Forum Discussion
NimbostratusHealth Monitor unable to connect to OpenShift Router
Hi,
We have F5 VS routing traffic to a service behind OpenShift Router ( We are not using F55 CIS ). The OpenShift Route is configured as TLS Passthrough. I want to re-encrypt TLS at F5.
In case of TLS Passthrough configuration OpenShift Router determines the route based on TLS Client Hello hostname.
So I have OPS Route with host name “my-tls-passthrough-service.com” and I have F5 VS with hostname “my-f5vs.com” and a pool with single member pointing to OPS Router IP and port 443 . I have configured Client and Server SSL profiles. Also, in server SSL profile I have set “Server Name” attribute to “my-tls-passthrough-service.com” .
Everything works as expected – the request reaches the service through F5 .
The problem I have is when I configure Health Monitor. The generic HTTPS monitor doesn’t help as it checks the status of OPS Router , not the service behind it. But when I add ServerSSL profile to Health check monitor I get pool member marked down and message in local traffic log “Unable to connect “
Can you please help - without health monitor the set up is useless
4 Replies
- BramsBytes
Cirrus
In our environment we use custom HTTPS monitors where we specify the Host: header. This allows the OpenShift router to reach the application.
GET /favicon.ico HTTP/1.1\r\nHost: my-tls-passtrough-service.com\r\nConnection: Close\r\n\r\n
Genna_ReingoldHi BramsBytes
Thanks. Yes we have done it too, but it doesn't work. Not that I have expected it to work - when route in OpenShift is configured as TLS passthrough the routing host information is taken from TLS Client Hello Message not from HTTP Host Header- BramsBytes
I see, and in the ServerSSL profile you did also specify the Server Name to be used for Client Hello?
