Re: Let's Encrypt certificates

I'm very interested in this as well, as I'd like to use it in classes I'm teaching on OpenShift. Let's keep a very strict separation between types of traffic. There's the traffic between nodes (kubelet,) master API servers, and components such as logging and metrics. That's on the *.internal dom

Re: Let's Encrypt certificates

That's interesting, and a very different approach to what I was anticipating using the Ansible playbooks. Any thoughts from anyone on what is the best approach for this? Any other approaches/experiences on how to handle this important issue? Tim On 25/08/2017 17:09, Tomas Nozicka wrote: Hi T

Re: Let's Encrypt certificates

Hi Tim, there is a controller to take care about generating and renewing Let's Encrypt certificates for you. https://github.com/tnozicka/openshift-acme That said it won't generate it for masters but you can expose master API using Route and certificate for that Route would be fully managed by op

Let's Encrypt certificates

Does anyone have any experience on how best to use Let' Encrypt certificates for an OpenShift Origin cluster? In once sense this is simple. The Ansible installer can be specified to use this custom certificate and key to sign all the certificates it generates, and doing so ensures you don't ge

Origin Multiple Cloud Providers

Does anyone have any details on setting up multiple cloud providers using Origin? ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Docker registry certificate issue

Thanks. That PR seems to fix it. Tim On 25/08/2017 14:55, Scott Dodson wrote: I think we broke this recently, can you try this PR? https://github.com/openshift/openshift-ansible/pull/5178 On Fri, Aug 25, 2017 at 9:20 AM, Tim Dudgeon > wrote: I'm creating t

Re: Problem pulling image from internal registry

I tested the DNS on another docker and it seems work [root@dev-openshift01 ~]# oc get pods NAME READY STATUSRESTARTS AGE jenkins-1-1rzjg 1/1 Running 0 6h mariadb-1-ngjvt 1/1 Running 0 3m [root@dev-openshift01 ~]# oc rsh mariadb-1-ngjvt s

Re: Problem pulling image from internal registry

This is likely a dns issue. Verify inside of a test pod that you have access to docker-registry.default.svc via DNS (dig or nslookup) On Aug 25, 2017, at 3:59 AM, Marcello Lorenzi wrote: Hi All, we have installed the new Origin 3.6.0 version on our development environment and we tried to push a

Re: Cluster AutoScaler

That would be awesome thanks, I have added https://github.com/openshift/openshift-ansible-contrib/issues/696 to keep track of the feature request :) On Fri, Aug 25, 2017 at 2:46 PM, Clayton Coleman wrote: > We're hoping that starting in 3.7 that with the use of node bootstrapping > (getting a pr

Re: Docker registry certificate issue

I think we broke this recently, can you try this PR? https://github.com/openshift/openshift-ansible/pull/5178 On Fri, Aug 25, 2017 at 9:20 AM, Tim Dudgeon wrote: > I'm creating this as a new topic, although it has partly been discussed > earlier. > Now I have a better understanding of the proble

Re: Cluster AutoScaler

We're hoping that starting in 3.7 that with the use of node bootstrapping (getting a properly secured client certificate) will allow us to make autoscaling work very easily - at that point we hope to leverage cluster autoscaler. The key blocker has always been the ability to properly secure the no

Docker registry certificate issue

I'm creating this as a new topic, although it has partly been discussed earlier. Now I have a better understanding of the problem so its best discussed as a new topic. The issue is that the certificate that is generated by the ansible installer for the docker repository is not correct, so any

Re: Health check via API

Thanks, I figured out how to do it. In case someone wants to the same thing: oc get pods -o custom-columns=NAME:.metadata.name,Ready:status. containerStatuses[0].ready This will list all the pods with readiness status NAME Ready pod-1 true pod-

Cluster AutoScaler

Are there any plans to include this in OpenShift? https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/li

Problem pulling image from internal registry

Hi All, we have installed the new Origin 3.6.0 version on our development environment and we tried to push and pull some images generated outside Origin installation but pushed with these commands to the internal registry: - oc login --username=test - docker login -u test -e unused -p `oc whoaim