summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_logging')
-rw-r--r--roles/openshift_logging/README.md1
-rw-r--r--roles/openshift_logging/defaults/main.yml1
-rw-r--r--roles/openshift_logging/tasks/generate_routes.yaml1
-rw-r--r--roles/openshift_logging/tasks/update_master_config.yaml2
-rw-r--r--roles/openshift_logging/tasks/upgrade_logging.yaml2
-rw-r--r--roles/openshift_logging/templates/curator.j22
-rw-r--r--roles/openshift_logging/templates/route_reencrypt.j23
-rw-r--r--roles/openshift_logging/templates/secret.j24
8 files changed, 12 insertions, 4 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index c90a5bf20..14b80304d 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -46,6 +46,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified.
- `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1.
- `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
+- `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect.
- `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'.
- `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'.
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 9b3c17da1..5440a3647 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -26,6 +26,7 @@ openshift_logging_kibana_proxy_debug: false
openshift_logging_kibana_proxy_cpu_limit: null
openshift_logging_kibana_proxy_memory_limit: null
openshift_logging_kibana_replica_count: 1
+openshift_logging_kibana_edge_term_policy: Redirect
#The absolute path on the control node to the cert file to use
#for the public facing kibana certs
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 3c462378b..7af17a708 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -26,6 +26,7 @@
tls_cert: "{{kibana_cert | default('') | b64decode}}"
tls_ca_cert: "{{kibana_ca | b64decode}}"
tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+ edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
labels:
component: support
logging-infra: support
diff --git a/roles/openshift_logging/tasks/update_master_config.yaml b/roles/openshift_logging/tasks/update_master_config.yaml
index af303c47c..cef835668 100644
--- a/roles/openshift_logging/tasks/update_master_config.yaml
+++ b/roles/openshift_logging/tasks/update_master_config.yaml
@@ -5,3 +5,5 @@
yaml_key: assetConfig.loggingPublicURL
yaml_value: "https://{{ openshift_logging_kibana_hostname }}"
notify: restart master
+ tags:
+ - update_master_config
diff --git a/roles/openshift_logging/tasks/upgrade_logging.yaml b/roles/openshift_logging/tasks/upgrade_logging.yaml
index 83867d361..30fdbd2af 100644
--- a/roles/openshift_logging/tasks/upgrade_logging.yaml
+++ b/roles/openshift_logging/tasks/upgrade_logging.yaml
@@ -33,7 +33,7 @@
selector: "component=es"
namespace: "{{openshift_logging_namespace}}"
register: running_pod
- until: running_pod.results.results[0]['items'] | selectattr('status.phase', 'equalto', 'Running') | map(attribute='metadata.name') | list | length != 0
+ until: running_pod.results.results[0]['items'] | selectattr('status.phase', 'match', '^Running$') | map(attribute='metadata.name') | list | length != 0
retries: 30
delay: 10
diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2
index 55f4976ec..a0fefd882 100644
--- a/roles/openshift_logging/templates/curator.j2
+++ b/roles/openshift_logging/templates/curator.j2
@@ -87,7 +87,7 @@ spec:
mountPath: /etc/curator/keys
readOnly: true
- name: config
- mountPath: /usr/curator/settings
+ mountPath: /etc/curator/settings
readOnly: true
- name: elasticsearch-storage
mountPath: /elasticsearch/persistent
diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2
index 341ffdd84..cf8a9e65f 100644
--- a/roles/openshift_logging/templates/route_reencrypt.j2
+++ b/roles/openshift_logging/templates/route_reencrypt.j2
@@ -28,6 +28,9 @@ spec:
{{ line }}
{% endfor %}
termination: reencrypt
+{% if edge_term_policy is defined and edge_term_policy | length > 0 %}
+ insecureEdgeTerminationPolicy: {{ edge_term_policy }}
+{% endif %}
to:
kind: Service
name: {{ service_name }}
diff --git a/roles/openshift_logging/templates/secret.j2 b/roles/openshift_logging/templates/secret.j2
index d73bae9c4..eba4197da 100644
--- a/roles/openshift_logging/templates/secret.j2
+++ b/roles/openshift_logging/templates/secret.j2
@@ -1,9 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
- name: {{secret_name}}
+ name: "{{secret_name}}"
type: Opaque
data:
{% for s in secrets %}
- {{s.key}}: {{s.value | b64encode}}
+ "{{s.key}}" : "{{s.value | b64encode}}"
{% endfor %}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-08 22:44:10 +0000