OCPBUGS#8882: configure an addditionl clientca for the openshiftapi s… #89427
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@bergerhoffer: This pull request references ocpbugs-8882 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
bergerhoffer
changed the title
|
@bergerhoffer: No Jira issue is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
removed
the
jira/valid-reference
openshift-ci
bot
added
the
size/L
|
🤖 Mon Mar 03 14:49:54 - Prow CI generated the docs preview: |
| @@ -0,0 +1,46 @@ | |||
| // Module included in the following assemblies: | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.ModuleContainsContentType: Module is missing the '_mod-docs-content-type' variable.
| :_content-type: PROCEDURE | ||
| [id="configure-an-additional-clientCA-for-the-OpenShift-API-server_{context}"] | ||
|
|
||
| = Replacing the installer-generated clientCA with a new clientCA for the OpenShift API server |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
|
||
| An existing kubeconfig is replaced by adding a new kubeconfig and configuring the existing kubeconfig to be invalid. The existing kubeconfig remains in place, but is not used due to its invalidating configuration. The existing, now invalid, kubeconfig cannot be removed. | ||
|
|
||
| Optionally, you can replace the installer-generated kubeconfig. This process is also referred to as configuring the installer-generated kubceconfig to be invalid. |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
|
||
| An existing kubeconfig is replaced by adding a new kubeconfig and configuring the existing kubeconfig to be invalid. The existing kubeconfig remains in place, but is not used due to its invalidating configuration. The existing, now invalid, kubeconfig cannot be removed. | ||
|
|
||
| Optionally, you can replace the installer-generated kubeconfig. This process is also referred to as configuring the installer-generated kubceconfig to be invalid. |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
|
||
| .Procedure | ||
|
|
||
| To replace the installer-generated kubeconfig, remove the installer-generated clientCA from the API server: |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
|
||
| .Procedure | ||
|
|
||
| To replace the installer-generated kubeconfig, remove the installer-generated clientCA from the API server: |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
| ---- | ||
|
|
||
| . Test the new clientCA certificate with a certificate signed from the new clientCA. | ||
| . If the test is successful, you can remove the installer-generated clientCA. |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
| @@ -0,0 +1,102 @@ | |||
| // Module included in the following assemblies: | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.ModuleContainsContentType: Module is missing the '_mod-docs-content-type' variable.
| :_content-type: PROCEDURE | ||
| [id="replace-the-certificate-authority_{context}"] | ||
|
|
||
| = Invalidating the installer-generated kubeconfig before replacing it with a newly generated CA certificate |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
|
||
| = Invalidating the installer-generated kubeconfig before replacing it with a newly generated CA certificate | ||
|
|
||
| The installer-generated kubeconfig cannot be removed, but it can be invalidated and replaced with a newly generated CA certificate. |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'The installer'. For more information, see RedHat.TermsErrors.
|
|
||
| The installer-generated kubeconfig cannot be removed, but it can be invalidated and replaced with a newly generated CA certificate. | ||
|
|
||
| You can replace the installer-generated kubeconfig. You might do this if any of the following conditions exist: |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
| == Additional resources | ||
|
|
||
| * link:https://access.redhat.com/solutions/6054981[Replacing the certificate authority for the installer system:admin kubeconfig] |
There was a problem hiding this comment.
🤖 [error] RedHat.TermsErrors: Use 'installation program' rather than 'the installer'. For more information, see RedHat.TermsErrors.
|
@bergerhoffer: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
openshift-ci
bot
removed
the
lifecycle/stale
…erver
Version(s):
4.12+
Issue:
https://issues.redhat.com/browse/OCPBUGS-8882#
Link to docs preview:
QE review:
Additional information: