Merge "Clarify the factory certificate requirement for enrollment (r10, dsr10)"

2025-03-19 14:27:26 +00:00 · 2025-03-19 14:27:26 +00:00 · 63a7efe262
commit 63a7efe262
parent 4c944af291 9e5c17f286
1 changed files with 6 additions and 6 deletions
--- a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
+++ b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst
@ -117,12 +117,12 @@ requirements must be met:
 - The subcloud platform networks should be configured with the expected IP
  family (IPv4 or IPv6) because the IP family of a subcloud cannot be updated.

- Same SSL_CA certs (system_local_ca_cert, system_local_ca_key, and
-  system_root_ca_cert) need to be installed on both the central cloud system
-  controllers and the factory-installed subclouds in ``localhost.yaml`` to
-  enable the |SSL| communication via |OAM| connection. Otherwise, the
-  enrollment will fail due to |SSL| failure while requesting subcloud's region
-  name (logs can be found in dcmanager.log).
+- SSL_CA certs (system_local_ca_cert, system_local_ca_key, and
+  system_root_ca_cert) need to be installed on the factory installed subclouds
+  in ``localhost.yaml`` to enable the |SSL| communication via |OAM| connection during
+  enrollment. The system controller performing the subcloud enrollment needs to
+  have a trusted |CA| that can validate the server certificates used for the
+  factory installed systems. For more details, see :ref:`add-a-trusted-ca`.

 - Kubernetes RootCA certs need to be specified during the factory installation
  process in ``localhost.yaml``, otherwise, the kube-rootca endpoint will be