Bug 1501994 - [DOCS] No documentation related to the configuration of serviceServingCert
Summary: [DOCS] No documentation related to the configuration of serviceServingCert
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.6.1
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
: ---
Assignee: Kathryn Alexander
QA Contact: Chuan Yu
Vikram Goyal
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-13 16:36 UTC by Matthew Robson
Modified: 2018-07-20 20:35 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-07-20 20:35:32 UTC


Attachments (Terms of Use)

Description Matthew Robson 2017-10-13 16:36:20 UTC
Document URL: 

[1] https://docs.openshift.com/container-platform/3.6/dev_guide/secrets.html#service-serving-certificate-secrets

[2] https://docs.openshift.com/container-platform/3.6/install_config/upgrading/manual_upgrades.html

Section Number and Name: 

[1] Service Serving Certificate Secrets

[2] Upgrading Master Components OR Upgrading Cluster Metrics OR Additional Manual Steps Per Release

This was introduced in OCP 3.3, but without this config, you can not upgrade to metrics in OCP 3.6 as it leverages this component. It's mandatory as of 3.6.

Describe the issue: 

No details on how to configure serviceServingCert and create the certificates in the master-config.yaml 

controllerConfig:
  serviceServingCert:
    signer:
      certFile: service-signer.crt
      keyFile: service-signer.key

Suggestions for improvement: 

Add details on serviceServingCert in master-config and how to generate the certs:

oc adm ca create-signer-cert --cert=service-signer.crt --key=service-signer.key --name=openshift-service-serving-signer --serial=service-signer.serial.txt

Additional information:

This is done in ansible:
https://github.com/openshift/openshift-ansible/blob/release-3.6/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml

But if someone does a manual upgrade, this is not done.

Comment 3 Kathryn Alexander 2018-07-20 20:35:32 UTC
It looks like the root cause was a typo and there's no doc impact:
- https://access.redhat.com/support/cases/#/case/01964821?commentId=a0aA000000L4yFrIAJ
- https://access.redhat.com/support/cases/#/case/01948728?commentId=a0aA000000L50MMIAZ


Closing as notabug. @Matthew, @Vikram please reopen this issue if you disagree.


Note You need to log in before you can comment on or make changes to this bug.