Managing Certificate Signing Requests
Cluster administrators can review certificate signing requests (CSRs) and approve or deny them.html
Reviewing Certificate Signing Requests
You can review the list of certificate signing requests (CSRs).node
Get the list of current CSRs: 获取当前证书注册请求列表web
$ oc get csr
View the details of a CSR to verify that it is valid:bootstrap
$ oc describe csr <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.
Approving Certificate Signing Requests
You can manually approve certificate signing requests (CSRs) by using the oc certificate approve command.微信
Approve a CSR: 续签证书app
$ oc adm certificate approve <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.Approve all CSRs:this
$ oc get csr -o name | xargs oc adm certificate approve
Denying Certificate Signing Requests
You can manually deny certificate signing requests (CSRs) by using the oc certificate deny command.spa
Deny a CSR: 拒绝证书.net
$ oc adm certificate deny <csr_name>
<csr_name>is the name of a CSR from the list of current CSRs.
Configuring Automatic Approval of Certificate Signing Requests
开启证书自动续签--很是重要
code
You can configure automatic approval of node certificate signing requests (CSRs) by specifying adding the following parameter to your Ansible inventory file when installing your cluster:
openshift_master_bootstrap_auto_approve=true
Adding this parameter allows all CSRs generated by using the boostrap credential or from a previously authenticated node with the same host name to be approved without any administrator intervention.
参考连接:
https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html
本文分享自微信公众号 - 云服务圈(heidcloud)。
若有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一块儿分享。