summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMathias Merscher <Mathias.Merscher@dg-i.net>2016-10-02 16:31:27 +0200
committerMathias Merscher <Mathias.Merscher@dg-i.net>2016-10-04 12:47:41 +0200
commit9f22136fe973f698e079925553793f0b7170552d (patch)
tree64cc0cd0d3e0b4c60351c7f4b84f77348e0cacb3
parenta025229edb987afb69d4799c84956821a2c56ecc (diff)
downloadopenshift-9f22136fe973f698e079925553793f0b7170552d.tar.gz
openshift-9f22136fe973f698e079925553793f0b7170552d.tar.bz2
openshift-9f22136fe973f698e079925553793f0b7170552d.tar.xz
openshift-9f22136fe973f698e079925553793f0b7170552d.zip
allow networkConfig.ingressIPNetworkCIDRs to be configured
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
-rw-r--r--inventory/byo/hosts.origin.example7
-rw-r--r--inventory/byo/hosts.ose.example7
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j23
3 files changed, 17 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 3b43b5d0a..4e542fb2c 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -441,6 +441,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# your nodes, pods, or service CIDRs for security reasons.
#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+# IngressIPNetworkCIDR controls the range to assign ingress IPs from for
+# services of type LoadBalancer on bare metal. If empty, ingress IPs will not
+# be assigned. It may contain a single CIDR that will be allocated from. For
+# security reasons, you should ensure that this range does not overlap with
+# the CIDRs reserved for external IPs, nodes, pods, or services.
+#openshift_master_ingress_ip_network_cidr=172.46.0.0/16
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 19519da50..2645d4510 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -440,6 +440,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# your nodes, pods, or service CIDRs for security reasons.
#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+# IngressIPNetworkCIDR controls the range to assign ingress IPs from for
+# services of type LoadBalancer on bare metal. If empty, ingress IPs will not
+# be assigned. It may contain a single CIDR that will be allocated from. For
+# security reasons, you should ensure that this range does not overlap with
+# the CIDRs reserved for external IPs, nodes, pods, or services.
+#openshift_master_ingress_ip_network_cidr=172.46.0.0/16
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index ced3eb76f..b4d4c7067 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -164,6 +164,9 @@ networkConfig:
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.common.portal_net }}
externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
+{% if openshift_master_ingress_ip_network_cidr %}
+ ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }}
+{% endif %}
oauthConfig:
{% if 'oauth_always_show_provider_selection' in openshift.master %}
alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}