"Customizing the web console URL" doesn't work

[Eduardo Lúcio Amorim Costa]

This question was originally posted here: "Customizing the web console URL" doesn't work .

I really need help with this problem. So I really appreciate anyone who can help me.

 > ----------------------------------------------------------------------------

Below is the complete procedure for "Customizing the web console URL", ie accessing the Web Console from a different domain than the cluster's internal domain (which the cluster has been installed).

NOTE: This "extra" domain is normally used for external access to the cluster.

Customizing the web console URL

 > --------------------------------------

Customizing the web console URL

You can update the web console URL, consoleURL, to a custom value.

Procedure

Modify the cluster instance created by default during installation in the consoles.operator.openshift.io custom resource:

```

$ oc patch consoles.operator.openshift.io cluster --patch '{"spec":{"route":{"hostname":"console.example.com"}}}' --type=merge

```

```

apiVersion: operator.openshift.io/v1

kind: Console

metadata:

  name: cluster

spec:

  route:

    hostname: 'console.example.com'

```

 < --------------------------------------

 > --------------------------------------

PROBLEM:

The above procedure is clearly insufficient to allow external access to the Web Console from a different domain ("external") URL.

We've done lots and lots of tests for over 12 hours and we always come up with a web page that says...

"Application is not available"

... when we try to access the Web Console from a different domain ("external") URL.

 < --------------------------------------

 > --------------------------------------

THE REAL CASE:

We can access the Web Console normally through the URL https://console-openshift-console.apps.mbr.okd.local which uses the domain okd.local with which the cluster has been installed.

However if we try to access the "Web Console" from the new URL https://console-openshift-console.apps.mbr.brlight.net which uses the domain brlight.net the error Application is not available is reported on the web page.

 < --------------------------------------

 > --------------------------------------

PROCEDURES PERFORMED:

Inform the new domain to be consumed by the Web Console...

```

oc patch consoles.operator.openshift.io cluster --type merge --patch '{"spec":{"route":{"hostname":"console.brlight.net"}}}'

```

Configure a new DNS zone (BIND 9) in the /etc/named/named.conf.local file...

```

zone "okd.local" {

    type master;

    file "/etc/named/zones/db.okd.local"; // Zone file path.

};

zone "0.3.10.in-addr.arpa" {

    type master;

    file "/etc/named/zones/db.10.3.0"; // 10.3.0.0/24 subnet.

};

zone "brlight.net" {

    type master;

    file "/etc/named/zones/fw.brlight.net"; // Zone file path.

};

```

... and in the _/etc/named/zones/fw.brlight.net_ file...

```

$TTL    604800

@   IN  SOA okd4-services.brlight.net. admin.brlight.net. (

        1       ; Serial

        604800  ; Refresh

        86400   ; Retry

        2419200 ; Expire

        604800  ; Negative Cache TTL

)

; Name servers - "NS" records.

    IN  NS  okd4-services

; Name servers - "A" records.

okd4-services.brlight.net. IN A 10.3.0.14

; OpenShift container platform cluster - "A" records.

okd4-bootstrap.mbr.brlight.net. IN  A   10.3.0.4

okd4-control-plane-1.mbr.brlight.net. IN  A   10.3.0.5

okd4-control-plane-2.mbr.brlight.net. IN  A   10.3.0.6

okd4-control-plane-3.mbr.brlight.net. IN  A   10.3.0.7

okd4-compute-1.mbr.brlight.net. IN  A   10.3.0.8

okd4-compute-2.mbr.brlight.net. IN  A   10.3.0.9

; Openshift internal cluster IPs - "A" records.

api.mbr.brlight.net.              IN  A   10.3.0.14

api-int.mbr.brlight.net.          IN  A   10.3.0.14

*.apps.mbr.brlight.net.           IN  A   10.3.0.14

etcd-0.mbr.brlight.net.           IN  A   10.3.0.5

etcd-1.mbr.brlight.net.           IN  A   10.3.0.6

etcd-2.mbr.brlight.net.           IN  A   10.3.0.7

console-openshift-console.apps.mbr.brlight.net.    IN  A   10.3.0.14

oauth-openshift.apps.mbr.brlight.net.   IN  A   10.3.0.14

; OpenShift internal cluster IPs - "SRV" records.

_etcd-server-ssl._tcp.mbr.brlight.net.    86400   IN  SRV 0   10  2380    etcd-0.mbr

_etcd-server-ssl._tcp.mbr.brlight.net.    86400   IN  SRV 0   10  2380    etcd-1.mbr

_etcd-server-ssl._tcp.mbr.brlight.net.    86400   IN  SRV 0   10  2380    etcd-2.mbr

```

The load balancer configuration (HAProxy) was kept as it was...

```

#---------------------------------------------------------------------

# Global settings.

#---------------------------------------------------------------------

global

    maxconn 20000

    log /dev/log local0 info

    chroot /var/lib/haproxy

    pidfile /var/run/haproxy.pid

    user haproxy

    group haproxy

    daemon

    # Turn on stats unix socket.

    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

# Common defaults that all the "listen" and "backend" sections will use if not designated

# in their block.

#---------------------------------------------------------------------

defaults

    log global

    maxconn 20000

    mode http

    option dontlognull

    option http-server-close

    option httplog

    option redispatch

    retries 3

    timeout check 10s

    timeout client 300s

    timeout connect 10s

    timeout http-keep-alive 10s

    timeout http-request 10s

    timeout queue 1m

    timeout server 300s

listen stats

    bind :9000

    mode http

    option forwardfor except 127.0.0.0/8

    stats enable

    stats uri /

frontend okd4_k8s_api_fe

    bind :6443

    default_backend okd4_k8s_api_be

    mode tcp

    option tcplog

backend okd4_k8s_api_be

    balance roundrobin

    mode tcp

    # server okd4-bootstrap 10.3.0.4:6443 check

    server okd4-control-plane-1 10.3.0.5:6443 check

    server okd4-control-plane-2 10.3.0.6:6443 check

    server okd4-control-plane-3 10.3.0.7:6443 check

frontend okd4_machine_config_server_fe

    bind :22623

    default_backend okd4_machine_config_server_be

    mode tcp

    option tcplog

backend okd4_machine_config_server_be

    balance roundrobin

    mode tcp

    # server okd4-bootstrap 10.3.0.4:22623 check

    server okd4-control-plane-1 10.3.0.5:22623 check

    server okd4-control-plane-2 10.3.0.6:22623 check

    server okd4-control-plane-3 10.3.0.7:22623 check

frontend okd4_http_ingress_traffic_fe

    bind *:80

    default_backend okd4_http_ingress_traffic_be

    mode tcp

    option tcplog

backend okd4_http_ingress_traffic_be

    balance roundrobin

    mode tcp

    server okd4-compute-1 10.3.0.8:80 check

    server okd4-compute-2 10.3.0.9:80 check

frontend okd4_https_ingress_traffic_fe

    bind *:443

    default_backend okd4_https_ingress_traffic_be

    mode tcp

    option tcplog

backend okd4_https_ingress_traffic_be

    balance roundrobin

    mode tcp

    server okd4-compute-1 10.3.0.8:443 check

    server okd4-compute-2 10.3.0.9:443 check

```

 < --------------------------------------

 > --------------------------------------

QUESTION: What was missing?

Thanks in advance! =D

 < ----------------------------------------------------------------------------