8 years ago · dab7c7d035
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -46,6 +46,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
 
				 - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified.
			
 
				 - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1.
			
 
				 - `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
			
 
				+- `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect.
			
 
				 
			
 
				 - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'.
			
 
				 - `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'.
			
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -26,6 +26,7 @@ openshift_logging_kibana_proxy_debug: false
 
				 openshift_logging_kibana_proxy_cpu_limit: null
			
 
				 openshift_logging_kibana_proxy_memory_limit: null
			
 
				 openshift_logging_kibana_replica_count: 1
			
 
				+openshift_logging_kibana_edge_term_policy: Redirect
			
 
				 
			
 
				 #The absolute path on the control node to the cert file to use
			
 
				 #for the public facing kibana certs
			
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -26,6 +26,7 @@
 
				     tls_cert: "{{kibana_cert | default('') | b64decode}}"
			
 
				     tls_ca_cert: "{{kibana_ca | b64decode}}"
			
 
				     tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
			
 
				+    edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
			
 
				     labels:
			
 
				       component: support
			
 
				       logging-infra: support
			
--- a/roles/openshift_logging/templates/route_reencrypt.j2
+++ b/roles/openshift_logging/templates/route_reencrypt.j2
@@ -28,6 +28,9 @@ spec:
 
				       {{ line }}
			
 
				 {% endfor %}
			
 
				     termination: reencrypt
			
 
				+{% if edge_term_policy is defined and edge_term_policy | length > 0 %}
			
 
				+    insecureEdgeTerminationPolicy: {{ edge_term_policy }}
			
 
				+{% endif %}
			
 
				   to:
			
 
				     kind: Service
			
 
				     name: {{ service_name }}