Re: [ssl] oc cluster up
Hi Joel, As I understand correctly, ansible playbook can be used on RHEL or Centos systems. I am running Ubuntu 18.04. Thank you. Regards, Pavel Maslov, MS On Thu, Feb 28, 2019 at 2:24 AM Joel Pearson wrote: > Why not use an ansible installation for a single node instead? Then you > can let ansible configure everything properly for you. > > Sent from my iPhone > > On 28 Feb 2019, at 9:02 am, Pavel Maslov wrote: > > With my original question, I meant how can I secure the Web Console (I was > able to install a custom SSL certificate for the Router, so now it's the > Web Console's turn). I am following the instructions from the documentation > [1], but to no avail - Web Console is still picking up the default > self-singed certificate by Openshift. > > Since I am starting my Openshift cluster using *oc cluster up, *a new > directory gets created, namely openshift.local.clusterup/. > So what I did I edited the file > openshift.local.clusterup/kub-apiserver/master-config.yaml as described in > [1]: > > servingInfo: > masterPublicURL: https://dev3.maslick.com:8443 > publicURL: https://dev3.maslick.com:8443/console/ > bindAddress: 0.0.0.0:8443 > bindNetwork: tcp4 > certFile: master.server.crt > clientCA: ca.crt > keyFile: master.server.key > maxRequestsInFlight: 1200 > namedCertificates: > - certFile: dev3-maslick-com.crt > clientCA: ca-maslick-com.pem > keyFile: key-dev3-maslick-com.pem > names: > - "dev3.maslick.com" > requestTimeoutSeconds: 3600 > volumeConfig: > dynamicProvisioningEnabled: true > > It doesn't work though. It doesn't even pick up my certificate. I put the > crt, ca and key files into the same folder as master-config.yaml: > $HOME/openshift.local.clusterup/kub-apiserver/. > Any thoughts? Thanks! > > [1] > https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates > > Regards, > Pavel Maslov, MS > > > On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov > wrote: > >> Hi, all >> >> I'm new to the list. Perhaps, smb already asked this question: >> >> When I start a cluster using *oc cluster up* command, Openshift >> generates a self-signed certificate. Is it possible to give it a real >> certificate? >> >> Thanks in advance. >> >> Regards, >> Pavel Maslov, MS >> > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: [ssl] oc cluster up
Why not use an ansible installation for a single node instead? Then you can let ansible configure everything properly for you. Sent from my iPhone > On 28 Feb 2019, at 9:02 am, Pavel Maslov wrote: > > With my original question, I meant how can I secure the Web Console (I was > able to install a custom SSL certificate for the Router, so now it's the Web > Console's turn). I am following the instructions from the documentation [1], > but to no avail - Web Console is still picking up the default self-singed > certificate by Openshift. > > Since I am starting my Openshift cluster using oc cluster up, a new directory > gets created, namely openshift.local.clusterup/. > So what I did I edited the file > openshift.local.clusterup/kub-apiserver/master-config.yaml as described in > [1]: > > servingInfo: > masterPublicURL: https://dev3.maslick.com:8443 > publicURL: https://dev3.maslick.com:8443/console/ > bindAddress: 0.0.0.0:8443 > bindNetwork: tcp4 > certFile: master.server.crt > clientCA: ca.crt > keyFile: master.server.key > maxRequestsInFlight: 1200 > namedCertificates: > - certFile: dev3-maslick-com.crt > clientCA: ca-maslick-com.pem > keyFile: key-dev3-maslick-com.pem > names: > - "dev3.maslick.com" > requestTimeoutSeconds: 3600 > volumeConfig: > dynamicProvisioningEnabled: true > > It doesn't work though. It doesn't even pick up my certificate. I put the > crt, ca and key files into the same folder as master-config.yaml: > $HOME/openshift.local.clusterup/kub-apiserver/. > Any thoughts? Thanks! > > [1] > https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates > > Regards, > Pavel Maslov, MS > > >> On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov wrote: >> Hi, all >> >> I'm new to the list. Perhaps, smb already asked this question: >> >> When I start a cluster using oc cluster up command, Openshift generates a >> self-signed certificate. Is it possible to give it a real certificate? >> >> Thanks in advance. >> >> Regards, >> Pavel Maslov, MS > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: [ssl] oc cluster up
With my original question, I meant how can I secure the Web Console (I was able to install a custom SSL certificate for the Router, so now it's the Web Console's turn). I am following the instructions from the documentation [1], but to no avail - Web Console is still picking up the default self-singed certificate by Openshift. Since I am starting my Openshift cluster using *oc cluster up, *a new directory gets created, namely openshift.local.clusterup/. So what I did I edited the file openshift.local.clusterup/kub-apiserver/master-config.yaml as described in [1]: servingInfo: masterPublicURL: https://dev3.maslick.com:8443 publicURL: https://dev3.maslick.com:8443/console/ bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 1200 namedCertificates: - certFile: dev3-maslick-com.crt clientCA: ca-maslick-com.pem keyFile: key-dev3-maslick-com.pem names: - "dev3.maslick.com" requestTimeoutSeconds: 3600 volumeConfig: dynamicProvisioningEnabled: true It doesn't work though. It doesn't even pick up my certificate. I put the crt, ca and key files into the same folder as master-config.yaml: $HOME/openshift.local.clusterup/kub-apiserver/. Any thoughts? Thanks! [1] https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates Regards, Pavel Maslov, MS On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov wrote: > Hi, all > > I'm new to the list. Perhaps, smb already asked this question: > > When I start a cluster using *oc cluster up* command, Openshift generates > a self-signed certificate. Is it possible to give it a real certificate? > > Thanks in advance. > > Regards, > Pavel Maslov, MS > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
[ssl] oc cluster up
Hi, all I'm new to the list. Perhaps, smb already asked this question: When I start a cluster using *oc cluster up* command, Openshift generates a self-signed certificate. Is it possible to give it a real certificate? Thanks in advance. Regards, Pavel Maslov, MS ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
