From 557193a7ecab63f194af7907a3fe5005e0167b85 Mon Sep 17 00:00:00 2001 From: Gaetan Trellu Date: Tue, 4 Jun 2019 22:42:29 -0400 Subject: [PATCH] Improve Qinling documentation - Remove trusted_cidrs that has just been removed from Qinling code. - Remove use_api_certificate because it's true by default - Improve list syntax - Add etcd section Change-Id: I0426a9d61fbeaa23a1affbc7e981a78283e88263 --- .../reference/compute/qinling-guide.rst | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/doc/source/reference/compute/qinling-guide.rst b/doc/source/reference/compute/qinling-guide.rst index 4aaa32e2bd..68839ff5d1 100644 --- a/doc/source/reference/compute/qinling-guide.rst +++ b/doc/source/reference/compute/qinling-guide.rst @@ -22,6 +22,17 @@ Apply custom policies to Qinling API Custom policies could be apply by creating ``policy.json`` file under ``/etc/kolla/config/qinling`` directory. +Enable etcd role +~~~~~~~~~~~~~~~~ + +Qinling requires etcd for function mapping and concurrency. The etcd role +should be enabled to configure the etcd address and port within `qinling.conf`. + +Look for ``enable_etcd: "no"`` and change it in ``/etc/kolla/globals.yml``: + +.. code-block:: yaml + + enable_etcd: "yes" Connect to an existing Kubernetes cluster ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -48,18 +59,18 @@ created with Magnum. Four files should have been generated: - - ``ca.pem`` - - ``cert.pem`` - - ``key.pem`` - - ``config`` +* ``ca.pem`` +* ``cert.pem`` +* ``key.pem`` +* ``config`` Only ``ca.pem``, ``cert.pem`` and ``key.pem`` will be used, these files have to be stored in ``/etc/kolla/config/qinling/qinling-engine`` directory under these file name: - - ``ca.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt`` - - ``cert.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.crt`` - - ``key.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.key`` +* ``ca.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt`` +* ``cert.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.crt`` +* ``key.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.key`` Declare ``qinling_kubernetes_certificates`` variable in @@ -83,14 +94,9 @@ put the content in ``/etc/kolla/config/qinling/qinling-engine.conf``. [kubernetes] kube_host = https://192.168.1.168:6443 - use_api_certificate = True ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt cert_file = /etc/qinling/pki/kubernetes/qinling.crt key_file = /etc/qinling/pki/kubernetes/qinling.key - trusted_cidrs = 192.168.1.0/24,10.0.0.53/32 ``kube_host`` is the the Kubernetes cluster API address, ``https`` protocol -have to be defined. - -``trusted_cidrs`` is a list of CIDR trusted by the Kubernetes cluster defined -by a network policy under the ``qinling`` namespace. +has to be defined.