Re: nginx in front of haproxy ?
It was actually needed to rewrite the master-config.yaml in this other way, basically removing all the :8443 strings in the 'public' fields, i.e. to make it implicitly appear as :443 admissionConfig: pluginConfig: BuildDefaults: configuration: apiVersion: v1 env: [] kind: BuildDefaultsConfig resources: limits: {} requests: {} BuildOverrides: configuration: apiVersion: v1 kind: BuildOverridesConfig PodPreset: configuration: apiVersion: v1 disable: false kind: DefaultAdmissionConfig openshift.io/ImagePolicy: configuration: apiVersion: v1 executionRules: - matchImageAnnotations: - key: images.openshift.io/deny-execution value: 'true' name: execution-denied onResources: - resource: pods - resource: builds reject: true skipOnResolutionFailure: true kind: ImagePolicyConfig aggregatorConfig: proxyClientInfo: certFile: aggregator-front-proxy.crt keyFile: aggregator-front-proxy.key apiLevels: - v1 apiVersion: v1 assetConfig: extensionScripts: - /etc/origin/master/openshift-ansible-catalog-console.js logoutURL: "" masterPublicURL: https://hosting.wfp.org< metricsPublicURL: https://metrics.hosting.wfp.org/hawkular/metrics publicURL: https://hosting.wfp.org/console/< servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 authConfig: requestHeader: clientCA: front-proxy-ca.crt clientCommonNames: - aggregator-front-proxy extraHeaderPrefixes: - X-Remote-Extra- groupHeaders: - X-Remote-Group usernameHeaders: - X-Remote-User controllerConfig: election: lockName: openshift-master-controllers serviceServingCert: signer: certFile: service-signer.crt keyFile: service-signer.key controllers: '*' corsAllowedOrigins: - (?i)//127\.0\.0\.1(:|\z) - (?i)//localhost(:|\z) - (?i)//10\.11\.41\.85(:|\z) - (?i)//kubernetes\.default(:|\z) - (?i)//kubernetes\.default\.svc\.cluster\.local(:|\z) - (?i)//kubernetes(:|\z) - (?i)//openshift\.default(:|\z) - (?i)//hosting\.wfp\.org(:|\z) - (?i)//openshift\.default\.svc(:|\z) - (?i)//172\.30\.0\.1(:|\z) - (?i)//wfpromshap21\.global\.wfp\.org(:|\z) - (?i)//openshift\.default\.svc\.cluster\.local(:|\z) - (?i)//kubernetes\.default\.svc(:|\z) - (?i)//openshift(:|\z) dnsConfig: bindAddress: 0.0.0.0:8053 bindNetwork: tcp4 etcdClientInfo: ca: master.etcd-ca.crt certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: - https://wfpromshap21.global.wfp.org:2379 - https://wfpromshap22.global.wfp.org:2379 - https://wfpromshap23.global.wfp.org:2379 etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io kubernetesStorageVersion: v1 openShiftStoragePrefix: openshift.io openShiftStorageVersion: v1 imageConfig: format: openshift/origin-${component}:${version} latest: false kind: MasterConfig kubeletClientInfo: ca: ca-bundle.crt certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 kubernetesMasterConfig: apiServerArguments: runtime-config: - apis/settings.k8s.io/v1alpha1=true storage-backend: - etcd3 storage-media-type: - application/vnd.kubernetes.protobuf controllerArguments: masterCount: 3 masterIP: 10.11.41.85 podEvictionTimeout: proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerArguments: schedulerConfigFile: /etc/origin/master/scheduler.json servicesNodePortRange: "" servicesSubnet: 172.30.0.0/16 staticNodeNames: [] masterClients: externalKubernetesClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 400 contentType: application/vnd.kubernetes.protobuf qps: 200 externalKubernetesKubeConfig: "" openshiftLoopbackClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 600 contentType: application/vnd.kubernetes.protobuf qps: 300 openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: https://hosting.wfp.org< networkConfig: clusterNetworkCIDR: 10.128.0.0/14 clusterNetworks: - cidr: 10.128.0.0/14 hostSubnetLength: 9 externalIPNetworkCIDRs: - 0.0.0.0/0 hostSubnetLength: 9 networkPluginName: redhat/openshift-ovs-multitenant serviceNetworkCIDR: 172.30.0.0/16 oauthConfig: assetPublicURL: https://hosting.wfp.org/console/ grantConfig: method: auto identityProviders: - challenge: true login: true mappingMethod: claim name: htpasswd_auth provider: apiVersion: v1 file: /etc/origin/master/htpasswd kind:
Openshift on AWS using Terraform
Hello Krzysztof, We started with this guide https://github.com/dwmkerr/terraform-aws-openshift to install on aws. We have since broken a lot of it out into separate modules and modified it as needed, but it was a decent starting point. Thanks, Todd The information contained in this message, and any attachments thereto, is intended solely for the use of the addressee(s) and may contain confidential and/or privileged material. Any review, retransmission, dissemination, copying, or other use of the transmitted information is prohibited. If you received this in error, please contact the sender and delete the material from any computer. UNIGROUP.COM ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
nginx in front of haproxy ?
Hello as our load balancer I've to setup nginx 1.13.8 configured in HA on 2 nodes by Keepalived in front of our 3 masters Origin 3.7 containerized installation ; seemingly on the 3 masters the master-config.yaml got configured fine by the Ansible run : admissionConfig: pluginConfig: BuildDefaults: configuration: apiVersion: v1 env: [] kind: BuildDefaultsConfig resources: limits: {} requests: {} BuildOverrides: configuration: apiVersion: v1 kind: BuildOverridesConfig PodPreset: configuration: apiVersion: v1 disable: false kind: DefaultAdmissionConfig openshift.io/ImagePolicy: configuration: apiVersion: v1 executionRules: - matchImageAnnotations: - key: images.openshift.io/deny-execution value: 'true' name: execution-denied onResources: - resource: pods - resource: builds reject: true skipOnResolutionFailure: true kind: ImagePolicyConfig aggregatorConfig: proxyClientInfo: certFile: aggregator-front-proxy.crt keyFile: aggregator-front-proxy.key apiLevels: - v1 apiVersion: v1 assetConfig: extensionScripts: - /etc/origin/master/openshift-ansible-catalog-console.js logoutURL: "" masterPublicURL: https://hosting.wfp.org:8443< metricsPublicURL: https://metrics.hosting.wfp.org/hawkular/metrics publicURL: https://hosting.wfp.org:8443/console/ < servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 authConfig: requestHeader: clientCA: front-proxy-ca.crt clientCommonNames: - aggregator-front-proxy extraHeaderPrefixes: - X-Remote-Extra- groupHeaders: - X-Remote-Group usernameHeaders: - X-Remote-User controllerConfig: election: lockName: openshift-master-controllers serviceServingCert: signer: certFile: service-signer.crt keyFile: service-signer.key controllers: '*' corsAllowedOrigins: - (?i)//127\.0\.0\.1(:|\z) - (?i)//localhost(:|\z) - (?i)//10\.11\.41\.85(:|\z) - (?i)//kubernetes\.default(:|\z) - (?i)//kubernetes\.default\.svc\.cluster\.local(:|\z) - (?i)//kubernetes(:|\z) - (?i)//openshift\.default(:|\z) - (?i)//hosting\.wfp\.org(:|\z) - (?i)//openshift\.default\.svc(:|\z) - (?i)//172\.30\.0\.1(:|\z) - (?i)//wfpromshap21\.global\.wfp\.org(:|\z) - (?i)//openshift\.default\.svc\.cluster\.local(:|\z) - (?i)//kubernetes\.default\.svc(:|\z) - (?i)//openshift(:|\z) dnsConfig: bindAddress: 0.0.0.0:8053 bindNetwork: tcp4 etcdClientInfo: ca: master.etcd-ca.crt certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: - https://wfpromshap21.global.wfp.org:2379 - https://wfpromshap22.global.wfp.org:2379 - https://wfpromshap23.global.wfp.org:2379 etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io kubernetesStorageVersion: v1 openShiftStoragePrefix: openshift.io openShiftStorageVersion: v1 imageConfig: format: openshift/origin-${component}:${version} latest: false kind: MasterConfig kubeletClientInfo: ca: ca-bundle.crt certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 kubernetesMasterConfig: apiServerArguments: runtime-config: - apis/settings.k8s.io/v1alpha1=true storage-backend: - etcd3 storage-media-type: - application/vnd.kubernetes.protobuf controllerArguments: masterCount: 3 masterIP: 10.11.41.85 podEvictionTimeout: proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerArguments: schedulerConfigFile: /etc/origin/master/scheduler.json servicesNodePortRange: "" servicesSubnet: 172.30.0.0/16 staticNodeNames: [] masterClients: externalKubernetesClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 400 contentType: application/vnd.kubernetes.protobuf qps: 200 externalKubernetesKubeConfig: "" openshiftLoopbackClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 600 contentType: application/vnd.kubernetes.protobuf qps: 300 openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: https://hosting.wfp.org:8443< networkConfig: clusterNetworkCIDR: 10.128.0.0/14 clusterNetworks: - cidr: 10.128.0.0/14 hostSubnetLength: 9 externalIPNetworkCIDRs: - 0.0.0.0/0 hostSubnetLength: 9 networkPluginName: redhat/openshift-ovs-multitenant serviceNetworkCIDR: 172.30.0.0/16 oauthConfig: assetPublicURL: https://hosting.wfp.org:8443/console/< grantConfig: method: auto identityProviders: - challenge: true login: true mappingMethod: claim name: htpasswd_auth