summaryrefslogtreecommitdiffstats
path: root/inventory
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-08-24 12:58:51 -0400
committerGitHub <noreply@github.com>2016-08-24 12:58:51 -0400
commit1485080974da1001635b7e8e3c95ac34eeb59631 (patch)
treebf70dd93652163272316cdae34b50de2c53efc25 /inventory
parentfcaeaf0ebb4f858500717f5f85aa3e27218e3e0f (diff)
parent24ea576489b37ecc5ff5fecef3cd8445ff73a4d9 (diff)
downloadopenshift-1485080974da1001635b7e8e3c95ac34eeb59631.tar.gz
openshift-1485080974da1001635b7e8e3c95ac34eeb59631.tar.bz2
openshift-1485080974da1001635b7e8e3c95ac34eeb59631.tar.xz
openshift-1485080974da1001635b7e8e3c95ac34eeb59631.zip
Merge pull request #2100 from smunilla/BZ1337553
Add externalIPNetworkCIDRs to config
Diffstat (limited to 'inventory')
-rw-r--r--inventory/byo/hosts.origin.example10
-rw-r--r--inventory/byo/hosts.ose.example9
2 files changed, 19 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 8e7883f3b..8dedba9f8 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -343,6 +343,16 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#osm_cluster_network_cidr=10.1.0.0/16
#openshift_portal_net=172.30.0.0/16
+
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
+# service external IP field. If empty, no externalIP may be set. It
+# may contain a list of CIDRs which are checked for access. If a CIDR
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
+# will be applied first, then the IP checked against one of the
+# allowed CIDRs. You should ensure this range does not overlap with
+# your nodes, pods, or service CIDRs for security reasons.
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 0d358146c..7b6b5fcc5 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -339,6 +339,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_portal_net=172.30.0.0/16
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
+# service external IP field. If empty, no externalIP may be set. It
+# may contain a list of CIDRs which are checked for access. If a CIDR
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
+# will be applied first, then the IP checked against one of the
+# allowed CIDRs. You should ensure this range does not overlap with
+# your nodes, pods, or service CIDRs for security reasons.
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8