Hi Everyone, Running OKD 3.11, installed with ansible. I just need to use a custom self-signed certificate for the web console, and for some reason, I am not sure how to make the nodes trust this certificate too. I have changed the servingInfo section in /etc/origin/master/master-config.yaml as per the following ( with italic only the added lines ):
servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 500 requestTimeoutSeconds: 3600 * namedCertificates: - certFile: domain.cert keyFile: domain.key names: - "lb.domain.internal"* The certificate is generated and self signed for *.domain.internal. The problem is, that now the nodes do not trust this ceritificate: journalctl -fu origin-node Apr 12 10:01:04 os-compute-2.domain.internal origin-node[3602]: E0412 10:01:04.292369 3602 reflector.go:136] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://lb.domain.internal:8443/api/v1/pods?fieldSelector=spec.nodeName%3Dos-compute-2.domain.internal&limit=500&resourceVersion=0: x509: certificate signed by unknown authority Could anyone please advice me how to solve this ? I would avoid regenerating all the certificates using the playbooks, I would rather prefer doing it manually if possible. Thank you very much ! Leo -- Best regards, Leo David
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
