[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift nodes switching to connect to masters via the API, not direct to etcd



Working on it, as you know (but to prevent whoever else might collide with it)
https://github.com/openshift/origin/pull/819

----- Original Message -----
From: "Ben Parees" <bparees redhat com>
To: ccoleman redhat com, dev lists openshift redhat com, jliggitt redhat com
Sent: Friday, January 30, 2015 11:21:05 PM
Subject: RE: OpenShift nodes switching to connect to masters via the API,	not direct to etcd



Can we get the sample app readme updated to include proper instructions for running with security and (if appropriate) using kubeconfig files? It's our main starting point for users right now and it's currently broken since it doesn't cover either using security for the client or disabling it. 

There are probably some updates to the troubleshooting doc that could be made with respect to this stuff too. 

As a general rule, if your pull request touches the end to end test script, it probably needs to touch the readme as well. 

Ben Parees | OpenShift 


-----Original Message----- 
From: Jordan Liggitt [jliggitt redhat com] 
Received: Friday, 30 Jan 2015, 22:54 
To: Clayton Coleman [ccoleman redhat com]; dev lists openshift redhat com [dev lists openshift redhat com] 
Subject: Re: OpenShift nodes switching to connect to masters via the API, not direct to etcd 



On 01/30/2015 01:17 PM, Jordan Liggitt wrote: 
> On 01/30/2015 12:35 PM, Clayton Coleman wrote: 
>> https://github.com/openshift/origin/pull/797 is going to change the nodes to connect to the master via the API, rather than through etcd. This change only affects nodes, not the master or the all-in-one. Because we're connecting to the master, we'll need to ensure the node has the right certificates to talk to the master. If you're using the certificates generated by master start, you can copy the "admin" folder to the node and use the .kubeconfig file in that directory. 
>> 
>> To launch a node with the right security credentials to talk to the API on master (over HTTPS), you do the same thing the client does: 
>> 
>> openshift start node --master=<address> --kubeconfig=<path_to_file_with_kubeconfig> 
>> 
>> Example of getting certs from master to node: 
>> 
>> # on the master 
>> openshift start master 
>> # generates ./openshift.local.certificates/admin/.kubeconfig, key.key, cert.rct, and root.crt 
>> 
>> tar -czf certs.tar.gz -C ./openshift.local.certificates/admin . 
>> # tar up those certs 
>> 
>> # on the node 
>> tar -xvzf certs.tar.gz -C ./some/directory 
>> 
>> openshift start node --master=<masteraddress> --kubeconfig=./some/directory/.kubeconfig 
> At this moment, .kubeconfig files are not portable across filesystems 
> (they use absolute path references to certs, keys, etc). They will 
> support relative paths shortly, at which point we'll generate 
> .kubeconfig files with relative paths that will be portable across 
> filesystems. 

The .kubeconfig files generated by openshift start are now portable: 
https://github.com/openshift/origin/pull/806 
https://github.com/openshift/origin/pull/809 

_______________________________________________ 
dev mailing list 
dev lists openshift redhat com 
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev 

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]