OSDOCS-14402:YAML parameter additions #92896
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@tedaveryredhat: This pull request references OSDOCS-14402 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
do-not-merge/work-in-progress
|
🤖 Thu May 22 15:37:22 - Prow CI generated the docs preview: https://92896--ocpdocs-pr.netlify.app/microshift/latest/microshift_configuring/microshift-using-config-yaml.html |
| |`spec.clientTLS.clientCertificatePolicy`, `spec.clientTLS.ClientCA`, `AllowedSubjectPatterns` | ||
| |`clientTLS` authenticates client access to the cluster and services; as a result, mutual TLS authentication is enabled. If not set, then client TLS is not enabled. `clientTLS` has the required subfields, `spec.clientTLS.clientCertificatePolicy` and `spec.clientTLS.ClientCA`. | ||
|
|
||
| The `ClientCertificatePolicy` subfield accepts one of the two values: `Required` or `Optional`. Note that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes. The `ClientCA` subfield specifies a config map that is in the openshift-ingress namespace. The config map should contain a CA certificate bundle. A config map is required for this field. |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'plain text' rather than 'cleartext'. For more information, see RedHat.TermsErrors.
|
/retest |
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
39febb0 to
a16e6e6
Compare
| |`Strict` or `InterNamespaceAllowed` | ||
| |Describes how hostname claims across namespaces are handled. By default, allows routes to claim different paths of the same hostname across namespaces. Specifying `Strict` prevents routes in different namespaces from claiming the same hostname. If the value is deleted in a customized {microshift-short} `config.yaml`, the `InterNamespaceAllowed` value is automatically set. | ||
| |Defines a policy for handling new route claims, such as allowing or denying claims across namespaces.Describes how hostname claims across namespaces are handled. By default, allows routes to claim different paths of the same hostname across namespaces. Specifying `Strict` prevents routes in different namespaces from claiming the same hostname. If the value is deleted in a customized {microshift-short} `config.yaml`, the `InterNamespaceAllowed` value is automatically set. |
There was a problem hiding this comment.
🤖 [error] RedHat.Spacing: Keep one space between words in 'namespaces.Describes'. For more information, see RedHat.Spacing.
|
@tedaveryredhat: This pull request references OSDOCS-14402 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
a16e6e6 to
b21efb7
Compare
| @@ -139,14 +161,50 @@ Not all MIME types benefit from compression, but `HAProxy` uses resources to try | |||
| |`443` | |||
| |Default port shown. Configurable. Valid value is a single, unique port in the `1-65535` range. The values of the `ports.http` and `ports.https` fields cannot be the same. | |||
|
|
|||
| |`ingress.routeAdmissionPolicy.namespaceOwnership` | |||
| //Has this parameter been renamed to 'ingress.routeAdmission'? | |||
There was a problem hiding this comment.
No, see https://github.com/openshift/microshift/blob/main/packaging/microshift/config.yaml#L170; this parameter is still present and should not be deleted unless there is an engineering PR inflight that changes it.
There was a problem hiding this comment.
ingress.routeAdmissionPolicy.namespaceOwnership shouldnt be touched, it was introduced earlier, we only expanding ingress.routeAdmissionPolicy with wildcardPolicy.
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| The Ingress Operator converts the TLS `1.0` of an `Old` or `Custom` profile to `1.1`. |
There was a problem hiding this comment.
We do not use the entire Operator in MicroShift, so do not refer to it here--that will confuse our users that know OCP. I would stick with "Ingress Controller."
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
2 times, most recently
from
14f850c to
1189cae
Compare
| |`Old`, `Intermediate`, `Modern`, 'Custom' | ||
| |Specifies the profile type for the TLS Security. | ||
|
|
||
| When using the `Old`, `Intermediate`, and `Modern` profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the `Intermediate` profile deployed on release `X.Y.Z`, an upgrade to release `X.Y.Z+1` may cause a new profile configuration to be applied to the Ingress Controller, resulting in a rollout. |
There was a problem hiding this comment.
Intermediate is the current default (when nothing is provided), i think we should make this more clear.
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
1189cae to
89e8e73
Compare
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
4 times, most recently
from
f7fb28c to
28cbc1c
Compare
openshift-ci
bot
added
size/L
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
28cbc1c to
c4c7de3
Compare
openshift-ci
bot
added
size/M
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
c4c7de3 to
324e7f1
Compare
openshift-ci
bot
added
size/L
| @@ -29,3 +29,7 @@ include::modules/microshift-config-nodeport-limits.adoc[leveloffset=+2] | |||
| == Additional resources | |||
|
|
|||
| * xref:../../microshift-greenboot-checking-status.adoc#microshift-greenboot-checking-status[Checking Greenboot status] | |||
|
|
|||
| * xref:../../microshift-ingress-controller-conc.adoc#microshift-ingress-control-concept_{context}[Using ingress control in {microshift-short}] | |||
There was a problem hiding this comment.
| * xref:../../microshift-ingress-controller-conc.adoc#microshift-ingress-control-concept_{context}[Using ingress control in {microshift-short}] | |
| * xref:../microshift-ingress-controller.adoc#microshift-ingress-controller-concept_microshift-ingress-controller[Using ingress control in {microshift-short}] |
try this if you want to reference the concept module; you need assembly.adoc#moduleID_assemblyID[title]
and this xref is one level deep (../) because the ingress assembly is in the same directory as the config assembly (you count the levels from where you start, which is where the xref is, does that make sense?)
|
|
||
| * xref:../../microshift-ingress-controller-conc.adoc#microshift-ingress-control-concept_{context}[Using ingress control in {microshift-short}] | ||
|
|
||
| * xref:../../microshift-ingress-controller-config.adoc#microshift-ingress-control-config_{context}[Configuring ingress control in {microshift-short}] |
There was a problem hiding this comment.
do you need two references to the same assembly?
There was a problem hiding this comment.
I included only one reference to the same assembly. Everything passed this time. Thanks!
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
324e7f1 to
6d6ca62
Compare
| @@ -29,3 +29,5 @@ include::modules/microshift-config-nodeport-limits.adoc[leveloffset=+2] | |||
| == Additional resources | |||
|
|
|||
| * xref:../../microshift-greenboot-checking-status.adoc#microshift-greenboot-checking-status[Checking Greenboot status] | |||
|
|
|||
| * xref:../microshift_configuring/microshift-ingress-controller.adoc[Using ingress control for a {microshift-short} cluster] | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.XrefContainsAnchorID: The xref is missing an anchor ID.
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
2 times, most recently
from
bc6816b to
520bafc
Compare
| @@ -69,7 +66,7 @@ ingress: | |||
| |`forwardedHeaderPolicy` | |||
| |Specifies when and how the ingress controller sets the `Forwarded`, `X-Forwarded-For`, `X-Forwarded-Host`, `X-Forwarded-Port`, `X-Forwarded-Proto`, and `X-Forwarded-Proto-Version` HTTP headers. The following values are valid: | |||
|
|
|||
| * `Append`, preserves any existing headers by specifying that the ingress controller appends them. | |||
| * `Append`, preserves any existing headers by specifying that the ingressmicroshift-ingress-control-concept_{context} controller appends them. | |||
There was a problem hiding this comment.
| * `Append`, preserves any existing headers by specifying that the ingressmicroshift-ingress-control-concept_{context} controller appends them. | |
| * `Append`, preserves any existing headers and appends information in the headers as needed. |
|
|
||
| * The `tuningOptions.threadCount` parameter specifies the number of threads to create per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. `HAProxy` supports up to `64` threads. If this field is empty, default value is `4` threads. | ||
| + | ||
| * The `tuningOptions.serverTimeout` parameter specifies how long a connection is held open while waiting for a server response. The default timeout is `30s`.microshift-ingress-control-concept_{context} |
There was a problem hiding this comment.
not sure why microshift-ingress-control-concept_{context} is needed here.
| * Configuration snippet YAMLs take precedence over both built-in settings and a `config.yaml` configuration file. See the Additional resources links for more information. | ||
|
|
||
| . Replace the default values in the `network` section of the {microshift-short} YAML with your valid values, or create a configuration snippet file with the sections you need. | ||
| .. Use a configuration snippet to apply the ingress control settings youmicroshift-ingress-control-concept_{context} |
There was a problem hiding this comment.
not sure what youmicroshift-ingress-control-concept_{context} is
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
520bafc to
8b8f27f
Compare
|
/retest |
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
8b8f27f to
59ca606
Compare
tedaveryredhat
force-pushed
the
OSDOCS-14402
branch
from
59ca606 to
c42ea2f
Compare
openshift-ci
bot
added
size/M
|
@tedaveryredhat: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
tedaveryredhat
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
Version(s):
4.19
Issue:
https://issues.redhat.com/browse/OSDOCS-14402
Link to docs preview:
https://92896--ocpdocs-pr.netlify.app/microshift/latest/microshift_configuring/microshift-using-config-yaml.html
QE review: