IBM Cloud Docs
Why can't I access the Red Hat OpenShift console without a VPN on the VPC?

Why can't I access the Red Hat OpenShift console without a VPN on the VPC?

When you create a Red Hat OpenShift cluster in your Satellite location, you cannot access the Red Hat OpenShift web console, or access to the console is intermittent.

You might see an error message similar to the following:

OpenShift web console unavailable
Wait until your ingress subdomain is available before you access the OpenShift web console.

Review the following reasons why you are unable to reach the Red Hat OpenShift web console.

  • The Red Hat OpenShift web console can be accessed only after your cluster's Ingress subdomain is created. For the Ingress subdomain to be created, hosts must be assigned as worker nodes in each zone of the default worker pool in your cluster. For example, if your default worker pool spans three zones, but hosts are assigned as worker nodes to the default worker pool in only two zones, the Ingress subdomain in your cluster cannot be created, and you cannot access the web console.
  • The private IP addresses of your instances were automatically registered and added to your location's DNS record and the cluster's Ingress subdomain. This setup prevents users that are not connected to your hosts' private network from accessing the cluster from a local machine or opening the Red Hat OpenShift web console.

Choose from the following options.

Worker nodes do not exist in each zone of the default worker pool
If you use host auto assignment, attach hosts to your Satellite location in the zone where you do not have worker nodes so that hosts can be assigned to the default worker pool. If the hosts are not automatically assigned, you can also manually assign Satellite hosts in that zone to your cluster.
Host private IP addresses are used for Ingress subdomain
Connect to your hosts' private network to access to your cluster and open the Red Hat OpenShift web console. For example, you might connect to your on-premises local network, or use a VPN such as WireGuard to connect to your cloud provider's private network.

Alternatively, if your hosts have public network connectivity, you can test access to your cluster by changing your cluster's service URL and your location's DNS record to use your hosts' public IP addresses. Note that making your location and cluster subdomains available outside of your hosts' private network to your authorized cluster users is not recommended for production-level workloads.

If you are still unable to access the Red Hat OpenShift web console after completing these steps, see Debugging the OpenShift web console in the Red Hat OpenShift on IBM Cloud troubleshooting documentation.