mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// *security/certificate-types-descriptions.adoc
|
|
|
|
[id="user-provided-certificates-for-the-api-server_{context}"]
|
|
= User-provided certificates for the API server
|
|
|
|
[discrete]
|
|
== Purpose
|
|
|
|
The API server is accessible by clients external to the cluster at
|
|
`api.<cluster_name>.<base_domain>`. You might want clients to access the API
|
|
server at a different host name or without the need to distribute the
|
|
cluster-managed certificate authority (CA) certificates to the clients. The
|
|
administrator must set a custom default certificate to be used by the API server
|
|
when serving content.
|
|
|
|
[discrete]
|
|
== Location
|
|
|
|
The user-provided certificates must be provided in a `kubernetes.io/tls` type
|
|
`Secret` in the `openshift-config` namespace. Update the API server cluster
|
|
configuration, the `apiserver/cluster` resource, to enable the use of the
|
|
user-provided certificate.
|
|
|
|
[discrete]
|
|
== Management
|
|
|
|
User-provided certificates are managed by the user.
|
|
|
|
[discrete]
|
|
== Expiration
|
|
|
|
User-provided certificates are managed by the user.
|
|
|
|
[discrete]
|
|
== Customization
|
|
|
|
Update the secret containing the user-managed certificate as needed.
|