summaryrefslogtreecommitdiffstats
path: root/roles/calico
diff options
context:
space:
mode:
authorDan Osborne <djosborne10@gmail.com>2017-08-14 12:45:42 -0700
committerDan Osborne <djosborne10@gmail.com>2017-08-14 12:45:42 -0700
commit917015b0473a1fb9a0488ebec2765460e7bf3667 (patch)
tree10ec0508d7b2a626f80ef57ce27652d9cc0fe124 /roles/calico
parent1284510b760e280331053b2033f2e14be437d53d (diff)
downloadopenshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.gz
openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.bz2
openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.xz
openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.zip
Clean up Calico readme
Diffstat (limited to 'roles/calico')
-rw-r--r--roles/calico/README.md20
1 files changed, 13 insertions, 7 deletions
diff --git a/roles/calico/README.md b/roles/calico/README.md
index 9b9458bfa..65f66ebfa 100644
--- a/roles/calico/README.md
+++ b/roles/calico/README.md
@@ -6,12 +6,6 @@ Configure Calico components for the Master host.
* Ansible 2.2
-## Warning: This Calico Integration is in Alpha
-
-Calico shares the etcd instance used by OpenShift, and distributes client etcd certificates to each node.
-For this reason, **we do not (yet) recommend running Calico on any production-like
-cluster, or using it for any purpose besides early access testing.**
-
## Installation
To install, set the following inventory configuration parameters:
@@ -20,7 +14,19 @@ To install, set the following inventory configuration parameters:
* `openshift_use_openshift_sdn=False`
* `os_sdn_network_plugin_name='cni'`
-## Additional Calico/Node and Felix Configuration Options
+For more information, see [Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd)
+
+## Improving security with BYO-etcd
+
+By default, Calico uses the etcd set up by OpenShift. To accomplish this, it generates and distributes client etcd certificates to each node.
+Distributing these certs across the cluster in this way weakens the overall security,
+so Calico should not be deployed in production in this mode.
+
+Instead, Calico can be installed in BYO-etcd mode, where it connects to an externally
+set up etcd. For information on deploying Calico in BYO-etcd mode, see
+[Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd)
+
+## Calico Configuration Options
Additional parameters that can be defined in the inventory are: