If you deploy an OpenStack provider on a VMware Integrated OpenStack deployment with a self-signed certificate, you must replace the self-signed certificate with a certificate that the Kubernetes cluster recognizes.
Procedure
- On the VMware Integrated OpenStack VM, perform the following steps:
- In the /tmp/vio.cnf file, edit the value
basicConstraints=CA:TRUE - On the command line, type the commands:
openssl req -new -key /var/lib/vio/jarvis/{uuid}/credentials/etc/ssl/private/vio.key -out /tmp/vio.csr -config /tmp/vio.cnf openssl x509 -req -days 3650 -extensions v3_req -extfile /tmp/vio.cnf -in /tmp/vio.csr -signkey /var/lib/vio/jarvis/{uuid}/credentials/etc/ssl/private/vio.key -out /tmp/vio.crt cat /var/lib/vio/jarvis/{uuid}/site-req-{uuid}-hosts.ini | grep deployment_name viocli deployment cert-update -d deployment_name -f /tmp/vio.crt - From the OpenStack Horizon web portal, verify that the certificate is working.
- In the /tmp/vio.cnf file, edit the value
- On the VMware Integrated OpenStack with Kubernetes VM, perform the following steps:
- Copy the vio.crt file to the local machine.
- When adding a provider, choose the file as the Root CA file for certificate validation. See Input Parameters for an OpenStack Provider.
