Red Hat Bugzilla – Bug 1501994
No documentation related to the configuration of serviceServingCert
Last modified: 2018-03-02 03:01:17 EST
Section Number and Name:
 Service Serving Certificate Secrets
 Upgrading Master Components OR Upgrading Cluster Metrics OR Additional Manual Steps Per Release
This was introduced in OCP 3.3, but without this config, you can not upgrade to metrics in OCP 3.6 as it leverages this component. It's mandatory as of 3.6.
Describe the issue:
No details on how to configure serviceServingCert and create the certificates in the master-config.yaml
Suggestions for improvement:
Add details on serviceServingCert in master-config and how to generate the certs:
oc adm ca create-signer-cert --cert=service-signer.crt --key=service-signer.key --name=openshift-service-serving-signer --serial=service-signer.serial.txt
This is done in ansible:
But if someone does a manual upgrade, this is not done.