Hi David,
so there will not be a possibility anymore to install on one host? Also no alternative for the use-cases that all-in-one covers today, such as experiment with openshift? Basically, the "oc cluster up" command disappears? Also: is this kind of decisions available somewhere online, like a public roadmap for the product? Kr, Peter On Mon, Oct 1, 2018 at 2:08 PM David Eads <de...@redhat.com> wrote: > In the release after 3.11, the all-in-one will no longer be available and > because it isn't considered a production installation, we have no plans to > provide a clean migration from an all-in-one configuration. > > On Sun, Sep 30, 2018 at 3:56 PM Aleksandar Kostadinov <akost...@redhat.com> > wrote: > >> Here my personal thoughts and experience. Not some sort of official >> advice. >> >> subscription sites wrote on 09/29/18 18:40: >> > Hello, >> > >> > >> > I'm wondering with regard to the all-in-one setup: >> > - I know the documentation doesn't say it's considered production, but >> > what would the downside be of using this on a VPS to host production >> > apps? Except for the lack of redundancy obviously, the host goes down >> > and it's all down, but my alternative would be to not use openshift and >> > use plain docker on one host, so availability isn't my premium concern. >> > Is it not recommended from a security perspective, considering how it's >> > setup using "oc cluster up", or are there other concerns for not using >> > it in production? >> >> Except for missing on HA and running some non-app resources (console, >> node, controllers, etcd, router, etc.), then I see no other drawbacks. >> >> > - When setting up an all-in-one on an internet-exposed host, how can >> you >> > best protect the web console? Isn't it a bit "light" security wise to >> > just depend on username/password for protection? Is there a possibility >> > to use multifactor or certificate based authentication? I also tried >> >> Depends on how you choose and manage your password. For more options you >> can try to use keycloak auth provider. This should allow you to setup >> 2-factor auth IIRC. >> >> > blocking the port with iptables and using ssh with port forwarding, but >> > this doesn't seem to work, both if I set the public-master option to >> the >> > public ip or localhost? >> >> How does it fail when you set to localhost? >> >> I assume using some sort of VPN can also help but I don't see why `ssh` >> shouldn't work. An alternative would be to use `ssh -D` to proxy your >> traffic through the remote host and setup your browser to use that socks >> server when accessing console. But still think normal port forwarding >> should do the job. >> >> > >> > >> > Thanks for any help you can provide! >> > >> > >> > Regards, >> > >> > >> > >> > Peter >> > >> > >> > _______________________________________________ >> > users mailing list >> > users@lists.openshift.redhat.com >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users