26c108b174
Openshift-ansible already sets the right firewall rules on the provisioned nodes, there is no need to set up (some of) the rules by ourselves. Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift roles so that the operator can still set additional rules if desired. Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
29 lines
1.0 KiB
YAML
29 lines
1.0 KiB
YAML
###############################################################################
|
|
# Role: OpenShiftInfra #
|
|
###############################################################################
|
|
- name: OpenShiftInfra
|
|
description: |
|
|
OpenShiftInfra role, a specialized worker that only runs infra pods.
|
|
CountDefault: 1
|
|
RoleParametersDefault:
|
|
OpenShiftNodeGroupName: 'node-config-infra'
|
|
tags:
|
|
- openshift
|
|
networks:
|
|
- InternalApi
|
|
- Storage
|
|
- StorageMgmt
|
|
- Tenant
|
|
# For systems with both IPv4 and IPv6, you may specify a gateway network for
|
|
# each, such as ['ControlPlane', 'External']
|
|
default_route_networks: ['ControlPlane']
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Docker
|
|
- OS::TripleO::Services::OpenShift::GlusterFS
|
|
- OS::TripleO::Services::OpenShift::Infra
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::TripleoFirewall
|