Follow up to PR 5360 #5705
Follow up to PR 5360 #5705
Conversation
|
@e-minguez Can you take a look to make sure I haven't changed the meaning of anything? Also, should the |
install_config/configuring_sdn.adoc
Outdated
| be disabled on the ports that carry flannel traffic. | ||
| different from that on the port itself. Flannel creates virtual MACs and IP | ||
| addresses and must send and receive packets on the port, so port security must | ||
| be disabled on the ports that carry Flannel traffic. |
install_config/configuring_sdn.adoc
Outdated
|
|
||
| + | ||
| When creating the {product-title} instances, disable both port security and security | ||
| groups in the ports where the container network flannel interface will be: |
There was a problem hiding this comment.
In the flannel docs, they use flannel with lower case f except at the beginning of sentences where they use Flannel. I tried to match that.
install_config/configuring_sdn.adoc
Outdated
| the time of writing this paper. | ||
| [NOTE] | ||
| ==== | ||
| Custom networking CIDR for pods and services will be supported in a future release. |
There was a problem hiding this comment.
Custom networking CIDR for pods and services using flannel will be supported in a future release.
install_config/configuring_sdn.adoc
Outdated
| ==== | ||
| The `iptables-save` command saves all the current _in memory_ iptables rules. | ||
| However, because Docker, Kubernetes and {product-title} create a high number of iptables rules | ||
| (services, etc.) not designed to be persisted, saving these rules can result in a large |
There was a problem hiding this comment.
I'd say in a "bad" file instead large, because the problem is if you persist the k8s services, docker, etc. rules, you will be screwed 🗡
|
@mburke5678 I've added a few comments, otherwise LGTM |
|
@e-minguez should the Flannel iptables rules section be in the To enable flannel procedure above it? Is that a required process to enable flannel, it seems that it should be in the steps. |
|
Yes, it is required, but it should be performed after the OCP installation, so it is ok to be moved into the enable flannel procedure as a subsection or something similar. |
install_config/configuring_sdn.adoc
Outdated
| When creating the OpenStack instances, disable both port-security and security | ||
| groups in the ports where the container network Flannel interface will be: | ||
|
|
||
| . When creating the {product-title} instances, disable both port security and security |
There was a problem hiding this comment.
Should this be changed? Our product title is not OpenStack?
There was a problem hiding this comment.
Maybe:
"When creating the {product-title} instances in OpenStack,..."
|
@e-minguez If the user needs to configure the Ansible playbook before installing OpenShift, we should probably add these steps to the Prerequisites or Host Preparation files before the install? https://docs.openshift.com/container-platform/3.6/install_config/install/host_preparation.html Please let me know what you think so that we can close this PR! |
|
Currently, the "openshift_use_flannel" ansible variable documentation has a link to the Flannel section on the SDN chapter[1] which I think it is enough. |
|
Beautiful. Without further objection, I will merge! |
|
No rev history needed. |
|
@mburke5678 - 4 commits here which should have been squashed into one. Also, this didn't get picked into the right branches once merged into master or the labels applied. Finally, the original dev PR needs to get the to_followup label removed. |
|
I am reverting this as this is causing issues when doing a weekly release due to the issues mentioned in the previous comment from me. @mburke5678 will do a follow up to fix these issues. |
See #5360