I've created the certificate with my wildcard hostname ntoo and I've exposed it. Created pusher service-accounts in some projects because we are working with an external jenkins which builds images. Everything works fine now. Thanks
Date: Fri, 8 Jul 2016 09:05:14 -0400
Subject: Re: Create selfsigned certs for securing openshift registry
From: jdetiber redhat com
To: dencowboy hotmail com
CC: users lists openshift redhat com
On Jul 8, 2016 1:52 AM, "Den Cowboy" <dencowboy hotmail com> wrote:
> I try to secure my openshift registry:
> $ oadm ca create-server-cert \
> --signer-cert=/etc/origin/master/ca.crt \
> --signer-key=/etc/origin/master/ca.key \
> --signer-serial=/etc/origin/master/ca.serial.txt \
> --hostnames='docker-registry.default.svc.cluster.local,172.30.124.220' \
> --cert=/etc/secrets/registry.crt \
> Which hostnames do I have to use?
> The service IP of my docker registry of course but what then?:
Currently everything internal should be using just the service IP.
This would cover the created service. We have plans to eventually use the registry service name instead of IP.
This would only be needed if you intend to expose the registry using a route for access external to the cluster.
> users mailing list
> users lists openshift redhat com