Re: Atomic Host support on OpenShift 3.11 and up
Master right now will be labeled 4.0 when 3.11 branches (happening right now). It’s possible we might later cut a 3.12 but no plans at the current time. Changes to master will include significant changes as the core is rewired with operators - you’ll also see much more focus on preparing openshift/installer and refractors in openshift-ansible that reduce its scope as the hand-off to operators happens. Expect churn for the next months. On Sep 6, 2018, at 6:23 PM, Daniel Comnea wrote: Clayton, 4.0 is that going to be 3.12 rebranded (if we follow the current release cycle) or 3.13 ? On Thu, Sep 6, 2018 at 2:34 PM Clayton Coleman wrote: > The successor to atomic host will be RH CoreOS and the community > variants. That is slated for 4.0. > > > On Sep 6, 2018, at 9:25 AM, Marc Ledent wrote: > > > > Hi all, > > > > I have read in the 3.10 release notes that Atomic Host is deprecated and > will nod be supported starting release 3.11. > > > > What this means? Is it advisable to migrate all Atomic host vms to > "standard" RHEL server? > > > > Kind regards, > > Marc > > > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Atomic Host support on OpenShift 3.11 and up
Clayton, 4.0 is that going to be 3.12 rebranded (if we follow the current release cycle) or 3.13 ? On Thu, Sep 6, 2018 at 2:34 PM Clayton Coleman wrote: > The successor to atomic host will be RH CoreOS and the community > variants. That is slated for 4.0. > > > On Sep 6, 2018, at 9:25 AM, Marc Ledent wrote: > > > > Hi all, > > > > I have read in the 3.10 release notes that Atomic Host is deprecated and > will nod be supported starting release 3.11. > > > > What this means? Is it advisable to migrate all Atomic host vms to > "standard" RHEL server? > > > > Kind regards, > > Marc > > > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Atomic Host support on OpenShift 3.11 and up
The successor to atomic host will be RH CoreOS and the community variants. That is slated for 4.0. > On Sep 6, 2018, at 9:25 AM, Marc Ledent wrote: > > Hi all, > > I have read in the 3.10 release notes that Atomic Host is deprecated and will > nod be supported starting release 3.11. > > What this means? Is it advisable to migrate all Atomic host vms to "standard" > RHEL server? > > Kind regards, > Marc > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Atomic Host support on OpenShift 3.11 and up
Hi all, I have read in the 3.10 release notes that Atomic Host is deprecated and will nod be supported starting release 3.11. What this means? Is it advisable to migrate all Atomic host vms to "standard" RHEL server? Kind regards, Marc smime.p7s Description: S/MIME Cryptographic Signature ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Service and route in front of api pods in OpenShift 3.10
Yes sure! If acme servers can't join your routers the HTTP challenge can't be validated. Maybe it could be nice to add optional support to this in openshift-ansible: - deploy openshift-acme - create a route in front of the kubernetes service with the proper annotation Le jeu. 6 sept. 2018 à 08:27, Daniel Comnea a écrit : > Very nice Mickael ! > > Just a minor note (although i'm sure you know already) if others bump into > this thread, this method works for public domains but it won't work if your > domain is internal/ dev one (i.e - .local). > > Dani > > On Wed, Sep 5, 2018 at 4:11 PM Mickaël Canévet > wrote: > >> Thanks a lot Tobias, >> >> That helped a lot, it's working fine. >> Now I have a Let's Encrypt certificate for my web console without using >> an external reverse proxy \o/ >> >> Kind regards, >> Mickaël >> >> Le mer. 5 sept. 2018 à 13:17, Tobias Florek a >> écrit : >> >>> Hi! >>> >>> It is certainly possible. >>> >>> You already have a "kubernetes" service in the default namespace. You >>> only need to expose that service's https port with Reencrypt TLS-Policy >>> and set the kubernetes.io/tls-acme=true annotation. >>> >>> Your unsuccessful try was missing the reencrypt tls policy. >>> >>> Cheers, >>> Tobias Florek >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> >> -- >> « Any society that would give up a little liberty to gain a little >> security will deserve neither and lose both. » >> (Benjamin Franklin) >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > -- « Any society that would give up a little liberty to gain a little security will deserve neither and lose both. » (Benjamin Franklin) ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Service and route in front of api pods in OpenShift 3.10
Very nice Mickael ! Just a minor note (although i'm sure you know already) if others bump into this thread, this method works for public domains but it won't work if your domain is internal/ dev one (i.e - .local). Dani On Wed, Sep 5, 2018 at 4:11 PM Mickaël Canévet wrote: > Thanks a lot Tobias, > > That helped a lot, it's working fine. > Now I have a Let's Encrypt certificate for my web console without using an > external reverse proxy \o/ > > Kind regards, > Mickaël > > Le mer. 5 sept. 2018 à 13:17, Tobias Florek a > écrit : > >> Hi! >> >> It is certainly possible. >> >> You already have a "kubernetes" service in the default namespace. You >> only need to expose that service's https port with Reencrypt TLS-Policy >> and set the kubernetes.io/tls-acme=true annotation. >> >> Your unsuccessful try was missing the reencrypt tls policy. >> >> Cheers, >> Tobias Florek >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > > -- > « Any society that would give up a little liberty to gain a little > security will deserve neither and lose both. » > (Benjamin Franklin) > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
