Jan Chaloupka
99745a0422
Consolidate etcd certs roles
|
7 years ago | |
|---|---|---|
| .. | ||
| defaults | 7 years ago | |
| handlers | 7 years ago | |
| meta | 7 years ago | |
| tasks | 7 years ago | |
| templates | 7 years ago | |
| README.md | 7 years ago | |
README.md
Calico
Configure Calico components for the Master host.
Requirements
- Ansible 2.2
Installation
To install, set the following inventory configuration parameters:
openshift_use_calico=Trueopenshift_use_openshift_sdn=Falseos_sdn_network_plugin_name='cni'
For more information, see Calico's official OpenShift Installation Documentation
Improving security with BYO-etcd
By default, Calico uses the etcd set up by OpenShift. To accomplish this, it generates and distributes client etcd certificates to each node. Distributing these certs across the cluster in this way weakens the overall security, so Calico should not be deployed in production in this mode.
Instead, Calico can be installed in BYO-etcd mode, where it connects to an externally set up etcd. For information on deploying Calico in BYO-etcd mode, see Calico's official OpenShift Installation Documentation
Calico Configuration Options
Additional parameters that can be defined in the inventory are:
| Environment | Description | Schema | Default |
|---------|----------------------|---------|---------|
| CALICO_IPV4POOL_IPIP | IPIP Mode to use for the IPv4 POOL created at start up. | off, always, cross-subnet | always |
| CALICO_LOG_DIR | Directory on the host machine where Calico Logs are written.| String | /var/log/calico |
Contact Information
Author: Dan Osborne dan@projectcalico.org
For support, join the #openshift channel on the calico users slack.