openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Update apiserver.doc

Browse Source 
Remove the instructions to replacing the default certificate.
The instructions, as written, will also replace the internal
serving certificates. Following the instructions for adding
a named certificate will suffice.
This commit is contained in:
Luis Sanchez
2019-06-28 08:42:24 -04:00
committed by openshift-cherrypick-robot
parent 12bf4fd95c
commit 0c0c81e11c
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
authentication/certificates/api-server.adoc
View File

@@ -10,6 +10,4 @@ cluster CA. Clients outside of the cluster will not be able to verify the
API server's certificate by default. This certificate can be replaced
by one that is issued by a CA that clients trust.
include::modules/customize-certificates-api-add-default.adoc[leveloffset=+1]
include::modules/customize-certificates-api-add-named.adoc[leveloffset=+1]

7
modules/customize-certificates-api-add-named.adoc
View File

@@ -18,6 +18,13 @@ client's URL.
reach the API server.
* The certificate must have the `subjectAltName` extension for the URL.
[WARNING]
====
Do not provide a named certificate for the internal load balancer (host
name `api-int.<cluster_name>.<base_domain>`). Doing so will leave your
cluster in a degraded state.
====
.Procedure
. Create a secret that contains the certificate and key in the