Document URL: https://docs.openshift.com/container-platform/3.3/install_config/router/default_haproxy_router.html#using-wildcard-certificates Section Number and Name: redeploying-router-certificates-manually Describe the issue: Steps are missing on how to manually redeploy the router certs. Suggestions for improvement: The steps involved can be here in this KCS: https://access.redhat.com/solutions/2650171 I have also typed them out again here: 1. Check to see if a secret containing the router default certs is already added to the router. # oc volumes dc/router deploymentconfigs/router secret/router-certs as server-certificate mounted at /etc/pki/tls/private -If this is already configured skip to step 3 and just over write the secret. 2. Insure that you have a default cert directory set for the following variable DEFAULT_CERTIFICATE_DIR # oc env dc/router --list DEFAULT_CERTIFICATE_DIR=/etc/pki/tls/private 2a. If not set set the variable to the following. # oc env dc/router DEFAULT_CERTIFICATE_DIR=/etc/pki/tls/private 3. Overwrite or create a router certs secret. # cat custom-router.crt custom-ca.crt > custom-router.pem A- Overwrite # oc secrets new router-certs tls.crt=custom-router.pem custom-tls.key=router.key \ -o json --type='kubernetes.io/tls' --confirm | \ oc replace -f - B- Create New # oc secrets new router-certs tls.crt=custom-router.pem custom-tls.key=router.key \ --type='kubernetes.io/tls' --confirm # oc volume dc/router --add --mount-path=/etc/pki/tls/private --secret-name='router-certs' --name router-certs 4. Deploy latest router. # oc deploy router --latest
@ryan Can you look at the PR and see if I added the steps properly at: https://github.com/openshift/openshift-docs/pull/4801
hi, Added the comment in the PR https://github.com/openshift/openshift-docs/pull/4801
@Zhao -- I made the changes you suggested in the PR. Also, updated based on Ryan's comment in the PR that `oc deploy router --latest` is deprecated in 3.5 and changed to `oc rollout latest router`.
Verified this bug according to above PR 4801
Ryan, this defect is marked 3.5. can the changes roll back to 3.4 and 3.3 also?
Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/182c45f164f4918f2ca243c3ddfbd299282086f8 Merge pull request #4801 from mburke5678/mburke-BZ-1469704 BUG 1469704 Add Steps to Manually Redeploy Certs
Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/4e436e47bb2dade66c057156924d5a16a313b452 Merge pull request #4877 from mburke5678/mburke-BZ-1469704-2 BUG 1469704 changed router deploy command for 3.4 and 3.3
Merged changes into 3.3 and 3.4 in PR: https://github.com/openshift/openshift-docs/pull/4877 Merged changes into 3.5 in PR: https://github.com/openshift/openshift-docs/pull/4801
Changes are live: 3.3/3.4 change https://docs.openshift.com/container-platform/3.3/install_config/router/default_haproxy_router.html#manually-redeploy-certs 3.5 https://docs.openshift.com/container-platform/3.5/install_config/router/default_haproxy_router.html#manually-redeploy-certs