[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Create selfsigned certs for securing openshift registry



I've created the certificate with my wildcard hostname ntoo and I've exposed it. Created pusher service-accounts in some projects because we are working with an external jenkins which builds images. Everything works fine now. Thanks


Date: Fri, 8 Jul 2016 09:05:14 -0400
Subject: Re: Create selfsigned certs for securing openshift registry
From: jdetiber redhat com
To: dencowboy hotmail com
CC: users lists openshift redhat com


On Jul 8, 2016 1:52 AM, "Den Cowboy" <dencowboy hotmail com> wrote:
>
> I try to secure my openshift registry:
>
> $ oadm ca create-server-cert \
>     --signer-cert=/etc/origin/master/ca.crt \
>     --signer-key=/etc/origin/master/ca.key \
>     --signer-serial=/etc/origin/master/ca.serial.txt \
>     --hostnames='docker-registry.default.svc.cluster.local,172.30.124.220' \
>     --cert=/etc/secrets/registry.crt \
>     --key=/etc/secrets/registry.key
>
>
> Which hostnames do I have to use?
> The service IP of my docker registry of course but what then?:

Currently everything internal should be using just the service IP.

>
> docker-registry.default.svc.cluster.local

This would cover the created service. We have plans to eventually use the registry service name instead of IP.

> OR/AND
> docker-registry.dev.wildcard.com

This would only be needed if you intend to expose the registry using a route for access external to the cluster.

>
> Thanks
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]