Managing Certificate Signing Requests
Cluster administrators can review certificate signing requests (CSRs) and approve or deny them.html
Reviewing Certificate Signing Requests
You can review the list of certificate signing requests (CSRs).node
Get the list of current CSRs: 獲取當前證書註冊請求列表web
$ oc get csr
View the details of a CSR to verify that it is valid:bootstrap
$ oc describe csr <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.
Approving Certificate Signing Requests
You can manually approve certificate signing requests (CSRs) by using the oc certificate approve command.微信
Approve a CSR: 續簽證書app
$ oc adm certificate approve <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.Approve all CSRs:this
$ oc get csr -o name | xargs oc adm certificate approve
Denying Certificate Signing Requests
You can manually deny certificate signing requests (CSRs) by using the oc certificate deny command.spa
Deny a CSR: 拒絕證書.net
$ oc adm certificate deny <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.
Configuring Automatic Approval of Certificate Signing Requests
開啓證書自動續簽--很是重要
code
You can configure automatic approval of node certificate signing requests (CSRs) by specifying adding the following parameter to your Ansible inventory file when installing your cluster:
openshift_master_bootstrap_auto_approve=true
Adding this parameter allows all CSRs generated by using the boostrap credential or from a previously authenticated node with the same host name to be approved without any administrator intervention.
參考連接:
https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html
本文分享自微信公衆號 - 雲服務圈(heidcloud)。
若有侵權,請聯繫 support@oschina.cn 刪除。
本文參與「OSC源創計劃」,歡迎正在閱讀的你也加入,一塊兒分享。