Over the last 10+ years, the use of SSL and TLS certificates to encrypt and verify the authenticity of traffic between a client and server has become ubiquitous. OpenShift is no exception. Certificates are used for communication between worker nodes and the control plane, between control plane nodes, and for many different components to communicate with each other. However, for most of us, the most obvious use of certificates with OpenShift is when we connect to the API and ingress endpoints. 

In this week’s stream, we are joined by Brian Beaudoin to look into all the different ways certificates are used in OpenShift, where they come from, how they’re lifecycled, how to replace the certificate authority, and other interesting aspects of the certificates used all across OpenShift.

As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!

If you’re interested in more streaming content, please subscribe to the OpenShift.tv streaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the Ask an OpenShift Admin Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EDT / 1500 UTC, on YouTube and Twitch.

Episode 32 recorded stream:


Use this link to jump directly to where we start talking about today’s topic.

This week’s top of mind topics:

  • VMware recently published a new reference architecture for deploying OpenShift to VMware Cloud Foundation using Dell/EMC VxRail hardware. We also talk about the overall status of OpenShift reference architectures and why you don’t see Red Hat creating and publishing them. Importantly, you can find a consolidated - but incomplete - list of partner reference architectures here.
  • During episode 30 we talked about subscriptions and entitlements, including that the Red Hat developer entitlement also gives you access to no-cost OpenShift. However, we’ve since discovered that there was an error in the backend Red Hat system which prevents the clusters from being entitled. That issue is being fixed, so please check back if you’re having issues! If you want details about the OpenShift developer entitlement, check Appendix 1 to the user agreement, which includes the precise conditions and caveats which apply.
  • VMware Site Recovery Manager and Fault Tolerance can be used with OpenShift, without invalidating support for the cluster, but be cognizant of the ramifications. For example, performance impacts to etcd (which we talked about during episode 21).

Questions answered during the stream: