summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/tasks
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-01-07 23:10:17 -0800
committerGitHub <noreply@github.com>2018-01-07 23:10:17 -0800
commit01e57abee227d3d12bdd4d65cd2b7ad510ed1f22 (patch)
tree06fa65620101d8bbf4f8b2b058576501a1930c52 /roles/os_firewall/tasks
parent16b18bcd2353b99d753a7cb076a1a7bb014e66ff (diff)
parenta6860728cf634fdcba82db9dd5b2a2d82e93eaca (diff)
downloadopenshift-01e57abee227d3d12bdd4d65cd2b7ad510ed1f22.tar.gz
openshift-01e57abee227d3d12bdd4d65cd2b7ad510ed1f22.tar.bz2
openshift-01e57abee227d3d12bdd4d65cd2b7ad510ed1f22.tar.xz
openshift-01e57abee227d3d12bdd4d65cd2b7ad510ed1f22.zip
Merge pull request #6507 from nbartos/continer
Automatic merge from submit-queue. Contiv multi-master and other fixes Contiv's etcd was not being deployed correctly when using more than one master. To make it easier to manage, it has been moved into a k8s container. The api proxy was hardcoded to an old version (1.1.1), and in some environments would run into a docker error. This has been moved into a k8s container for easier management. The firewall was too permissive on several ports. Many were open to the world when they should have only been accessible inside the cluster. Many of the contiv role variables were not prefixed with 'contiv', which may end up clobbering variables from another role. Now all the contiv specific role variables start with 'contiv_'. The api proxy's default self-signed certificate was bundled with the role. This means someone with read-only MITM access and this key could decrypt traffic. Granted a user defined certificate from a trusted CA should be used in a production environment, it is still better to generate one in each environment when one is not provided.
Diffstat (limited to 'roles/os_firewall/tasks')
0 files changed, 0 insertions, 0 deletions