starlingx/docs
Code Issues Proposed changes

Merge "Step to install ssl_ca when installing registry certificate (r6,dsR6)" into r/stx.6.0

Browse Source
This commit is contained in:
Zuul
2022-08-17 20:23:54 +00:00
committed by Gerrit Code Review
parent e600e44a58 1378ce99c6
commit be4eab3fbc
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
doc/source/security/kubernetes/configure-docker-registry-certificate-after-installation-c519edbfe90a.rst
View File

@@ -91,6 +91,19 @@ Update the following fields:
If configuration was successful, the certificates Ready status will be
``True``.
#. Update the platform's trusted certificates (i.e. ``ssl_ca``) with the Root
|CA| associated with ``system-registry-local-certificate``.
See the example below where a Root |CA| ``system-local-ca`` was used to sign
the ``system-registry-local-certificate``, the ``ca.crt`` of the
``system-local-ca`` SECRET is extracted and added as a trusted |CA| for
|prod| (i.e. ``system certificate-install -m ssl_ca``).
.. code-block:: none
~(keystone_admin)]$ kubectl -n cert-manager get secret system-local-ca -o yaml | fgrep tls.crt | awk '{print $2}' | base64 --decode >> system-local-ca.pem
~(keystone_admin)]$ system certificate-install -m ssl_ca system-local-ca.pem
.. rubric:: |result|
The Docker registry certificate installation is now complete, and Cert-Manager