Bug 1289766

Summary: [DOCS] Pre deployment for EFK stack needs info on cert origin and use.
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: DocumentationAssignee: Vikram Goyal <vigoyal>
Status: CLOSED CANTFIX QA Contact: Vikram Goyal <vigoyal>
Severity: high Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.1.0CC: aos-bugs, erich, jokerman, knakayam, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-27 14:36:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2015-12-08 22:37:05 UTC 
Document URL: https://docs.openshift.com/enterprise/3.1/install_config/aggregate_logging.html#pre-deployment-configuration

Section Number and Name: pre-deployment-configuration

Describe the issue: 

1. In step 2 we need information on where the certs and keys are coming from, or how the user can create these. 

2. In step 4 it has you adding a service account to the the SCC that is different from the one that is created.

system:serviceaccount:logging:logging-deployer

vs.

system:serviceaccount:logging:aggregated-logging-fluentd
Comment 1 Ryan Howe 2015-12-08 22:40:17 UTC 
Ignore #2  regarding the use of different service accounts as the service account is created during the deployer pod.
Comment 2 Kenjiro Nakayama 2015-12-09 00:16:05 UTC 
*** Bug 1288402 has been marked as a duplicate of this bug. ***
Comment 3 Ryan Howe 2015-12-09 18:28:50 UTC 
https://docs.openshift.com/enterprise/3.1/install_config/aggregate_logging.html#pre-deployment-configuration

Besides
Comment 4 Ryan Howe 2015-12-09 18:31:32 UTC 
Also: 

In step 2 only the kibana.crt and key should be used, If other keys and json file are added to secret the kibana pod will not work when deployed. 


$ oc secrets new logging-deployer \
   kibana.crt=/path/to/cert kibana.key=/path/to/key
Comment 5 Vikram Goyal 2017-12-27 14:36:15 UTC 
It looks like major changes were made to this section since this bug was created. Some of the steps referenced are no longer there.

I am going to close this bug as cantfix, but if changes still need to be made, please reopen.