starlingx/docs
Code Issues Proposed changes
docs/doc/source/security/kubernetes/https-access-overview.rst
Elisamara Aoki Goncalves 8314d46f72 Configuring docker registry certificate 
Update documentation regarding the Docker Registry certificate.
Remove deprecated section Local Registry Server Certificates.
Fix ref link.

Story: 2009811
Task: 50152

Change-Id: Id6b3469419b5d1a3a195795535aa496334dec211
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-09-23 12:26:36 +00:00

43 KiB
Raw Blame History

HTTPS and Certificates Management Overview

Certificates are required for secure HTTPS access and authentication on platform.

This table lists all the platform certificates, and indicates which certificates are automatically created/renewed by the system versus which certificates must be manually created/renewed by the system administrator.

Platform certificates that are associated with optional platform components are only present if the optional platform component is configured (e.g. ).

Platform certificates that are associated with Distributed Cloud are only present on SystemController systems or Subclouds.

Where:

  • Auto created: the certificate is generated during system deployment or triggered by certain operations.
  • Renewal Status: whether the certificate is renewed automatically by the system when expiry date approaches.

The specific certificates, and details such as expiration date, that are present on a system can be displayed with a local script, sudo show-certs.sh, see utility-script-to-display-certificates.

monitors the installed certificates on the system by raising alarms for expired certificates and certificates that will expire soon, see alarm-expiring-soon-and-expired-certificates-baf5b8f73009.

The following sections provide details on managing these certificates:

  • StarlingX REST API Applications and the Web Administration Server Certificate <starlingx-rest-api-applications-and-the-web-administration-server>
  • Kubernetes Certificates <kubernetes-certificates-f4196d7cae9c>
  • configure-docker-registry-certificate-after-installation-c519edbfe90a
  • System Trusted CA Certificates <add-a-trusted-ca>

For further information about certificates expiration date or other certificates information, see Display Certificates Installed on a System <utility-script-to-display-certificates>.

In addition, monitors the installed certificates on the system by raising alarms for expire-soon certificates and for expired certificates on the system, see Expiring-Soon and Expired Certificate Alarms <alarm-expiring-soon-and-expired-certificates-baf5b8f73009>.