Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #2100 from smunilla/BZ1337553

Add externalIPNetworkCIDRs to config
Scott Dodson 8 years ago
parent
fcaeaf0ebb 24ea576489
commit
1485080974
3 changed files with 20 additions and 0 deletions
Split View Show Diff Stats
  1. 10 0
      inventory/byo/hosts.origin.example
  2. 9 0
      inventory/byo/hosts.ose.example
  3. 1 0
      roles/openshift_master/templates/master.yaml.v1.j2

+ 10 - 0
inventory/byo/hosts.origin.example
View File 

@@ -343,6 +343,16 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 
 #osm_cluster_network_cidr=10.1.0.0/16
 
 #openshift_portal_net=172.30.0.0/16
 
 
+
 
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
 
+# service external IP field. If empty, no externalIP may be set. It
 
+# may contain a list of CIDRs which are checked for access. If a CIDR
 
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
 
+# will be applied first, then the IP checked against one of the
 
+# allowed CIDRs. You should ensure this range does not overlap with
 
+# your nodes, pods, or service CIDRs for security reasons.
 
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
 
+
 
 # Configure number of bits to allocate to each host’s subnet e.g. 8
 
 # would mean a /24 network on the host.
 
 #osm_host_subnet_length=8

+ 9 - 0
inventory/byo/hosts.ose.example
View File 

@@ -339,6 +339,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 
 #openshift_portal_net=172.30.0.0/16
 
 
 
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
 
+# service external IP field. If empty, no externalIP may be set. It
 
+# may contain a list of CIDRs which are checked for access. If a CIDR
 
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
 
+# will be applied first, then the IP checked against one of the
 
+# allowed CIDRs. You should ensure this range does not overlap with
 
+# your nodes, pods, or service CIDRs for security reasons.
 
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
 
+
 
 # Configure number of bits to allocate to each host’s subnet e.g. 8
 
 # would mean a /24 network on the host.
 
 #osm_host_subnet_length=8

+ 1 - 0
roles/openshift_master/templates/master.yaml.v1.j2
View File 

@@ -156,6 +156,7 @@ networkConfig:
 
 {% endif %}
 
 # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
 
   serviceNetworkCIDR: {{ openshift.common.portal_net }}
 
+  externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
 
 oauthConfig:
 
 {% if 'oauth_always_show_provider_selection' in openshift.master %}
 
   alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}