[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Create selfsigned certs for securing openshift registry




On Jul 8, 2016 1:52 AM, "Den Cowboy" <dencowboy hotmail com> wrote:
>
> I try to secure my openshift registry:
>
> $ oadm ca create-server-cert \
>     --signer-cert=/etc/origin/master/ca.crt \
>     --signer-key=/etc/origin/master/ca.key \
>     --signer-serial=/etc/origin/master/ca.serial.txt \
>     --hostnames='docker-registry.default.svc.cluster.local,172.30.124.220' \
>     --cert=/etc/secrets/registry.crt \
>     --key=/etc/secrets/registry.key
>
>
> Which hostnames do I have to use?
> The service IP of my docker registry of course but what then?:

Currently everything internal should be using just the service IP.

>
> docker-registry.default.svc.cluster.local

This would cover the created service. We have plans to eventually use the registry service name instead of IP.

> OR/AND
> docker-registry.dev.wildcard.com

This would only be needed if you intend to expose the registry using a route for access external to the cluster.

>
> Thanks
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]