- What is the nature and description of the request?
As an admin I require the ability to Use my own CA for all of the certificates within the cluster. This includes all of the certs used by etcd, and between each ssytem in the cluster.
- Why does the customer need this? (List the business requirements here)
The do not feel the security of the OpenShift signed certificates is high enough to be properly safe.
- How would the customer like to achieve this? (List the functional requirements here)
One suggestion was to potentially run an Ansible playbook to generate all the required CSR's, let the customer send the CSR's to their CA. When the certificates are generated they are placed in a directory where Ansible can find them while running installation, update, or expansion playbooks.
- Is there already an existing RFE upstream or in Red Hat Bugzilla?
Not that I could easily find.
https://blog.openshift.com/considerations-on-openshift-pkis-and-certificates/ outlines the supported aspects of CA configuration. No further work on using a provided CA will be delivered.