How to install the Fuse console to a Minishift environment that runs OpenShift 3.11?

Environment

• Fuse on OpenShift
  • 7.6
• Fuse console
• Minishift
• OpenShift 3.11

Issue

• How to correctly install the Fuse console on Minishift running OpenShift 3.11?

Resolution

Note, this article is specifically about running the Fuse console on a Minishift environment that uses OpenShift 3.11. It does not apply to full OpenShift installation or a Minishift environment that uses an OpenShift version less than 3.11.

Further the steps presented here are specifically for the Fuse 7.6 console. However the same procedure can be applied to the Fuse console of other versions than 7.6. You just need to point to the right Fuse console template URL.

If disabling authentication in your Jolokia endpoints is not a problem, then the KCS article Unauthorized access to Jolokia API using CDK/minishift with OpenShift 3.11 describes a quick solution. However it comes at the price of less security, which may not be a problem in a Minishift based development environment.

Installing the Fuse on OpenShift console on a Minishift environment that runs OpenShift 3.11 is a bit more complex than following the standard documentation.
If the Fuse console is simply installed via the Container Catalog, it may fail to connect to any running integration pods.

To install the Fuse console to an OpenShift 3.11 based Minishift environment properly follow these steps:

First follow the chapters

• 2. Getting Started for administrators
• 2.1. Configuring Red Hat Container Registry authentication and
• 2.3. Installing Fuse imagestreams and templates on the OpenShift 3.x server
  of the Fuse on OpenShift documentation.

Then, instead of also following chapter 2.3.1. Setting up the Fuse Console on OpenShift 3.11 execute these steps.

# first login as admin user
$ oc login -u system:admin

# switch to the openshift namespace
$ oc project openshift

# get the service signing certificate authority secret
$ oc get secrets/service-serving-cert-signer-signing-key -n openshift-service-cert-signer -o "jsonpath={.data['tls\.crt']}" | base64 --decode > ca.crt
$ oc get secrets/service-serving-cert-signer-signing-key -n openshift-service-cert-signer -o "jsonpath={.data['tls\.key']}" | base64 --decode > ca.key

# the next steps will be used to generate a client side certificate that will be used by the Fuse console
# generate a private key
$ openssl genrsa -out server.key 2048

# create a configuration for new certificate generation
# note: the CN name needs to match the service name of the Fuse console
$ cat <<EOT >> csr.conf
  [ req ]
  default_bits = 2048
  prompt = no
  default_md = sha256
  distinguished_name = dn

  [ dn ]
  CN = fuse-console.fuse.svc

  [ v3_ext ]
  authorityKeyIdentifier=keyid,issuer:always
  keyUsage=keyEncipherment,dataEncipherment,digitalSignature
  extendedKeyUsage=serverAuth,clientAuth
EOT

# generate a new certificate and sign it
$ openssl req -new -key server.key -out server.csr -config csr.conf
$ openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf

# define local place holder environment variable for the application name of the Fuse console
export APP_NAME=fuse-console

# define OpenShift namespace under which to deploy the Fuse console
export PROJECT=fuse

# set the domain name of OpenShift (minishift) deployment, note the IP address may vary
export DOMAIN_NAME=192.168.64.15.nip.io

# set the cluster admin role and the cluster mode template
oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:template-instance-controller

# check if the Fuse console image can be imported successfully
oc import-image fuse7/fuse-console:1.6 --from=registry.redhat.io/fuse7/fuse-console:1.6 --confirm

# now log into OpenShift as developer
oc login -u developer

# create Fuse Console project into which the console will be deployed
oc new-project $PROJECT

# create TLS secret using the generated certificates
oc create secret tls $APP_NAME-tls-proxying --cert server.crt --key server.key

# create the Fuse console on OpenShift
oc new-app -n $PROJECT -f https://raw.githubusercontent.com/jboss-fuse/application-templates/application-templates-2.1.0.fuse-760042-redhat-00001/fuse-console-namespace-os4.json -p ROUTE_HOSTNAME=$APP_NAME.$DOMAIN_NAME -p APP_NAME=$APP_NAME

# set the OpenShift version to 3 on the deployment config
oc set env deploymentconfig/$APP_NAME OPENSHIFT_CLUSTER_VERSION=3

These steps should deploy the Fuse console to your Minishift environment.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.