Pathfinder OpenShift specific implementation notes:
- SDN uses the ovs-multitenant SDN plug-in for configuring the pod network.
- Pathfinder OpenShift is not using the F5 plugin.
RouteSwithin OpenShift (similar to
Ingress) are using the OpenShift-provided HA Proxy functionality. The frontend, Internet-facing load balancer located outside of OpenShift is an F5 (on IP .209) which is simply configured to forward traffic to the HA Proxy instances. The F5 is not tightly integrated with OpenShift.
- CIDR Range 188.8.131.52/26; Netmask 255.255.255.192; Wildcard Bits 0.0.0.63; First IP 184.108.40.206; Last IP 220.127.116.11
- OpenShift servers are in
VLAN 138in Kamloops
- Firewall Object:
OCIO-PF-PROD-DMZ(used as SOURCE)
- Private Network IP Range: 18.104.22.168/16
Access (ingress) points:
- console.pathfinder.gov.bc.ca:8443 - (22.214.171.124) API and web UI
- .pathfinder.gov.bc.ca:80/443 - (126.96.36.199) internet accessible application routes; there is an Entrust wildcard SSL cert for this.
- .pathfinder.bcgov:80/443 (188.8.131.52) - internal-only accessible routes; there is currently NO wildcard SSL cert for this
- BCGov IP 142 Subnets (https://whois.arin.net/rest/org/PBC-51-Z/nets): 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/16 188.8.131.52/16 184.108.40.206/16 220.127.116.11/16 18.104.22.168/16