From 0aac1554ccfab7ebea8294a9f5916d96ea7935a6 Mon Sep 17 00:00:00 2001 From: Evgeny Date: Mon, 25 Feb 2019 12:18:25 -0800 Subject: [PATCH] Update docs to clarify certificates requirements During the initial configuration it's required to configure a set of valid certificates for ingress. Make it more explicit so people don't miss this step. Change-Id: Ie6477f934688467b7d5dfe1cc8191f6acff29a21 --- doc/source/authoring_and_deployment.rst | 11 +++++++++++ .../secrets/certificates/ingress.yaml | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/doc/source/authoring_and_deployment.rst b/doc/source/authoring_and_deployment.rst index 86ad0e50d..e1e883e94 100644 --- a/doc/source/authoring_and_deployment.rst +++ b/doc/source/authoring_and_deployment.rst @@ -351,6 +351,17 @@ with random generated ones: python3 -c "from crypt import *; print(crypt('', METHOD_SHA512))" +Configure certificates in ``site/${NEW_SITE}/secrets/certificates/ingress.yaml``, +they need to be issued for domain configured in a section ``data.dns.ingress_domain`` +of a file ``./site/${NEW_SITE}/networks/common-addresses.yaml``. A list of endpoints +which will be used with these certificates can be found in the following file +``./site/${NEW_SITE}/software/config/endpoints.yaml``. + +.. caution:: + + It's required to configure valid certificates, self-signed certificates + are not supported. + Manifest linting and combining layers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/site/airship-seaworthy/secrets/certificates/ingress.yaml b/site/airship-seaworthy/secrets/certificates/ingress.yaml index ce475d4e2..b799fdb9f 100644 --- a/site/airship-seaworthy/secrets/certificates/ingress.yaml +++ b/site/airship-seaworthy/secrets/certificates/ingress.yaml @@ -1,7 +1,7 @@ --- # Example manifest for ingress cert. -# Shall be replaced with proper/valid set. -# Self-signed certs are not supported. +# NEWSITE-CHANGEME: must be replaced with proper/valid set, +# self-signed certs are not supported. metadata: layeringDefinition: abstract: false