diff options
Diffstat (limited to 'roles/openshift_logging')
-rw-r--r-- | roles/openshift_logging/README.md | 1 | ||||
-rw-r--r-- | roles/openshift_logging/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 1 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/update_master_config.yaml | 2 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/upgrade_logging.yaml | 2 | ||||
-rw-r--r-- | roles/openshift_logging/templates/curator.j2 | 2 | ||||
-rw-r--r-- | roles/openshift_logging/templates/route_reencrypt.j2 | 3 | ||||
-rw-r--r-- | roles/openshift_logging/templates/secret.j2 | 4 |
8 files changed, 12 insertions, 4 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index c90a5bf20..14b80304d 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -46,6 +46,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1. - `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. +- `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect. - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'. - `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 9b3c17da1..5440a3647 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -26,6 +26,7 @@ openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: null openshift_logging_kibana_replica_count: 1 +openshift_logging_kibana_edge_term_policy: Redirect #The absolute path on the control node to the cert file to use #for the public facing kibana certs diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 3c462378b..7af17a708 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -26,6 +26,7 @@ tls_cert: "{{kibana_cert | default('') | b64decode}}" tls_ca_cert: "{{kibana_ca | b64decode}}" tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}" labels: component: support logging-infra: support diff --git a/roles/openshift_logging/tasks/update_master_config.yaml b/roles/openshift_logging/tasks/update_master_config.yaml index af303c47c..cef835668 100644 --- a/roles/openshift_logging/tasks/update_master_config.yaml +++ b/roles/openshift_logging/tasks/update_master_config.yaml @@ -5,3 +5,5 @@ yaml_key: assetConfig.loggingPublicURL yaml_value: "https://{{ openshift_logging_kibana_hostname }}" notify: restart master + tags: + - update_master_config diff --git a/roles/openshift_logging/tasks/upgrade_logging.yaml b/roles/openshift_logging/tasks/upgrade_logging.yaml index 83867d361..30fdbd2af 100644 --- a/roles/openshift_logging/tasks/upgrade_logging.yaml +++ b/roles/openshift_logging/tasks/upgrade_logging.yaml @@ -33,7 +33,7 @@ selector: "component=es" namespace: "{{openshift_logging_namespace}}" register: running_pod - until: running_pod.results.results[0]['items'] | selectattr('status.phase', 'equalto', 'Running') | map(attribute='metadata.name') | list | length != 0 + until: running_pod.results.results[0]['items'] | selectattr('status.phase', 'match', '^Running$') | map(attribute='metadata.name') | list | length != 0 retries: 30 delay: 10 diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 index 55f4976ec..a0fefd882 100644 --- a/roles/openshift_logging/templates/curator.j2 +++ b/roles/openshift_logging/templates/curator.j2 @@ -87,7 +87,7 @@ spec: mountPath: /etc/curator/keys readOnly: true - name: config - mountPath: /usr/curator/settings + mountPath: /etc/curator/settings readOnly: true - name: elasticsearch-storage mountPath: /elasticsearch/persistent diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2 index 341ffdd84..cf8a9e65f 100644 --- a/roles/openshift_logging/templates/route_reencrypt.j2 +++ b/roles/openshift_logging/templates/route_reencrypt.j2 @@ -28,6 +28,9 @@ spec: {{ line }} {% endfor %} termination: reencrypt +{% if edge_term_policy is defined and edge_term_policy | length > 0 %} + insecureEdgeTerminationPolicy: {{ edge_term_policy }} +{% endif %} to: kind: Service name: {{ service_name }} diff --git a/roles/openshift_logging/templates/secret.j2 b/roles/openshift_logging/templates/secret.j2 index d73bae9c4..eba4197da 100644 --- a/roles/openshift_logging/templates/secret.j2 +++ b/roles/openshift_logging/templates/secret.j2 @@ -1,9 +1,9 @@ apiVersion: v1 kind: Secret metadata: - name: {{secret_name}} + name: "{{secret_name}}" type: Opaque data: {% for s in secrets %} - {{s.key}}: {{s.value | b64encode}} + "{{s.key}}" : "{{s.value | b64encode}}" {% endfor %} |