[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift nodes switching to connect to masters via the API, not direct to etcd



On 01/30/2015 12:35 PM, Clayton Coleman wrote:
> https://github.com/openshift/origin/pull/797 is going to change the nodes to connect to the master via the API, rather than through etcd.  This change only affects nodes, not the master or the all-in-one.  Because we're connecting to the master, we'll need to ensure the node has the right certificates to talk to the master.  If you're using the certificates generated by master start, you can copy the "admin" folder to the node and use the .kubeconfig file in that directory.
>
> To launch a node with the right security credentials to talk to the API on master (over HTTPS), you do the same thing the client does:
>
>     openshift start node --master=<address> --kubeconfig=<path_to_file_with_kubeconfig>
>
> Example of getting certs from master to node:
>
>     # on the master
>     openshift start master
>     # generates ./openshift.local.certificates/admin/.kubeconfig, key.key, cert.rct, and root.crt
>
>     tar -czf certs.tar.gz -C ./openshift.local.certificates/admin .
>     # tar up those certs
>
>     # on the node
>     tar -xvzf certs.tar.gz -C ./some/directory
>     
>     openshift start node --master=<masteraddress> --kubeconfig=./some/directory/.kubeconfig

At this moment, .kubeconfig files are not portable across filesystems
(they use absolute path references to certs, keys, etc). They will
support relative paths shortly, at which point we'll generate
.kubeconfig files with relative paths that will be portable across
filesystems.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]