Getting Started on the DevOps Platform

Resources to help product team become productive as quickly and effectively as possible when using the BC Gov DevOps OpenShift platform.

Openshift Silver 4.x Networking

The Openshift 4 networking config is protected. You may view it on documize with the appropriate level of access.

OpenShift Pathfinder 3.11 Networking

Pathfinder OpenShift specific implementation notes:

  • SDN uses the ovs-multitenant SDN plug-in for configuring the pod network.
  • Pathfinder OpenShift is not using the F5 plugin. Routes within OpenShift (similar to Ingress) are using the OpenShift-provided HA Proxy functionality. The frontend, Internet-facing load balancer located outside of OpenShift is an F5 (on IP .209) which is simply configured to forward traffic to the HA Proxy instances. The F5 is not tightly integrated with OpenShift.
  • CIDR Range; Netmask; Wildcard Bits; First IP; Last IP
  • OpenShift servers are in VLAN 138 in Kamloops
  • Firewall Object: OCIO-PF-PROD-DMZ (used as SOURCE)
  • Private Network IP Range:
  • Access (ingress) points:

    • - ( API and web UI
    • - ( internet accessible application Virtual IP; there is an Entrust wildcard SSL cert for this.
    • .pathfinder.bcgov:80/443 ( - Internal facing application Virtual IP; there is currently NO wildcard SSL cert for this.

Please note: A common misconception is that using a {name}.pathfinder.bcgov name will secure your application for 'internal to BCGov' traffic. This is NOT the case. Both of the external VIPs are directing traffic to the SAME cluster ingress. To secure named routes you must add route whitelists. (ref:

  • BCGov IP 142 Subnets (
  • Create an Issue

Getting Started on the DevOps Platform

  • home
  • disclaimer
  • privacy
  • accessibility
  • copyright
  • contact us
  • Government Of BC