Re: master public http --> https redirection

2016-12-01 Thread Jessica Forrester
There is an existing RFE for this to happen OOTB https://trello.com/c/qxRMizmK Is the load balancer you are using in front of the masters able to do this redirect? On Thu, Dec 1, 2016 at 1:08 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > How to configure master public URl to

master public http --> https redirection

2016-12-01 Thread Srinivas Naga Kotaru (skotaru)
How to configure master public URl to redirect from http --> https? we want to redirect to https when our clients hit http://public_url in thr browser. Also OC and other clients shouldn’t face any issues with this change. Is it possible? -- Srinivas Kotaru

Re: master public http --> https redirection

2016-12-01 Thread Srinivas Naga Kotaru (skotaru)
Yes, we are using a load balancer across 3 masters. You want us to take redirect help from LB? -- Srinivas Kotaru From: Jessica Forrester Date: Thursday, December 1, 2016 at 10:17 AM To: Srinivas Naga Kotaru Cc: dev

cluster wide service acount

2016-12-01 Thread Srinivas Naga Kotaru (skotaru)
I knew we can create a service account per project and can be used as a password less API work and automations activities. Can we create a service account at cluster level and can be used for platform operations (monitoring, automation, shared account for operation teams)? Intention is to have

Re: cluster wide service acount

2016-12-01 Thread Srinivas Naga Kotaru (skotaru)
Jordan That helps. Thanks for quick help. Can we use this sa account to login into console and OC clinet? If yes how? I knew SA account only has non expired token but no password -- Srinivas Kotaru From: Jordan Liggitt Date: Thursday, December 1, 2016 at 12:04 PM To:

Re: cluster wide service acount

2016-12-01 Thread Srinivas Naga Kotaru (skotaru)
Thanks, it is working. Able to login using service account token # oc get sa # oc get secrets # oc get secret cae-ops-token-5vrkf --template='{{.data.token}}' decode base64 token # oc login –token= Qeustion: I can see 2 secrets for each service accont and both are valied to login. Any

Re: cluster wide service acount

2016-12-01 Thread Jordan Liggitt
The dockercfg secret contains the value of one of the tokens (which is required to exist in order for the service account token to continue to be a valid credential) in dockercfg format On Thu, Dec 1, 2016 at 4:59 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > For Docker login

Re: SELinux and OC cluster up/down

2016-12-01 Thread Steve Kuznetsov
I've not had any issues running development workflows, including `oc cluster up/down`, with SELinux enforcing. Cesar can give a more authoritative answer for `oc cluster`, but FWIW I don't know of any compelling reason today to turn off SELinux for OpenShift development. Steve On Dec 1, 2016