Change Certificates in Openshift

Page content

In this post I will show you how can you chnage certificate in Openshift.

Parst of the Openshift series

Configure certs:

If you want to configure your Openshift cluster to use your own certificate you can do that wit this configuration.
In my case the certificate files is MyCert.crt MyCert.key and the root CA is ccca.pem.

nano /ec/ansible/hosts
openshift_master_overwrite_named_certificates=true
openshift_hosted_router_certificate={"certfile": "/root/cert/MyCert.crt", "keyfile": "/root/cert/MyCert.key", "cafile": "/root/cert/ccca.pem"}
openshift_master_named_certificates=[{"names": ["master.openshit.mydomain.intra"],"certfile": "/root/cert/MyCert.crt", "keyfile": "/root/cert/MyCert.key", "cafile": "/root/cert/ccca.pem"}]

# registry
openshift_hosted_registry_routecertificates={"certfile": "/root/cert/MyCert.crt", "keyfile": "/root/cert/MyCert.key", "cafile": "/root/cert/ccca.pem"}
openshift_hosted_registry_routetermination=reencrypt

Run the Installer

If your certificate is renewd you can cahge the certificate in the cluster with this playbooks.

ansible-playbook -i hosts /usr/share/ansible/openshift-ansible/playbooks/openshift-master/redeploy-openshift-ca.yml
ansible-playbook -i hosts /usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml
comments powered by Disqus