[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openshift origin all in one



Without all-in-one, how will minishift work? I assume we still want an easy to use option for developers.

On Mon, Oct 1, 2018 at 10:12 AM subscription sites <subscription sites gmail com> wrote:
Hi David,


so there will not be a possibility anymore to install on one host? Also no alternative for the use-cases that all-in-one covers today, such as experiment with openshift?
Basically, the "oc cluster up" command disappears?

Also: is this kind of decisions available somewhere online, like a public roadmap for the product?

Kr,

Peter

On Mon, Oct 1, 2018 at 2:08 PM David Eads <deads redhat com> wrote:
In the release after 3.11, the all-in-one will no longer be available and because it isn't considered a production installation, we have no plans to provide a clean migration from an all-in-one configuration.

On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov <akostadi redhat com> wrote:
Here my personal thoughts and experience. Not some sort of official advice.

subscription sites wrote on 09/29/18 18:40:
> Hello,
>
>
> I'm wondering with regard to the all-in-one setup:
> - I know the documentation doesn't say it's considered production, but
> what would the downside be of using this on a VPS to host production
> apps? Except for the lack of redundancy obviously, the host goes down
> and it's all down, but my alternative would be to not use openshift and
> use plain docker on one host, so availability isn't my premium concern.
> Is it not recommended from a security perspective, considering how it's
> setup using "oc cluster up", or are there other concerns for not using
> it in production?

Except for missing on HA and running some non-app resources (console,
node, controllers, etcd, router, etc.), then I see no other drawbacks.

> - When setting up an all-in-one on an internet-exposed host, how can you
> best protect the web console? Isn't it a bit "light" security wise to
> just depend on username/password for protection? Is there a possibility
> to use multifactor or certificate based authentication? I also tried

Depends on how you choose and manage your password. For more options you
can try to use keycloak auth provider. This should allow you to setup
2-factor auth IIRC.

> blocking the port with iptables and using ssh with port forwarding, but
> this doesn't seem to work, both if I set the public-master option to the
> public ip or localhost?

How does it fail when you set to localhost?

I assume using some sort of VPN can also help but I don't see why `ssh`
shouldn't work. An alternative would be to use `ssh -D` to proxy your
traffic through the remote host and setup your browser to use that socks
server when accessing console. But still think normal port forwarding
should do the job.

>
>
> Thanks for any help you can provide!
>
>
> Regards,
>
>
>
> Peter
>
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]