From a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Tue, 2 May 2017 08:51:51 -0600 Subject: add ability to expose Elasticsearch as an external route This adds the ability to expose Elastisearch as a route outside of the cluster. - `openshift_logging_es_allow_external`: True (default is False) - if this is True, Elasticsearch will be exposed as a Route - `openshift_logging_es_ops_hostname`: The external facing hostname to use for the route and the TLS server certificate (default is "es." + `openshift_master_default_subdomain`) There are other similar parameters for the TLS server cert, key, and CA cert. There are other similar parameters for when the OPS cluster is deployed e.g. `openshift_logging_es_ops_allow_external`, etc. --- roles/openshift_logging/README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'roles/openshift_logging/README.md') diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index cba0f2de8..3c410eff2 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -97,3 +97,30 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_kibana_ops_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_replica_count`: The number of replicas Kibana ops should be scaled up to. Defaults to 1. + +Elasticsearch can be exposed for external clients outside of the cluster. +- `openshift_logging_es_allow_external`: True (default is False) - if this is + True, Elasticsearch will be exposed as a Route +- `openshift_logging_es_hostname`: The external facing hostname to use for + the route and the TLS server certificate (default is "es." + + `openshift_master_default_subdomain`) +- `openshift_logging_es_cert`: The location of the certificate Elasticsearch + uses for the external TLS server cert (default is a generated cert) +- `openshift_logging_es_key`: The location of the key Elasticsearch + uses for the external TLS server cert (default is a generated key) +- `openshift_logging_es_ca_ext`: The location of the CA cert for the cert + Elasticsearch uses for the external TLS server cert (default is the internal + CA) +Elasticsearch OPS too, if using an OPS cluster: +- `openshift_logging_es_ops_allow_external`: True (default is False) - if this is + True, Elasticsearch will be exposed as a Route +- `openshift_logging_es_ops_hostname`: The external facing hostname to use for + the route and the TLS server certificate (default is "es-ops." + + `openshift_master_default_subdomain`) +- `openshift_logging_es_ops_cert`: The location of the certificate Elasticsearch + uses for the external TLS server cert (default is a generated cert) +- `openshift_logging_es_ops_key`: The location of the key Elasticsearch + uses for the external TLS server cert (default is a generated key) +- `openshift_logging_es_ops_ca_ext`: The location of the CA cert for the cert + Elasticsearch uses for the external TLS server cert (default is the internal + CA) -- cgit v1.2.1