Document URL: [1] https://docs.openshift.com/container-platform/3.6/dev_guide/secrets.html#service-serving-certificate-secrets [2] https://docs.openshift.com/container-platform/3.6/install_config/upgrading/manual_upgrades.html Section Number and Name: [1] Service Serving Certificate Secrets [2] Upgrading Master Components OR Upgrading Cluster Metrics OR Additional Manual Steps Per Release This was introduced in OCP 3.3, but without this config, you can not upgrade to metrics in OCP 3.6 as it leverages this component. It's mandatory as of 3.6. Describe the issue: No details on how to configure serviceServingCert and create the certificates in the master-config.yaml controllerConfig: serviceServingCert: signer: certFile: service-signer.crt keyFile: service-signer.key Suggestions for improvement: Add details on serviceServingCert in master-config and how to generate the certs: oc adm ca create-signer-cert --cert=service-signer.crt --key=service-signer.key --name=openshift-service-serving-signer --serial=service-signer.serial.txt Additional information: This is done in ansible: https://github.com/openshift/openshift-ansible/blob/release-3.6/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml But if someone does a manual upgrade, this is not done.
It looks like the root cause was a typo and there's no doc impact: - https://access.redhat.com/support/cases/#/case/01964821?commentId=a0aA000000L4yFrIAJ - https://access.redhat.com/support/cases/#/case/01948728?commentId=a0aA000000L50MMIAZ Closing as notabug. @Matthew, @Vikram please reopen this issue if you disagree.