2fmultiple-wildcard-dns-values-in-an-openshift-cluster%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This can be solved with extra DNS entries and custom route configuration.
The wildcard subdomain set up during OpenShift installation is mostly for developer convenience and to reduce the operational complexity of needing to request separate DNS entries and certificates per OpenShift route. Operations teams can just set up a single wildcard dns name and certificate and the rest is taken care of for all future applications.
It is not required however that all routes use the wildcard subdomain DNS name, and in fact this is not what is recommended for production use-cases for security reasons (as evidenced by the fact that the IETF recommends against using wildcard certificates). You can use any DNS name you like for a given route as long as the value matches what is configured in the Route's spec.host field and the DNS name resolves to the OpenShift hosts running the HAProxy router.
Unfortunately you can only configure a single routing subdomain in the master-config.yml file on the OpenShift master hosts, so in your case every other wildcard route will have to be manually included in those route definitions, but multiple wildcard DNS entries at least cuts down on the number of DNS records/tickets.
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
add a comment |
This can be solved with extra DNS entries and custom route configuration.
The wildcard subdomain set up during OpenShift installation is mostly for developer convenience and to reduce the operational complexity of needing to request separate DNS entries and certificates per OpenShift route. Operations teams can just set up a single wildcard dns name and certificate and the rest is taken care of for all future applications.
It is not required however that all routes use the wildcard subdomain DNS name, and in fact this is not what is recommended for production use-cases for security reasons (as evidenced by the fact that the IETF recommends against using wildcard certificates). You can use any DNS name you like for a given route as long as the value matches what is configured in the Route's spec.host field and the DNS name resolves to the OpenShift hosts running the HAProxy router.
Unfortunately you can only configure a single routing subdomain in the master-config.yml file on the OpenShift master hosts, so in your case every other wildcard route will have to be manually included in those route definitions, but multiple wildcard DNS entries at least cuts down on the number of DNS records/tickets.
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
add a comment |
This can be solved with extra DNS entries and custom route configuration.
The wildcard subdomain set up during OpenShift installation is mostly for developer convenience and to reduce the operational complexity of needing to request separate DNS entries and certificates per OpenShift route. Operations teams can just set up a single wildcard dns name and certificate and the rest is taken care of for all future applications.
It is not required however that all routes use the wildcard subdomain DNS name, and in fact this is not what is recommended for production use-cases for security reasons (as evidenced by the fact that the IETF recommends against using wildcard certificates). You can use any DNS name you like for a given route as long as the value matches what is configured in the Route's spec.host field and the DNS name resolves to the OpenShift hosts running the HAProxy router.
Unfortunately you can only configure a single routing subdomain in the master-config.yml file on the OpenShift master hosts, so in your case every other wildcard route will have to be manually included in those route definitions, but multiple wildcard DNS entries at least cuts down on the number of DNS records/tickets.
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
This can be solved with extra DNS entries and custom route configuration.
The wildcard subdomain set up during OpenShift installation is mostly for developer convenience and to reduce the operational complexity of needing to request separate DNS entries and certificates per OpenShift route. Operations teams can just set up a single wildcard dns name and certificate and the rest is taken care of for all future applications.
It is not required however that all routes use the wildcard subdomain DNS name, and in fact this is not what is recommended for production use-cases for security reasons (as evidenced by the fact that the IETF recommends against using wildcard certificates). You can use any DNS name you like for a given route as long as the value matches what is configured in the Route's spec.host field and the DNS name resolves to the OpenShift hosts running the HAProxy router.
Unfortunately you can only configure a single routing subdomain in the master-config.yml file on the OpenShift master hosts, so in your case every other wildcard route will have to be manually included in those route definitions, but multiple wildcard DNS entries at least cuts down on the number of DNS records/tickets.
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
answered Mar 28 at 19:11
NickNick
6535 silver badges16 bronze badges
6535 silver badges16 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55339663%2fmultiple-wildcard-dns-values-in-an-openshift-cluster%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
