diff --git a/_topic_maps/_topic_map_ms.yml b/_topic_maps/_topic_map_ms.yml index cdd9246e62df..14450614d956 100644 --- a/_topic_maps/_topic_map_ms.yml +++ b/_topic_maps/_topic_map_ms.yml @@ -125,7 +125,7 @@ Topics: File: microshift-config-snippets - Name: Configuring IPv6 networking File: microshift-nw-ipv6-config -- Name: Using ingress control for a MicroShift cluster +- Name: Using ingress control for a MicroShift node File: microshift-ingress-controller - Name: Disabling LVMS CSI provider and CSI snapshot File: microshift-disable-lvms-csi-provider-csi-snapshot @@ -133,6 +133,8 @@ Topics: File: microshift-greenboot-checking-status - Name: Node access with kubeconfig files File: microshift-node-access-kubeconfig +- Name: About the Generic Device Plugin + File: microshift-gdp - Name: Configuring MicroShift authentication and security Dir: microshift_auth_security Topics: @@ -151,8 +153,6 @@ Topics: File: microshift-low-latency - Name: Workload partitioning File: microshift-workload-partitioning -- Name: About the Generic Device Plugin (GDP) - File: microshift-gdp --- Name: Networking Dir: microshift_networking diff --git a/microshift_cli_ref/microshift-cli-tools-introduction.adoc b/microshift_cli_ref/microshift-cli-tools-introduction.adoc index 294ec73d3e77..c433573938eb 100644 --- a/microshift_cli_ref/microshift-cli-tools-introduction.adoc +++ b/microshift_cli_ref/microshift-cli-tools-introduction.adoc @@ -23,5 +23,5 @@ Commands for multi-node deployments, projects, and developer tools are not suppo [role="_additional-resources"] == Additional resources -* xref:..//microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Getting started with the OpenShift CLI] +* xref:../microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Getting started with the OpenShift CLI] * link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html/cli_tools/openshift-cli-oc#cli-about-cli_cli-developer-commands[About the OpenShift CLI] ({OCP} documentation) diff --git a/microshift_cli_ref/microshift-cli-using-oc.adoc b/microshift_cli_ref/microshift-cli-using-oc.adoc index 2853ad7f7748..5fe554974638 100644 --- a/microshift_cli_ref/microshift-cli-using-oc.adoc +++ b/microshift_cli_ref/microshift-cli-using-oc.adoc @@ -59,8 +59,7 @@ $ oc logs cakephp-ex-1-deploy [id="listing-supported-apis_{context}"] === Listing supported API resources -Use the `oc api-resources` command to view the list of supported API resources -on the server. +Use the `oc api-resources` command to view the list of supported API resources on the server. [source,terminal] ---- diff --git a/microshift_configuring/microshift-config-snippets.adoc b/microshift_configuring/microshift-config-snippets.adoc index b2340f12d2c9..4bf0aa8b63ea 100644 --- a/microshift_configuring/microshift-config-snippets.adoc +++ b/microshift_configuring/microshift-config-snippets.adoc @@ -1,7 +1,7 @@ :_mod-docs-content-type: ASSEMBLY [id="microshift-config-snippets"] += Using configuration snippets include::_attributes/attributes-microshift.adoc[] -= Using {microshift-short} configuration snippets :context: microshift-config-snippets toc::[] diff --git a/microshift_configuring/microshift-default-config-yaml.adoc b/microshift_configuring/microshift-default-config-yaml.adoc index e7abaf6aca6f..2daa990567b3 100644 --- a/microshift_configuring/microshift-default-config-yaml.adoc +++ b/microshift_configuring/microshift-default-config-yaml.adoc @@ -15,9 +15,3 @@ include::snippets/microshift-greenboot-status-snip.adoc[leveloffset=+2] include::modules/microshift-config-yaml.adoc[leveloffset=+1] include::modules/microshift-default-settings.adoc[leveloffset=+2] - -[id="additional-resources_microshift-using-config-yaml_{context}"] -[role="_additional-resources"] -== Additional resources - -//* xref:../microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] diff --git a/microshift_configuring/microshift-gdp.adoc b/microshift_configuring/microshift-gdp.adoc index 4f0722647707..897d7e473e51 100644 --- a/microshift_configuring/microshift-gdp.adoc +++ b/microshift_configuring/microshift-gdp.adoc @@ -27,7 +27,6 @@ include::modules/microshift-ref-generic-device-plugin-troubleshooting.adoc[level [id="_additional-resources_microshift-gdp_{context}"] == Additional resources -//* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] * xref:../microshift_networking/microshift-networking-settings.adoc#microshift-understanding-networking-settings[Understanding networking settings] * xref:../microshift_networking/microshift_multiple_networks/microshift-cni-multus.adoc#microshift-cni-multus[About using multiple networks] * xref:../microshift_networking/microshift_network_policy/microshift-network-policy-index.adoc#microshift-network-policies[About network policies] diff --git a/microshift_configuring/microshift-greenboot-checking-status.adoc b/microshift_configuring/microshift-greenboot-checking-status.adoc index 18c13e9e6dae..3e1fe7c0aa0a 100644 --- a/microshift_configuring/microshift-greenboot-checking-status.adoc +++ b/microshift_configuring/microshift-greenboot-checking-status.adoc @@ -10,4 +10,4 @@ To deploy applications or make other changes through the {microshift-short} API The `greenboot-healthcheck` service runs one time and then exits. After greenboot has exited and the system is in a healthy state, you can proceed with configuration changes and deployments. -include::modules/microshift-greenboot-check-status.adoc[leveloffset=+1] \ No newline at end of file +include::modules/microshift-greenboot-check-status.adoc[leveloffset=+1] diff --git a/microshift_configuring/microshift-ingress-controller.adoc b/microshift_configuring/microshift-ingress-controller.adoc index 1e130c056941..01fd5ff2e1ee 100644 --- a/microshift_configuring/microshift-ingress-controller.adoc +++ b/microshift_configuring/microshift-ingress-controller.adoc @@ -1,12 +1,12 @@ :_mod-docs-content-type: ASSEMBLY [id="microshift-ingress-controller"] -= Using ingress control for a {microshift-short} cluster += Using ingress control for a {microshift-short} node include::_attributes/attributes-microshift.adoc[] :context: microshift-ingress-controller toc::[] -Use the ingress controller options in the {microshift-short} configuration file to make pods and services accessible outside the cluster. +Use the ingress controller options in the {microshift-short} configuration file to make pods and services accessible outside the node. include::modules/microshift-ingress-controller-conc.adoc[leveloffset=+1] diff --git a/microshift_configuring/microshift-using-config-yaml.adoc b/microshift_configuring/microshift-using-config-yaml.adoc index 37515e62e50e..6801ec1979ee 100644 --- a/microshift_configuring/microshift-using-config-yaml.adoc +++ b/microshift_configuring/microshift-using-config-yaml.adoc @@ -1,7 +1,7 @@ :_mod-docs-content-type: ASSEMBLY [id="microshift-using-config-yaml"] += Customizing MicroShift by using the configuration file include::_attributes/attributes-microshift.adoc[] -= Customizing {microshift-short} by using the configuration file :context: microshift-using-config-yaml toc::[] @@ -24,6 +24,6 @@ include::modules/microshift-config-nodeport-limits.adoc[leveloffset=+2] [role="_additional-resources"] == Additional resources -* xref:../../microshift-greenboot-checking-status.adoc#microshift-greenboot-checking-status[Checking Greenboot status] +* xref:../microshift_configuring/microshift-greenboot-checking-status.adoc#microshift-greenboot-checking-status[Checking greenboot status] -* xref:../microshift_configuring/microshift-ingress-controller.adoc#microshift-ingress-controller[Using ingress control for a {microshift-short} cluster] \ No newline at end of file +* xref:../microshift_configuring/microshift-ingress-controller.adoc#microshift-ingress-controller[Using ingress control for a {microshift-short} node] diff --git a/microshift_configuring/microshift_auth_security/microshift-tls-config.adoc b/microshift_configuring/microshift_auth_security/microshift-tls-config.adoc index c4bedf036a5d..2807653667b4 100644 --- a/microshift_configuring/microshift_auth_security/microshift-tls-config.adoc +++ b/microshift_configuring/microshift_auth_security/microshift-tls-config.adoc @@ -18,7 +18,7 @@ include::modules/microshift-tls-default-cipher-suites.adoc[leveloffset=+2] [role="_additional-resources"] == Additional resources -//* xref:../microshift-config-snippets.adoc#microshift-config-snippets[Using configuration snippets] +* xref:../../microshift_configuring/microshift-config-snippets.adoc#microshift-config-snippets[Using configuration snippets] * xref:../../microshift_running_apps/microshift-authentication.adoc#authentication-microshift[Pod security authentication and authorization with SCC] * xref:../../microshift_configuring/microshift-node-access-kubeconfig#microshift-node-access-kubeconfig[Cluster access with kubeconfig] * xref:../microshift_auth_security/microshift-custom-ca.adoc#microshift-custom-ca[Configuring custom certificate authorities] diff --git a/microshift_configuring/microshift_low_latency/microshift-low-latency.adoc b/microshift_configuring/microshift_low_latency/microshift-low-latency.adoc index 2aea73e98fea..158841c5cfb9 100644 --- a/microshift_configuring/microshift_low_latency/microshift-low-latency.adoc +++ b/microshift_configuring/microshift_low_latency/microshift-low-latency.adoc @@ -22,8 +22,7 @@ include::modules/microshift-low-latency-config-yaml.adoc[leveloffset=+1] //additional resources for the config.yaml [role="_additional-resources"] .Additional resources -//TODO * workload partitioning crossref here -//* xref:../../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] +* xref:../../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] * link:https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration[KubeletConfiguration reference] (Kubernetes upstream documentation) //RHEL TuneD @@ -92,4 +91,4 @@ include::modules/microshift-low-latency-rhel-edge-blueprint-rtk.adoc[leveloffset [role="_additional-resources"] [id="additional-resources-wp_{context}"] .Additional resources -* xref:../microshift_low_latency/microshift-workload-partitioning.adoc#microshift-workload-partitioning[Workload partitioning] \ No newline at end of file +* xref:../microshift_low_latency/microshift-workload-partitioning.adoc#microshift-workload-partitioning[Workload partitioning] diff --git a/microshift_install_get_ready/microshift-install-get-ready.adoc b/microshift_install_get_ready/microshift-install-get-ready.adoc index 9dc67d573c2b..3b9a4a4e9aa0 100644 --- a/microshift_install_get_ready/microshift-install-get-ready.adoc +++ b/microshift_install_get_ready/microshift-install-get-ready.adoc @@ -21,10 +21,6 @@ include::modules/microshift-install-rhel-tools-concepts.adoc[leveloffset=+1] include::modules/microshift-install-rhde-steps.adoc[leveloffset=+1] include::modules/microshift-encrypt-etcd-data.adoc[leveloffset=+1] -[role="_additional-resources"] -.Additional resources - -* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_storage_devices/encrypting-block-devices-using-luks_managing-storage-devices#luks-disk-encryption_encrypting-block-devices-using-luks[LUKS disk encryption] [id="additional-resources_microshift-install-get-ready_{context}"] [role="_additional-resources"] @@ -33,3 +29,4 @@ include::modules/microshift-encrypt-etcd-data.adoc[leveloffset=+1] * xref:../microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Getting started with the OpenShift CLI] * link:https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/latest/html/installing_with_an_rpm_package/index[Installing from an RPM package] * xref:../microshift_networking/microshift-networking-settings.adoc#microshift-networking[Understanding networking settings] +* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_storage_devices/encrypting-block-devices-using-luks_managing-storage-devices#luks-disk-encryption_encrypting-block-devices-using-luks[LUKS disk encryption] diff --git a/microshift_install_rpm/microshift-install-rpm.adoc b/microshift_install_rpm/microshift-install-rpm.adoc index 5654c0035a51..f6d53204bbda 100644 --- a/microshift_install_rpm/microshift-install-rpm.adoc +++ b/microshift_install_rpm/microshift-install-rpm.adoc @@ -19,7 +19,7 @@ include::modules/microshift-install-rpms.adoc[leveloffset=+1] == Additional resources * xref:../microshift_install_get_ready/microshift-fips.adoc#microshift-fips[Using FIPS mode with {microshift-short}] * Download the link:https://console.redhat.com/openshift/install/pull-secret[pull secret] from the Red Hat Hybrid Cloud Console -//* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] +* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] * link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/interactively_installing_rhel_over_the_network/customizing-the-system-in-the-installer_rhel-installer#manual-partitioning_customizing-the-system-in-the-installer[Configuring manual partitioning] * link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_and_managing_logical_volumes/overview-of-logical-volume-management_configuring-and-managing-logical-volumes[Overview of logical volume management] * link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/configuring_and_managing_logical_volumes/index#managing-lvm-volume-groups_configuring-and-managing-logical-volumes[Managing LVM Volume Groups] diff --git a/microshift_networking/microshift-cni.adoc b/microshift_networking/microshift-cni.adoc index 2edb7d67400f..84201632433c 100644 --- a/microshift_networking/microshift-cni.adoc +++ b/microshift_networking/microshift-cni.adoc @@ -6,10 +6,10 @@ include::_attributes/attributes-microshift.adoc[] toc::[] -The OVN-Kubernetes Container Network Interface (CNI) plugin is the default networking solution for {microshift-short} clusters. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN). +The OVN-Kubernetes Container Network Interface (CNI) plugin is the default networking solution for the {microshift-short} node. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN). * Default network configuration and connections are applied automatically in {microshift-short} with the `microshift-networking` RPM during installation. -* A cluster that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node. +* A node that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node. * OVN-K configures OVS on the node to implement the declared network configuration. * Host physical interfaces are not bound by default to the OVN-K gateway bridge, `br-ex`. You can use standard tools on the host for managing the default gateway, such as the Network Manager CLI (`nmcli`). * Changing the CNI is not supported on {microshift-short}. @@ -19,8 +19,8 @@ Using configuration files or custom scripts, you can configure the following net * You can use subnet CIDR ranges to allocate IP addresses to pods. * You can change the maximum transmission unit (MTU) value. * You can configure firewall ingress and egress. -* You can define network policies in the {microshift-short} cluster, including ingress and egress rules. -* You can use the {microshift-short} Multus plug-in to chain other CNI plugins. +* You can define network policies in the {microshift-short}, including ingress and egress rules. +* You can use the {microshift-short} Multus plugin to chain other CNI plugins. * You can configure or remove the ingress router. include::modules/microshift-cni-customization-matrix.adoc[leveloffset=+1] @@ -35,7 +35,7 @@ Networking features available with {microshift-short} {product-version} include: * Dynamic node IP * Custom gateway interface * Second gateway interface -* Cluster network on specified host interface +* Node network on specified host interface * Blocking external access to NodePort service on specific host interfaces Networking features not available with {microshift-short} {product-version}: @@ -47,7 +47,7 @@ Networking features not available with {microshift-short} {product-version}: [id="microshift-ip-forward_{context}"] == IP forward -The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a cluster fails if `ip_forward` is disabled. +The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a node fails if `ip_forward` is disabled. [id="microshift-network-performance_{context}"] == Network performance optimizations @@ -69,7 +69,7 @@ include::modules/microshift-nw-topology.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -//* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] +* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file] * xref:../microshift_networking/microshift-networking-settings.adoc#microshift-understanding-networking-settings[Understanding networking settings] * xref:../microshift_networking/microshift_multiple_networks/microshift-cni-multus.adoc#microshift-cni-multus[About using multiple networks] -* xref:../microshift_networking/microshift_network_policy/microshift-network-policy-index.adoc#microshift-network-policies[About network policies] \ No newline at end of file +* xref:../microshift_networking/microshift_network_policy/microshift-network-policy-index.adoc#microshift-network-policies[About network policies] diff --git a/microshift_networking/microshift-nw-router.adoc b/microshift_networking/microshift-nw-router.adoc index b9bfbca955e3..d35d3ab72c06 100644 --- a/microshift_networking/microshift-nw-router.adoc +++ b/microshift_networking/microshift-nw-router.adoc @@ -21,11 +21,10 @@ include::modules/microshift-nw-router-config-ports.adoc[leveloffset=+2] include::modules/microshift-nw-router-config-ip-address.adoc[leveloffset=+2] -[role="_additional-resources"] [id="additional-resources_microshift-understanding-and-configuring-router_{context}"] +[role="_additional-resources"] == Additional resources * xref:../microshift_configuring/microshift-default-config-yaml.adoc#microshift-default-config-yaml[About the default {microshift-short} configuration file] - * xref:../microshift_networking/microshift_network_policy/microshift-network-policy-index.adoc#microshift-network-policies[About network policies] -include::modules/microshift-nw-config-route-admission.adoc[leveloffset=+1] \ No newline at end of file +include::modules/microshift-nw-config-route-admission.adoc[leveloffset=+1] diff --git a/microshift_support/microshift-remote-cluster-monitoring.adoc b/microshift_support/microshift-remote-cluster-monitoring.adoc index 2910a324144f..7a7d83a860da 100644 --- a/microshift_support/microshift-remote-cluster-monitoring.adoc +++ b/microshift_support/microshift-remote-cluster-monitoring.adoc @@ -14,7 +14,7 @@ include::modules/microshift-info-collected-telemetry.adoc[leveloffset=+1] include::modules/microshift-opt-out-telemetry.adoc[leveloffset=+1] -//[id="additional-resources_microshift-remote-cluster-monitoring_{context}"] -//== Additional resources +[id="additional-resources_microshift-remote-cluster-monitoring_{context}"] +== Additional resources -//* xref:../microshift_configuring/microshift-config-snippets.adoc#microshift-config-snippets[Using configuration snippets]. \ No newline at end of file +* xref:../microshift_configuring/microshift-config-snippets.adoc#microshift-config-snippets[Using configuration snippets] \ No newline at end of file diff --git a/modules/microshift-ingress-controller-conc.adoc b/modules/microshift-ingress-controller-conc.adoc index 460f396fef80..9a6efef3089f 100644 --- a/modules/microshift-ingress-controller-conc.adoc +++ b/modules/microshift-ingress-controller-conc.adoc @@ -6,7 +6,7 @@ [id="microshift-ingress-control-concept_{context}"] = Using ingress control in {microshift-short} -When you create your {microshift-short} cluster, each pod and service running on the cluster is allocated an IP address. These IP addresses are accessible to other pods and services running nearby by default, but are not accessible to external clients. {microshift-short} uses a minimal implementation of the {OCP} `IngressController` API to enable external access to cluster services. +When you create your {microshift-short} node, each pod and service running on the node is allocated an IP address. These IP addresses are accessible to other pods and services running nearby by default, but are not accessible to external clients. {microshift-short} uses a minimal implementation of the {OCP} `IngressController` API to enable external access to node services. With more configuration options, you can fine-tune ingress to meet your specific needs. To use enhanced ingress control, update the parameters in the {microshift-short} configuration file and restart the service. @@ -16,7 +16,7 @@ Accommodate server response speed:: * If your application starts processing requests from clients but the connection closes before it can respond, you can set the `ingress.tuningOptions.serverTimeout` parameter in the configuration file to a higher value to accommodate the speed of the response from the server. Closing router connections:: -* If the router has many connections open because an application running on the cluster does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner. +* If the router has many connections open because an application running on the node does not close connections properly, you can set the `ingress.tuningOptions.serverTimeout` and `spec.tuningOptions.serverFinTimeout` parameters to a lower value, forcing those connections to close sooner. Verify client certificates:: * If you need to configure the ingress controller to verify client certificates, you can use the `ingress.clientTLS` parameter to set a clientCA value, which is a reference to a config map. The config map contains the PEM-encoded CA certificate bundle that is used to verify a client's certificate. Optionally, you can also configure a list of certificate subject filters. @@ -32,4 +32,4 @@ Customize error pages:: * If you want more than the default error pages, which are usually empty and only return the HTTP status code, configure custom error pages. Capture HTTP headers or cookies:: -* If you want to include the capture of HTTP headers or cookies, configure them in the access logging. \ No newline at end of file +* If you want to include the capture of HTTP headers or cookies, configure them in the access logging. diff --git a/modules/microshift-ingress-controller-config.adoc b/modules/microshift-ingress-controller-config.adoc index b59d46fe651a..7ecefd7dc08f 100644 --- a/modules/microshift-ingress-controller-config.adoc +++ b/modules/microshift-ingress-controller-config.adoc @@ -18,8 +18,8 @@ You can use detailed ingress control settings by updating the {microshift-short} .Prerequisites * You installed the {oc-first}. -* You have root access to the cluster. -* Your cluster uses the OVN-Kubernetes Container Network Interface (CNI) plugin. +* You have root access to the node. +* Your node uses the OVN-Kubernetes Container Network Interface (CNI) plugin. .Procedure @@ -215,12 +215,12 @@ log message. The ingress controller might impose a separate bound on the total l |`certificateSecret` |A reference to a `kubernetes.io/tls` type of secret that contains the default certificate that the {microshift-short} ingress controller serves. When routes do not specify their own certificate, the `certificateSecret` parameter is used. All secrets used must contain `tls.key` key file contents and `tls.crt` certificate file contents. -* When the `certificateSecret` parameter is not set, a wildcard certificate is automatically generated and used. The wildcard certificate is valid for the ingress controller default `domain` and its `subdomains`. The generated certificate authority (CA) is automatically integrated with the truststore of the cluster. +* When the `certificateSecret` parameter is not set, a wildcard certificate is automatically generated and used. The wildcard certificate is valid for the ingress controller default `domain` and its `subdomains`. The generated certificate authority (CA) is automatically integrated with the truststore of the node. * In-use generated and user-specified certificates are automatically integrated with the {microshift-short} built-in OAuth server. |`clientTLS` -|Authenticates client access to the cluster and services. As a result, mutual TLS authentication is enabled. If this parameter is not set, then client TLS is not enabled. You must set the `spec.clientTLS.clientCertificatePolicy` and `spec.clientTLS.clientCA` parameters to use client TLS. +|Authenticates client access to the node and services. As a result, mutual TLS authentication is enabled. If this parameter is not set, then client TLS is not enabled. You must set the `spec.clientTLS.clientCertificatePolicy` and `spec.clientTLS.clientCA` parameters to use client TLS. |`clientTLS.AllowedSubjectPatterns` |Optional subfield that specifies a list of regular expressions that are matched against the distinguished name on a valid client certificate to filter requests. This parameter is useful when you have client authentication. Use this parameter to cause the ingress controller to reject certificates based on the distinguished name. The Perl Compatible Regular Expressions (PCRE) syntax is required. You must set the `spec.clientTLS.clientCertificatePolicy` and `spec.clientTLS.clientCA` parameters to use `clientTLS.AllowedSubjectPatterns`. @@ -378,8 +378,6 @@ Setting this field is not recommended because `headerBufferMaxRewriteBytes` valu * If you choose a discrete value and the router pod is migrated to a new node, it is possible that the new node does not have an identical `ulimit` configured. In such cases, the pod fails to start. -* If you have nodes with different `ulimits` configured, and you choose a discrete value, you can use the value of `-1` for this field so that the maximum number of connections is calculated at runtime. - * You can monitor memory usage for router containers with the `container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}` metric. * You can monitor memory usage of individual `HAProxy` processes in router containers with the `container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}` metric. diff --git a/modules/microshift-ingress-controller-create-cert-secret.adoc b/modules/microshift-ingress-controller-create-cert-secret.adoc index c3c7aa4a0fc4..91f86252ba6b 100644 --- a/modules/microshift-ingress-controller-create-cert-secret.adoc +++ b/modules/microshift-ingress-controller-create-cert-secret.adoc @@ -37,7 +37,7 @@ $ oc create secret tls <1> + [IMPORTANT] ==== -The certificate must include the `subjectAltName` extension showing `*.apps..`. +The certificate must include the `subjectAltName` extension showing `*.apps..`. ==== . Update the `certificateSecret` parameter value in the {microshift-short} configuration YAML with the newly created secret. diff --git a/modules/microshift-ingress-controller-tls-config.adoc b/modules/microshift-ingress-controller-tls-config.adoc index 9bc00bfc5495..45e2d80e6bbf 100644 --- a/modules/microshift-ingress-controller-tls-config.adoc +++ b/modules/microshift-ingress-controller-tls-config.adoc @@ -10,7 +10,7 @@ You can configure the TLS security profile for the ingress controller to use by .Prerequisites -* You have root access to the {microshift-short} cluster. +* You have root access to the {microshift-short} node. .Procedure