summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | reverse order between router cert generationJulien Brochet2017-08-231-9/+9
| | | |
| * | | ensured to always use a certificate for the routerJulien Brochet2017-08-221-1/+1
| | |/ | |/|
* | | Merge pull request #5148 from kwoodson/registry_proxy_updatesOpenShift Bot2017-09-061-0/+8
|\ \ \ | |_|/ |/| | Merged by openshift-bot
| * | Adding proxy env vars for dc/docker-registryKenny Woodson2017-08-211-0/+8
| | |
* | | Merging openshift_node with openshift bootstrap.Kenny Woodson2017-08-291-2/+2
| | |
* | | Default to global setting for firewall.Kenny Woodson2017-08-251-4/+4
| | |
* | | Merge pull request #5178 from sdodson/fix-registry-certScott Dodson2017-08-251-0/+3
|\ \ \ | | | | | | | | Add missing hostnames to registry cert
| * | | Add missing hostnames to registry certScott Dodson2017-08-231-0/+3
| | | |
* | | | Merge pull request #5011 from kwoodson/provisionScott Dodson2017-08-233-59/+66
|\ \ \ \ | |/ / / |/| | | AWS Provisioning with scale groups.
| * | | First attempt at provisioning.Kenny Woodson2017-08-213-59/+66
| |/ /
* | | Merge pull request #5120 from smarterclayton/allow_gcs_registryScott Dodson2017-08-234-12/+15
|\ \ \ | |_|/ |/| | Allow GCS object storage to be configured
| * | Allow GCS object storage to be configuredClayton Coleman2017-08-174-12/+15
| |/ | | | | | | | | | | Previously, setting the GCS registry object storage settings resulted in an invalid configuration. This generates a registry-config secret that has the correct file if the GCS config is set.
* | Merge pull request #4254 from dmsimard/registry_certsScott Dodson2017-08-214-49/+138
|\ \ | |/ |/| Refactor openshift_hosted's docker-registry route setup
| * Refactor openshift_hosted's docker-registry route setupDavid Moreau-Simard2017-07-234-49/+138
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir
* | Updated README to reflect refactor. Moved firewall initialize into separate ↵Kenny Woodson2017-08-103-4/+10
| | | | | | | | file.
* | Adding a default condition and removing unneeded defaults.Kenny Woodson2017-08-092-8/+8
| |
* | First attempt at refactor of os_firewallKenny Woodson2017-08-086-10/+96
| |
* | Merge pull request #4693 from enoodle/create_router_certificate_by_defaultScott Dodson2017-07-262-4/+4
|\ \ | |/ |/| Router wildcard certificate created by default
| * add default value for router path in the certErez Freiberger2017-07-251-2/+2
| |
| * Router wildcard certificate created by defaultErez Freiberger2017-07-252-2/+2
| |
* | Merge pull request #4769 from jarrpa/glusterfs-fixes-fiveScott Dodson2017-07-181-1/+1
|\ \ | | | | | | GlusterFS fixes 5
| * | hosted registry: Use proper node name in GlusterFS storage setupJose A. Rivera2017-07-141-1/+1
| |/ | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | Adding a check for variable definition.Kenny Woodson2017-07-181-1/+1
| |
* | Merge branch 'master' into encryptionKenny Woodson2017-07-051-0/+5
|\ \ | |/
| * Set OPENSHIFT_DEFAULT_REGISTRY in registry dc.Andrew Butcher2017-06-301-0/+5
| |
* | Adding disk encryption to storageclasses and to openshift registryKenny Woodson2017-06-291-1/+4
|/
* registry: look for the oc executable in /usr/local/bin and ~/binGiuseppe Scrivano2017-06-271-2/+2
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* router: look for the oc executable in /usr/local/bin and ~/binGiuseppe Scrivano2017-06-261-3/+3
| | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1463131 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4484 from jarrpa/glusterfs-fixes-tooOpenShift Bot2017-06-191-1/+1
|\ | | | | Merged by openshift-bot
| * registry: mount GlusterFS storage volume from correct hostJose A. Rivera2017-06-161-1/+1
| | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | Make rollout status check best-effort, add pollSteve Kuznetsov2017-06-132-2/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot rely on the `watch.Until` call in the `rollout status` subcommand for the time being, so we need to ignore the result of this call. This will make the rollout status check best-effort, so we need to follow it with a poll for the actual status of the rollout, which we can extract from the `openshift.io/deployment.phase` annotation on the ReplicationControllers. This annotation can have only three values -- `Running`, `Complete` and `Failed`. If we poll on this attribute until we stop seeing `Running`, we can then inspect the last result for `Failed`; if it's present, we have failed the deployment. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* | Verify the rollout status of the hosted router and registrySteve Kuznetsov2017-06-092-14/+12
|/ | | | | | | | | | | | | | When deploying the hosted router and registry components, we need to ensure that they correctly roll out. The previous checks were weak in that they either simply waited for a set amount of time and/or did one replica check. They would fail if the router or registry took longer to deploy or if there were un-ready or failing replicas. The `oc rollout` command group contains the `status` endpoint for internalizing all of the logic for determining when a rollout has succeeded or failed, so simply using this client call will ensure that the router and registry correctly deploy. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* Remove supported/implemented barrier for registry object storage providers.Andrew Butcher2017-06-061-16/+0
|
* boolScott Dodson2017-05-261-2/+2
|
* Removing requirement to pass aws credentialsEric Sauer2017-05-222-4/+4
|
* Added Docker Registry Port 5000 to FirewalldVincent Schwarzer2017-05-182-0/+10
|
* GlusterFS: Allow swapping an existing registry's backend storageJose A. Rivera2017-05-043-1/+42
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* hosted_registry: Get correct pod selector for GlusterFS storageJose A. Rivera2017-05-041-1/+9
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* hosted registry: Fix typoJose A. Rivera2017-05-041-1/+1
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* Replace original router cert variable names.Andrew Butcher2017-04-242-10/+10
|
* Allow for GlusterFS to provide registry storageJose A. Rivera2017-04-102-1/+56
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* Adding signed router cert and fixing server_cert bug.Kenny Woodson2017-04-042-1/+28
|
* Add docker-registry.default.svc short name to registry service signingScott Dodson2017-04-031-1/+2
|
* openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter.Slava Semushin2017-03-293-0/+3
|
* Setting defaults on openshift_hosted.Kenny Woodson2017-03-221-3/+3
|
* acceptschema2 default: trueAaron Weitekamp2017-03-201-1/+1
| | | | Signed-off-by: Aaron Weitekamp <aweiteka@redhat.com>
* Moving projects task within openshift_hostedRussell Teague2017-03-173-2/+17
|
* Fix get_router_replicas infrastructure node count.Andrew Butcher2017-03-161-3/+10
|
* Add router svcacct cluster-reader roleRussell Teague2017-03-141-0/+9
|
* Refactor and remove openshift_serviceaccountRussell Teague2017-03-133-18/+29
|
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-14 12:20:32 +0000