openstack/kolla-ansible
Code Issues Proposed changes

Improve Qinling documentation

Browse Source 
- Remove trusted_cidrs that has just been removed from
Qinling code.
- Remove use_api_certificate because it's true by default
- Improve list syntax
- Add etcd section

Change-Id: I0426a9d61fbeaa23a1affbc7e981a78283e88263
This commit is contained in:
Gaetan Trellu 2019-06-04 22:42:29 -04:00
parent 9d5b405328
commit 557193a7ec
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
doc/source/reference/compute/qinling-guide.rst
View File

@ -22,6 +22,17 @@ Apply custom policies to Qinling API
Custom policies could be apply by creating ``policy.json`` file under Custom policies could be apply by creating ``policy.json`` file under
``/etc/kolla/config/qinling`` directory. ``/etc/kolla/config/qinling`` directory.
Enable etcd role
~~~~~~~~~~~~~~~~
Qinling requires etcd for function mapping and concurrency. The etcd role
should be enabled to configure the etcd address and port within `qinling.conf`.
Look for ``enable_etcd: "no"`` and change it in ``/etc/kolla/globals.yml``:
.. code-block:: yaml
enable_etcd: "yes"
Connect to an existing Kubernetes cluster Connect to an existing Kubernetes cluster
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -48,18 +59,18 @@ created with Magnum.
Four files should have been generated: Four files should have been generated:
- ``ca.pem`` * ``ca.pem``
- ``cert.pem`` * ``cert.pem``
- ``key.pem`` * ``key.pem``
- ``config`` * ``config``
Only ``ca.pem``, ``cert.pem`` and ``key.pem`` will be used, these files have Only ``ca.pem``, ``cert.pem`` and ``key.pem`` will be used, these files have
to be stored in ``/etc/kolla/config/qinling/qinling-engine`` directory under to be stored in ``/etc/kolla/config/qinling/qinling-engine`` directory under
these file name: these file name:
- ``ca.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt`` * ``ca.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt``
- ``cert.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.crt`` * ``cert.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.crt``
- ``key.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.key`` * ``key.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.key``
Declare ``qinling_kubernetes_certificates`` variable in Declare ``qinling_kubernetes_certificates`` variable in
@ -83,14 +94,9 @@ put the content in ``/etc/kolla/config/qinling/qinling-engine.conf``.
[kubernetes] [kubernetes]
kube_host = https://192.168.1.168:6443 kube_host = https://192.168.1.168:6443
use_api_certificate = True
ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt
cert_file = /etc/qinling/pki/kubernetes/qinling.crt cert_file = /etc/qinling/pki/kubernetes/qinling.crt
key_file = /etc/qinling/pki/kubernetes/qinling.key key_file = /etc/qinling/pki/kubernetes/qinling.key
trusted_cidrs = 192.168.1.0/24,10.0.0.53/32
``kube_host`` is the the Kubernetes cluster API address, ``https`` protocol ``kube_host`` is the the Kubernetes cluster API address, ``https`` protocol
have to be defined. has to be defined.
``trusted_cidrs`` is a list of CIDR trusted by the Kubernetes cluster defined
by a network policy under the ``qinling`` namespace.