I've created the certificate with my wildcard hostname ntoo and I've exposed it. Created pusher service-accounts in some projects because we are working with an external jenkins which builds images. Everything works fine now. Thanks
Date: Fri, 8 Jul 2016 09:05:14 -0400 Subject: Re: Create selfsigned certs for securing openshift registry From: [email protected] To: [email protected] CC: [email protected] On Jul 8, 2016 1:52 AM, "Den Cowboy" <[email protected]> wrote: > > I try to secure my openshift registry: > > $ oadm ca create-server-cert \ > --signer-cert=/etc/origin/master/ca.crt \ > --signer-key=/etc/origin/master/ca.key \ > --signer-serial=/etc/origin/master/ca.serial.txt \ > --hostnames='docker-registry.default.svc.cluster.local,172.30.124.220' \ > --cert=/etc/secrets/registry.crt \ > --key=/etc/secrets/registry.key > > > Which hostnames do I have to use? > The service IP of my docker registry of course but what then?: Currently everything internal should be using just the service IP. > > docker-registry.default.svc.cluster.local This would cover the created service. We have plans to eventually use the registry service name instead of IP. > OR/AND > docker-registry.dev.wildcard.com This would only be needed if you intend to expose the registry using a route for access external to the cluster. > > Thanks > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
