Further edits to ingress object section #8337
Conversation
openshift-ci-robot
added
the
size/S
admin_guide/managing_networking.adoc
Outdated
| + | ||
| ---- | ||
| $ oc adm policy add-role-to-user cluster-admin router` | ||
| $ oc adm policy add-cluster-role-to-user cluster-reader -z router |
There was a problem hiding this comment.
oc adm policy add-cluster-role-to-user system:openshift:controller:service-serving-cert-controller -z router is also needed for enabling ingress, otherwise the router pod logs will show many errors below:
E0323 06:22:50.408710 1 reflector.go:205] github.com/openshift/origin/pkg/router/controller/factory/factory.go:117: Failed to list *core.Secret: secrets is forbidden: User "system:serviceaccount:default:router" cannot list secrets at the cluster scope: User "system:serviceaccount:default:router" cannot list all secrets in the cluster
E0323 06:22:51.410501 1 reflector.go:205] github.com/openshift/origin/pkg/router/controller/factory/factory.go:117: Failed to list *core.Secret: secrets is forbidden: User "system:serviceaccount:default:router" cannot list secrets at the cluster scope: User "system:serviceaccount:default:router" cannot list all secrets in the cluster
E0323 06:22:52.417695 1 reflector.go:205] github.com/openshift/origin/pkg/router/controller/factory/factory.go:117: Failed to list *core.Secret: secrets is forbidden: User "system:serviceaccount:default:router" cannot list secrets at the cluster scope: User "system:serviceaccount:default:router" cannot list all secrets in the cluster
others looks good.
bfallonf
force-pushed
the
ingress_edit_2
branch
from
a735851 to
566683a
Compare
bfallonf
added
the
peer-review-needed
|
Thanks @lihongan . I've changed to suggestions. Please let me know if I've done anything wrong. @openshift/team-documentation PTAL |
|
LGTM. Thank you, @bfallonf |
admin_guide/managing_networking.adoc
Outdated
| objects. The claim rules above apply for each of these objects, but, because an | ||
| ingress object can have two hostnames, one hostname can be claimed by the | ||
| ingress object and be active, but the other might not be able to claim, and be | ||
| ignored. |
There was a problem hiding this comment.
@bfallonf This is not clear to me (but, maybe that's OK). "one hostname can be claimed by the
ingress object and be active, but the other might not be able to claim, and be ignored."
What does "be ignored" mean here? If one host name is ignored, does that mean anything for the other? (Sorry if this is an ignorant question.)
There was a problem hiding this comment.
@mburke5678 True.
@knobunc Would it be more accurate to say "The claim rules above apply for each of these objects. However, because an ingress object can have two hostnames, one hostname can be claimed by the ingress object and be active, while the second cannot claim, and remains inactive and ignored."
There was a problem hiding this comment.
Remains inactive is probably better.
|
@bfallonf Couple of questions. |
admin_guide/managing_networking.adoc
Outdated
| ==== | ||
| Routes and ingress objects have the same data structure internally on the | ||
| router, with ingress objects having the capability to turn into multiple | ||
| objects. The claim rules above apply for each of these objects, but, because an |
admin_guide/managing_networking.adoc
Outdated
| objects. The claim rules above apply for each of these objects, but, because an | ||
| ingress object can have two hostnames, one hostname can be claimed by the | ||
| ingress object and be active, but the other might not be able to claim, and be | ||
| ignored. |
There was a problem hiding this comment.
Remains inactive is probably better.
bfallonf
force-pushed
the
ingress_edit_2
branch
from
566683a to
93a55b5
Compare
|
Thanks @knobunc . Changes made to suggestions. I'll merge. |
bfallonf
removed
the
peer-review-needed
Updates from #8109
cc @lihongan @bmeng @knobunc
Will comment in the other PR. Thanks!