Re: [ssl] oc cluster up

2019-02-27 Thread Joel Pearson 
Why not use an ansible installation for a single node instead? Then you can let 
ansible configure everything properly for you. 

Sent from my iPhone

> On 28 Feb 2019, at 9:02 am, Pavel Maslov  wrote:
> 
> With my original question, I meant how can I secure the Web Console (I was 
> able to install a custom SSL certificate for the Router, so now it's the Web 
> Console's turn). I am following the instructions from the documentation [1], 
> but to no avail - Web Console is still picking up the default self-singed 
> certificate by Openshift.
> 
> Since I am starting my Openshift cluster using oc cluster up, a new directory 
> gets created, namely openshift.local.clusterup/.
> So what I did I edited the file 
> openshift.local.clusterup/kub-apiserver/master-config.yaml as described in 
> [1]:
> 
> servingInfo:
>   masterPublicURL: https://dev3.maslick.com:8443
>   publicURL: https://dev3.maslick.com:8443/console/
>   bindAddress: 0.0.0.0:8443
>   bindNetwork: tcp4
>   certFile: master.server.crt
>   clientCA: ca.crt
>   keyFile: master.server.key
>   maxRequestsInFlight: 1200
>   namedCertificates:
>   - certFile: dev3-maslick-com.crt
> clientCA: ca-maslick-com.pem
> keyFile: key-dev3-maslick-com.pem
> names:
>   - "dev3.maslick.com"
>   requestTimeoutSeconds: 3600
> volumeConfig:
>   dynamicProvisioningEnabled: true
> 
> It doesn't work though. It doesn't even pick up my certificate. I put the 
> crt, ca and key files into the same folder as master-config.yaml: 
> $HOME/openshift.local.clusterup/kub-apiserver/.
> Any thoughts? Thanks!
> 
> [1] 
> https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates
> 
> Regards,
> Pavel Maslov, MS
> 
> 
>> On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov  wrote:
>> Hi, all
>> 
>> I'm new to the list. Perhaps, smb already asked this question:
>> 
>> When I start a cluster using oc cluster up command, Openshift generates a 
>> self-signed certificate. Is it possible to give it a real certificate? 
>> 
>> Thanks in advance.
>> 
>> Regards,
>> Pavel Maslov, MS
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: [ssl] oc cluster up

2019-02-27 Thread Pavel Maslov 
With my original question, I meant how can I secure the Web Console (I was
able to install a custom SSL certificate for the Router, so now it's the
Web Console's turn). I am following the instructions from the documentation
[1], but to no avail - Web Console is still picking up the default
self-singed certificate by Openshift.

Since I am starting my Openshift cluster using *oc cluster up, *a new
directory gets created, namely openshift.local.clusterup/.
So what I did I edited the file
openshift.local.clusterup/kub-apiserver/master-config.yaml as described in
[1]:

servingInfo:
  masterPublicURL: https://dev3.maslick.com:8443
  publicURL: https://dev3.maslick.com:8443/console/
  bindAddress: 0.0.0.0:8443
  bindNetwork: tcp4
  certFile: master.server.crt
  clientCA: ca.crt
  keyFile: master.server.key
  maxRequestsInFlight: 1200
  namedCertificates:
  - certFile: dev3-maslick-com.crt
clientCA: ca-maslick-com.pem
keyFile: key-dev3-maslick-com.pem
names:
  - "dev3.maslick.com"
  requestTimeoutSeconds: 3600
volumeConfig:
  dynamicProvisioningEnabled: true

It doesn't work though. It doesn't even pick up my certificate. I put the
crt, ca and key files into the same folder as master-config.yaml:
$HOME/openshift.local.clusterup/kub-apiserver/.
Any thoughts? Thanks!

[1]
https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates

Regards,
Pavel Maslov, MS


On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov 
wrote:

> Hi, all
>
> I'm new to the list. Perhaps, smb already asked this question:
>
> When I start a cluster using *oc cluster up* command, Openshift generates
> a self-signed certificate. Is it possible to give it a real certificate?
>
> Thanks in advance.
>
> Regards,
> Pavel Maslov, MS
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Architecture High Availability

2019-02-27 Thread Louis Santillan 
Sergio,

Some customers have a previously optimized etcd cluster(s).  We can have
OpenShift point at that cluster, if so desired.  That is the External Etcd
scenario.  This can reduce significant load from the Master nodes.  The
other scenario is when OpenShift installs an etcd cluster on the Master
nodes.  I rarely hear about the former scenario anymore.


As for Masters, the idea is that etcd quorum [0] (in the latter scenario
above) is optimally achieved when we have `(n+1)/2` agreement.
Essentially, what that means that we start with 3 members (2 needed to
achieve quorum) and we should increase the cluster by 2 members to continue
along that curve.  However, since etcd needs to sync it's DB across the
Masters, we great greatly increase our network traffic requirements needed
for syncing the DB between the masters for relatively little availability
gain.

[0] https://coreos.com/etcd/docs/latest/faq.html

___

LOUIS P. SANTILLAN

Architect, OPENSHIFT & DEVOPS

Red Hat Consulting,  Container and PaaS Practice

lsant...@redhat.com   M: 3236334854

TRIED. TESTED. TRUSTED. 




On Wed, Feb 27, 2019 at 4:55 AM Sérgio Cascão  wrote:

> hi Trevor, thanks for your response.
>
> in your link they talk about HA, and these  case  you have one etcd for
> each master, if the one master goes down, you have always the etcd
> available.
>
>
>> It therefore provides an HA setup where losing a control plane instance
>> or an etcd member has less impact and does not affect the cluster
>> redundancy as much as the stacked HA topology.
>
>
> But my question is more about performance, for example, i know that
> inplementation you have more latency in acess to master. if you can show me
> more vantages and advantages I would be grateful.
>
> best regards
> Sergio
>
> W. Trevor King  escreveu no dia terça, 26/02/2019 à(s)
> 22:30:
>
>> On Tue, Feb 26, 2019 at 2:26 PM Sérgio Cascão wrote:
>> > i like know what the advantages between put etcd separated from masters?
>>
>> Some more docs around these choices in [1].
>>
>> Cheers,
>> Trevor
>>
>> [1]: https://kubernetes.io/docs/setup/independent/ha-topology/
>>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Architecture High Availability

2019-02-27 Thread Sérgio Cascão 
hi Trevor, thanks for your response.

in your link they talk about HA, and these  case  you have one etcd for
each master, if the one master goes down, you have always the etcd
available.


> It therefore provides an HA setup where losing a control plane instance or
> an etcd member has less impact and does not affect the cluster redundancy
> as much as the stacked HA topology.


But my question is more about performance, for example, i know that
inplementation you have more latency in acess to master. if you can show me
more vantages and advantages I would be grateful.

best regards
Sergio

W. Trevor King  escreveu no dia terça, 26/02/2019 à(s)
22:30:

> On Tue, Feb 26, 2019 at 2:26 PM Sérgio Cascão wrote:
> > i like know what the advantages between put etcd separated from masters?
>
> Some more docs around these choices in [1].
>
> Cheers,
> Trevor
>
> [1]: https://kubernetes.io/docs/setup/independent/ha-topology/
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Configuring the admin console

2019-02-27 Thread Iago Santos 
Hi Steve,

Yes, I disabled it manually at the beginning, now I wanted to give it a
try, thanks for your answer.

Cheers,
Iago.

El mié., 27 feb. 2019 a las 9:41, Steve Bylo () escribió:

> Hi Lago,
>
> I'm surprised it is not already installed as it should be by default.
>
> However ...
> You should set the "openshift_console_install = true" (default) variable
> in your inventory file and then re-run the usual 2 install playbooks.
>
> https://docs.openshift.com/container-platform/3.11/install/running_install.html#running-the-advanced-installation-rpm
>
> Hope that helps,
> Steve
>
> On Wed, Feb 27, 2019 at 4:28 PM Iago Santos 
> wrote:
>
>> Hi,
>>
>> Which playbook should I run in order to install and configure the cluster
>> console [0] ? once I have the cluster running? is the
>> "openshift-ansible/playbooks/openshift-console/config.yml" ?
>>
>> [0]
>> https://docs.openshift.com/container-platform/3.11/install/configuring_inventory_file.html#configuring-the-admin-console
>>
>> Cheers,
>> Iago.
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>
>
> --
> Best regards,
> Steve B
>
> Stephen Bylo  - sb...@redhat.com
> Sr. Solutions Architect OpenShift | Red Hat Singapore
> https://bluejeans.com/sbylo
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Configuring the admin console

2019-02-27 Thread Steve Bylo 
Hi Lago,

I'm surprised it is not already installed as it should be by default.

However ...
You should set the "openshift_console_install = true" (default) variable in
your inventory file and then re-run the usual 2 install playbooks.
https://docs.openshift.com/container-platform/3.11/install/running_install.html#running-the-advanced-installation-rpm

Hope that helps,
Steve

On Wed, Feb 27, 2019 at 4:28 PM Iago Santos 
wrote:

> Hi,
>
> Which playbook should I run in order to install and configure the cluster
> console [0] ? once I have the cluster running? is the
> "openshift-ansible/playbooks/openshift-console/config.yml" ?
>
> [0]
> https://docs.openshift.com/container-platform/3.11/install/configuring_inventory_file.html#configuring-the-admin-console
>
> Cheers,
> Iago.
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


-- 
Best regards,
Steve B

Stephen Bylo  - sb...@redhat.com
Sr. Solutions Architect OpenShift | Red Hat Singapore
https://bluejeans.com/sbylo
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Configuring the admin console

2019-02-27 Thread Iago Santos 
Hi,

Which playbook should I run in order to install and configure the cluster
console [0] ? once I have the cluster running? is the
"openshift-ansible/playbooks/openshift-console/config.yml" ?

[0]
https://docs.openshift.com/container-platform/3.11/install/configuring_inventory_file.html#configuring-the-admin-console

Cheers,
Iago.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users