前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >openshift11 csr 证书续签管理

openshift11 csr 证书续签管理

作者头像
heidsoft
发布2020-04-07 18:38:15
1.1K0
发布2020-04-07 18:38:15
举报
文章被收录于专栏:云计算与大数据

Managing Certificate Signing Requests

Cluster administrators can review certificate signing requests (CSRs) and approve or deny them.

Reviewing Certificate Signing Requests

You can review the list of certificate signing requests (CSRs).

  • Get the list of current CSRs: 获取当前证书注册请求列表 $ oc get csr
  • View the details of a CSR to verify that it is valid: $ oc describe csr <csr_name> <csr_name> is the name of a CSR from the list of current CSRs.

Approving Certificate Signing Requests

You can manually approve certificate signing requests (CSRs) by using the oc certificate approve command.

  • Approve a CSR: 续签证书 $ oc adm certificate approve <csr_name> <csr_name> is the name of a CSR from the list of current CSRs.
  • Approve all CSRs: $ oc get csr -o name | xargs oc adm certificate approve

Denying Certificate Signing Requests

You can manually deny certificate signing requests (CSRs) by using the oc certificate deny command.

  • Deny a CSR: 拒绝证书 $ oc adm certificate deny <csr_name> <csr_name> is the name of a CSR from the list of current CSRs.

Configuring Automatic Approval of Certificate Signing Requests

开启证书自动续签--非常重要

You can configure automatic approval of node certificate signing requests (CSRs) by specifying adding the following parameter to your Ansible inventory file when installing your cluster:

代码语言:javascript
复制
openshift_master_bootstrap_auto_approve=true

Adding this parameter allows all CSRs generated by using the boostrap credential or from a previously authenticated node with the same host name to be approved without any administrator intervention.

参考链接:

https://docs.openshift.com/container-platform/3.11/install_config/redeploying_certificates.html

本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2020-03-30,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 云数智圈 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • Managing Certificate Signing Requests
    • Reviewing Certificate Signing Requests
      • Approving Certificate Signing Requests
        • Denying Certificate Signing Requests
          • Configuring Automatic Approval of Certificate Signing Requests
          领券
          问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档