diff options
author | Dan Osborne <djosborne10@gmail.com> | 2017-08-14 12:45:42 -0700 |
---|---|---|
committer | Dan Osborne <djosborne10@gmail.com> | 2017-08-14 12:45:42 -0700 |
commit | 917015b0473a1fb9a0488ebec2765460e7bf3667 (patch) | |
tree | 10ec0508d7b2a626f80ef57ce27652d9cc0fe124 /roles/calico | |
parent | 1284510b760e280331053b2033f2e14be437d53d (diff) | |
download | openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.gz openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.bz2 openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.tar.xz openshift-917015b0473a1fb9a0488ebec2765460e7bf3667.zip |
Clean up Calico readme
Diffstat (limited to 'roles/calico')
-rw-r--r-- | roles/calico/README.md | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/roles/calico/README.md b/roles/calico/README.md index 9b9458bfa..65f66ebfa 100644 --- a/roles/calico/README.md +++ b/roles/calico/README.md @@ -6,12 +6,6 @@ Configure Calico components for the Master host. * Ansible 2.2 -## Warning: This Calico Integration is in Alpha - -Calico shares the etcd instance used by OpenShift, and distributes client etcd certificates to each node. -For this reason, **we do not (yet) recommend running Calico on any production-like -cluster, or using it for any purpose besides early access testing.** - ## Installation To install, set the following inventory configuration parameters: @@ -20,7 +14,19 @@ To install, set the following inventory configuration parameters: * `openshift_use_openshift_sdn=False` * `os_sdn_network_plugin_name='cni'` -## Additional Calico/Node and Felix Configuration Options +For more information, see [Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd) + +## Improving security with BYO-etcd + +By default, Calico uses the etcd set up by OpenShift. To accomplish this, it generates and distributes client etcd certificates to each node. +Distributing these certs across the cluster in this way weakens the overall security, +so Calico should not be deployed in production in this mode. + +Instead, Calico can be installed in BYO-etcd mode, where it connects to an externally +set up etcd. For information on deploying Calico in BYO-etcd mode, see +[Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd) + +## Calico Configuration Options Additional parameters that can be defined in the inventory are: |