Hi, I'm trying to understand from a technical point of view the hard requirement around namedCertificates and the hostname associated with the masterPublicURL vs masterURL.
According to the docs [1] it says " The namedCertificates section should be configured only for the host name associated with the masterPublicURLand oauthConfig.assetPublicURL settings n the */etc/origin/master/master-config.yaml* file. Using a custom serving certificate for the host name associated with the masterURL will result in TLS errors as infrastructure components will attempt to contact the master API using the internal masterURL host. " However the above note/ requirement doesn't applies to the self-signed certificated generated by the openshift-ansible installer and as such the OP can have the same value defined to the below variables in his/her inventory openshift_master_cluster_public_hostname => map to *masterPublicURL* openshift_master_cluster_hostname => map to *masterURL* without having any side effect - ie TLS errors. Is there anything "special" around the self-signed certificates produced by the openshift-ansible installer which doesn't generate any TLS errors ? If not then i'd expect same TLS errors as for when the namedCertificates section is present. Dani [1] https://docs.openshift.com/container-platform/3.10/install_config/certificate_customization.html#configuring-custom-certificates
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
