Hi, I think my issues are related to the fact that i'm using the same name for both master_cluster_hostname and master_cluster_public_hostname... Therefore...should i create a new name for master_cluster_public_hostname and point it in dns to the same ip address as master_cluster_hostname ( as I only have one balancer ) ? What would it be the steps to achieve this regarding yamls reconfiguration ? Thank you very much !
On Fri, Apr 12, 2019 at 1:13 PM Leo David <leoa...@gmail.com> wrote: > Hi Everyone, > Running OKD 3.11, installed with ansible. I just need to use a custom > self-signed certificate for the web console, and for some reason, I am not > sure how to make the nodes trust this certificate too. > I have changed the servingInfo section in > /etc/origin/master/master-config.yaml as per the following ( with italic > only the added lines ): > > servingInfo: > bindAddress: 0.0.0.0:8443 > bindNetwork: tcp4 > certFile: master.server.crt > clientCA: ca.crt > keyFile: master.server.key > maxRequestsInFlight: 500 > requestTimeoutSeconds: 3600 > > > > > * namedCertificates: - certFile: domain.cert keyFile: > domain.key names: - "lb.domain.internal"* > The certificate is generated and self signed for *.domain.internal. > > The problem is, that now the nodes do not trust this ceritificate: > journalctl -fu origin-node > Apr 12 10:01:04 os-compute-2.domain.internal origin-node[3602]: E0412 > 10:01:04.292369 3602 reflector.go:136] > k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list > *v1.Pod: Get > https://lb.domain.internal:8443/api/v1/pods?fieldSelector=spec.nodeName%3Dos-compute-2.domain.internal&limit=500&resourceVersion=0: > x509: certificate signed by unknown authority > Could anyone please advice me how to solve this ? > I would avoid regenerating all the certificates using the playbooks, I > would rather prefer doing it manually if possible. > Thank you very much ! > > Leo > > > > > -- > Best regards, Leo David > -- Best regards, Leo David
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users