Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-9495

DO380-204, I don't think that giving both the API server and the Ingress operator the same certificate and private key is a good idea

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Major Major
    • DO380 - OCP4.14-en-1-20240220
    • DO380 - OCP4.10-en-3-20221129
    • DO380
    • None
    • 6
    • ROLE
    • en-US (English)

      URL: https://role.rhu.redhat.com/rol-rhu/app/courses/do380-4.10/pages/ch06s02
      Reporter RHNID: ctiwary@redhat.com
      Section: 2 - Guided Exercise: Integrating OpenShift with an Enterprise Certificate Authority
      Language: en-US (English)
      Workaround:

      Description: In section 6.2: I don't think that giving both the API server and the Ingress operator the same certificate and private key is a good idea even for an example. Typically a private key is an identity to a server or a service. Giving them the same key is like giving them the same identity. Also, I suggest to segregate the steps of modifying the certificates of the API server from the steps for the Proxy from the steps for ingress controller for better readability.

              rht-bgargallo Bernardo Andres Gargallo Jaquotot
              chetan-rhls Chetan Tiwary
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: