Re: openshift origin all in one
The all-in-one path David is referring to (openshift start) is not used by minishift (which uses of cluster up). There will be a replacement path for the core functionality of running a single master in a VM, we’re still working out the details. The end goal would be for an equivalent easy to use flow on a single machine that is more aligned with the new installer, but we aren’t there yet. On Oct 1, 2018, at 9:31 AM, Fernando Lozano wrote: Without all-in-one, how will minishift work? I assume we still want an easy to use option for developers. On Mon, Oct 1, 2018 at 10:12 AM subscription sites < subscription.si...@gmail.com> wrote: > Hi David, > > > so there will not be a possibility anymore to install on one host? Also no > alternative for the use-cases that all-in-one covers today, such as > experiment with openshift? > Basically, the "oc cluster up" command disappears? > > Also: is this kind of decisions available somewhere online, like a public > roadmap for the product? > > Kr, > > Peter > > On Mon, Oct 1, 2018 at 2:08 PM David Eads wrote: > >> In the release after 3.11, the all-in-one will no longer be available and >> because it isn't considered a production installation, we have no plans to >> provide a clean migration from an all-in-one configuration. >> >> On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov < >> akost...@redhat.com> wrote: >> >>> Here my personal thoughts and experience. Not some sort of official >>> advice. >>> >>> subscription sites wrote on 09/29/18 18:40: >>> > Hello, >>> > >>> > >>> > I'm wondering with regard to the all-in-one setup: >>> > - I know the documentation doesn't say it's considered production, but >>> > what would the downside be of using this on a VPS to host production >>> > apps? Except for the lack of redundancy obviously, the host goes down >>> > and it's all down, but my alternative would be to not use openshift >>> and >>> > use plain docker on one host, so availability isn't my premium >>> concern. >>> > Is it not recommended from a security perspective, considering how >>> it's >>> > setup using "oc cluster up", or are there other concerns for not using >>> > it in production? >>> >>> Except for missing on HA and running some non-app resources (console, >>> node, controllers, etcd, router, etc.), then I see no other drawbacks. >>> >>> > - When setting up an all-in-one on an internet-exposed host, how can >>> you >>> > best protect the web console? Isn't it a bit "light" security wise to >>> > just depend on username/password for protection? Is there a >>> possibility >>> > to use multifactor or certificate based authentication? I also tried >>> >>> Depends on how you choose and manage your password. For more options you >>> can try to use keycloak auth provider. This should allow you to setup >>> 2-factor auth IIRC. >>> >>> > blocking the port with iptables and using ssh with port forwarding, >>> but >>> > this doesn't seem to work, both if I set the public-master option to >>> the >>> > public ip or localhost? >>> >>> How does it fail when you set to localhost? >>> >>> I assume using some sort of VPN can also help but I don't see why `ssh` >>> shouldn't work. An alternative would be to use `ssh -D` to proxy your >>> traffic through the remote host and setup your browser to use that socks >>> server when accessing console. But still think normal port forwarding >>> should do the job. >>> >>> > >>> > >>> > Thanks for any help you can provide! >>> > >>> > >>> > Regards, >>> > >>> > >>> > >>> > Peter >>> > >>> > >>> > ___ >>> > users mailing list >>> > users@lists.openshift.redhat.com >>> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> > >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: openshift origin all in one
Without all-in-one, how will minishift work? I assume we still want an easy to use option for developers. On Mon, Oct 1, 2018 at 10:12 AM subscription sites < subscription.si...@gmail.com> wrote: > Hi David, > > > so there will not be a possibility anymore to install on one host? Also no > alternative for the use-cases that all-in-one covers today, such as > experiment with openshift? > Basically, the "oc cluster up" command disappears? > > Also: is this kind of decisions available somewhere online, like a public > roadmap for the product? > > Kr, > > Peter > > On Mon, Oct 1, 2018 at 2:08 PM David Eads wrote: > >> In the release after 3.11, the all-in-one will no longer be available and >> because it isn't considered a production installation, we have no plans to >> provide a clean migration from an all-in-one configuration. >> >> On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov < >> akost...@redhat.com> wrote: >> >>> Here my personal thoughts and experience. Not some sort of official >>> advice. >>> >>> subscription sites wrote on 09/29/18 18:40: >>> > Hello, >>> > >>> > >>> > I'm wondering with regard to the all-in-one setup: >>> > - I know the documentation doesn't say it's considered production, but >>> > what would the downside be of using this on a VPS to host production >>> > apps? Except for the lack of redundancy obviously, the host goes down >>> > and it's all down, but my alternative would be to not use openshift >>> and >>> > use plain docker on one host, so availability isn't my premium >>> concern. >>> > Is it not recommended from a security perspective, considering how >>> it's >>> > setup using "oc cluster up", or are there other concerns for not using >>> > it in production? >>> >>> Except for missing on HA and running some non-app resources (console, >>> node, controllers, etcd, router, etc.), then I see no other drawbacks. >>> >>> > - When setting up an all-in-one on an internet-exposed host, how can >>> you >>> > best protect the web console? Isn't it a bit "light" security wise to >>> > just depend on username/password for protection? Is there a >>> possibility >>> > to use multifactor or certificate based authentication? I also tried >>> >>> Depends on how you choose and manage your password. For more options you >>> can try to use keycloak auth provider. This should allow you to setup >>> 2-factor auth IIRC. >>> >>> > blocking the port with iptables and using ssh with port forwarding, >>> but >>> > this doesn't seem to work, both if I set the public-master option to >>> the >>> > public ip or localhost? >>> >>> How does it fail when you set to localhost? >>> >>> I assume using some sort of VPN can also help but I don't see why `ssh` >>> shouldn't work. An alternative would be to use `ssh -D` to proxy your >>> traffic through the remote host and setup your browser to use that socks >>> server when accessing console. But still think normal port forwarding >>> should do the job. >>> >>> > >>> > >>> > Thanks for any help you can provide! >>> > >>> > >>> > Regards, >>> > >>> > >>> > >>> > Peter >>> > >>> > >>> > ___ >>> > users mailing list >>> > users@lists.openshift.redhat.com >>> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> > >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: openshift origin all in one
Hi David, so there will not be a possibility anymore to install on one host? Also no alternative for the use-cases that all-in-one covers today, such as experiment with openshift? Basically, the "oc cluster up" command disappears? Also: is this kind of decisions available somewhere online, like a public roadmap for the product? Kr, Peter On Mon, Oct 1, 2018 at 2:08 PM David Eads wrote: > In the release after 3.11, the all-in-one will no longer be available and > because it isn't considered a production installation, we have no plans to > provide a clean migration from an all-in-one configuration. > > On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov > wrote: > >> Here my personal thoughts and experience. Not some sort of official >> advice. >> >> subscription sites wrote on 09/29/18 18:40: >> > Hello, >> > >> > >> > I'm wondering with regard to the all-in-one setup: >> > - I know the documentation doesn't say it's considered production, but >> > what would the downside be of using this on a VPS to host production >> > apps? Except for the lack of redundancy obviously, the host goes down >> > and it's all down, but my alternative would be to not use openshift and >> > use plain docker on one host, so availability isn't my premium concern. >> > Is it not recommended from a security perspective, considering how it's >> > setup using "oc cluster up", or are there other concerns for not using >> > it in production? >> >> Except for missing on HA and running some non-app resources (console, >> node, controllers, etcd, router, etc.), then I see no other drawbacks. >> >> > - When setting up an all-in-one on an internet-exposed host, how can >> you >> > best protect the web console? Isn't it a bit "light" security wise to >> > just depend on username/password for protection? Is there a possibility >> > to use multifactor or certificate based authentication? I also tried >> >> Depends on how you choose and manage your password. For more options you >> can try to use keycloak auth provider. This should allow you to setup >> 2-factor auth IIRC. >> >> > blocking the port with iptables and using ssh with port forwarding, but >> > this doesn't seem to work, both if I set the public-master option to >> the >> > public ip or localhost? >> >> How does it fail when you set to localhost? >> >> I assume using some sort of VPN can also help but I don't see why `ssh` >> shouldn't work. An alternative would be to use `ssh -D` to proxy your >> traffic through the remote host and setup your browser to use that socks >> server when accessing console. But still think normal port forwarding >> should do the job. >> >> > >> > >> > Thanks for any help you can provide! >> > >> > >> > Regards, >> > >> > >> > >> > Peter >> > >> > >> > ___ >> > users mailing list >> > users@lists.openshift.redhat.com >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: openshift origin all in one
In the release after 3.11, the all-in-one will no longer be available and because it isn't considered a production installation, we have no plans to provide a clean migration from an all-in-one configuration. On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov wrote: > Here my personal thoughts and experience. Not some sort of official advice. > > subscription sites wrote on 09/29/18 18:40: > > Hello, > > > > > > I'm wondering with regard to the all-in-one setup: > > - I know the documentation doesn't say it's considered production, but > > what would the downside be of using this on a VPS to host production > > apps? Except for the lack of redundancy obviously, the host goes down > > and it's all down, but my alternative would be to not use openshift and > > use plain docker on one host, so availability isn't my premium concern. > > Is it not recommended from a security perspective, considering how it's > > setup using "oc cluster up", or are there other concerns for not using > > it in production? > > Except for missing on HA and running some non-app resources (console, > node, controllers, etcd, router, etc.), then I see no other drawbacks. > > > - When setting up an all-in-one on an internet-exposed host, how can you > > best protect the web console? Isn't it a bit "light" security wise to > > just depend on username/password for protection? Is there a possibility > > to use multifactor or certificate based authentication? I also tried > > Depends on how you choose and manage your password. For more options you > can try to use keycloak auth provider. This should allow you to setup > 2-factor auth IIRC. > > > blocking the port with iptables and using ssh with port forwarding, but > > this doesn't seem to work, both if I set the public-master option to the > > public ip or localhost? > > How does it fail when you set to localhost? > > I assume using some sort of VPN can also help but I don't see why `ssh` > shouldn't work. An alternative would be to use `ssh -D` to proxy your > traffic through the remote host and setup your browser to use that socks > server when accessing console. But still think normal port forwarding > should do the job. > > > > > > > Thanks for any help you can provide! > > > > > > Regards, > > > > > > > > Peter > > > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
openshift origin all in one
Hello, I'm wondering with regard to the all-in-one setup: - I know the documentation doesn't say it's considered production, but what would the downside be of using this on a VPS to host production apps? Except for the lack of redundancy obviously, the host goes down and it's all down, but my alternative would be to not use openshift and use plain docker on one host, so availability isn't my premium concern. Is it not recommended from a security perspective, considering how it's setup using "oc cluster up", or are there other concerns for not using it in production? - When setting up an all-in-one on an internet-exposed host, how can you best protect the web console? Isn't it a bit "light" security wise to just depend on username/password for protection? Is there a possibility to use multifactor or certificate based authentication? I also tried blocking the port with iptables and using ssh with port forwarding, but this doesn't seem to work, both if I set the public-master option to the public ip or localhost? Thanks for any help you can provide! Regards, Peter ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users