[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook



Lorenz - I'm coming up against the same issue with my custom wildcard cert as it doesn't have the SNI IP of the registry that is created during the ansible install.  I'm interested in your resolution or anyone else's in this regards.

thanks
Conor

C. Conor Flynn
Senior Systems Administrator
 Fairfield University

________________________________
From: users-bounces lists openshift redhat com [users-bounces lists openshift redhat com] on behalf of Lorenz Vanthillo [lorenz vanthillo outlook com]
Sent: Thursday, December 15, 2016 8:31 AM
To: users lists openshift redhat com
Subject: Re: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook


Found it:

# default subdomain to use for exposed routes #openshift_master_default_subdomain=apps.test.example.com

________________________________
Van: Lorenz Vanthillo <lorenz vanthillo outlook com>
Verzonden: donderdag 15 december 2016 13:12:47
Aan: users lists openshift redhat com
Onderwerp: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook


Hi,


We are doing some testing with the playbook. We want to configure as much as possible inside the playbook.

So our registry is automatically deployed on our infra node and it's secured. But we face this issue when we try to authenticate using its route:

x509: certificate is valid for docker-registry-default.router.default.svc.cluster.local, docker-registry.default.svc.cluster.local, 172.30.106.12, not registry.my-wildcard.com


Is there a way in the playbook to tell ansible to generate the certificates with an additional route so it's by default valid for our registry-route.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]