[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook



I suppose my situation is a little different as I have a custom wildcard cert in a HA cluster.  It sounds like for your configuration, that will work.  As a work around for me now,  I've secured the router with my custom wildcard cert and secured the registry using my custom CA with a self-signed cert (which includes the SNI IP and alt names).

________________________________
From: Lorenz Vanthillo [lorenz vanthillo outlook com]
Sent: Thursday, December 15, 2016 9:08 AM
To: Flynn, Conor; users lists openshift redhat com
Subject: Re: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook


Hi,


this seem to help for me? Does it for you? (apps.test.example.com is our wildcard)



# default subdomain to use for exposed routes
openshift_master_default_subdomain=apps.test.example.com


I have to tell I'm just in a stadium of exploration. My router + registry are on my master-node atm which I will not implement in a production environment. I don't know if this is the reason why it's working? Maybe you can give some feedback about this?

________________________________
Van: Flynn, Conor <cflynn5 fairfield edu>
Verzonden: donderdag 15 december 2016 14:53:12
Aan: Lorenz Vanthillo; users lists openshift redhat com
Onderwerp: RE: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook

Lorenz - I'm coming up against the same issue with my custom wildcard cert as it doesn't have the SNI IP of the registry that is created during the ansible install.  I'm interested in your resolution or anyone else's in this regards.

thanks
Conor

C. Conor Flynn
Senior Systems Administrator
 Fairfield University

________________________________
From: users-bounces lists openshift redhat com [users-bounces lists openshift redhat com] on behalf of Lorenz Vanthillo [lorenz vanthillo outlook com]
Sent: Thursday, December 15, 2016 8:31 AM
To: users lists openshift redhat com
Subject: Re: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook


Found it:

# default subdomain to use for exposed routes #openshift_master_default_subdomain=apps.test.example.com

________________________________
Van: Lorenz Vanthillo <lorenz vanthillo outlook com>
Verzonden: donderdag 15 december 2016 13:12:47
Aan: users lists openshift redhat com
Onderwerp: OpenShift origin v1.3.0: generate certificates based on our wildcard in playbook


Hi,


We are doing some testing with the playbook. We want to configure as much as possible inside the playbook.

So our registry is automatically deployed on our infra node and it's secured. But we face this issue when we try to authenticate using its route:

x509: certificate is valid for docker-registry-default.router.default.svc.cluster.local, docker-registry.default.svc.cluster.local, 172.30.106.12, not registry.my-wildcard.com


Is there a way in the playbook to tell ansible to generate the certificates with an additional route so it's by default valid for our registry-route.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]