From 9e5c17f286552d43db987d00db42a35fc3a51914 Mon Sep 17 00:00:00 2001 From: Ngairangbam Mili Date: Mon, 10 Mar 2025 13:22:06 +0000 Subject: [PATCH] Clarify the factory certificate requirement for enrollment (r10, dsr10) Change-Id: Ib3cf2374fcec79be0a4e42c61585d24c728e3d45 Signed-off-by: Ngairangbam Mili --- ...d-nondc-standalone-system-as-a-s-87b2fbf81be3.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst index a3a8b5d1f..140087dd4 100644 --- a/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst +++ b/doc/source/dist_cloud/kubernetes/enroll-a-factory-installed-nondc-standalone-system-as-a-s-87b2fbf81be3.rst @@ -117,12 +117,12 @@ requirements must be met: - The subcloud platform networks should be configured with the expected IP family (IPv4 or IPv6) because the IP family of a subcloud cannot be updated. -- Same SSL_CA certs (system_local_ca_cert, system_local_ca_key, and - system_root_ca_cert) need to be installed on both the central cloud system - controllers and the factory-installed subclouds in ``localhost.yaml`` to - enable the |SSL| communication via |OAM| connection. Otherwise, the - enrollment will fail due to |SSL| failure while requesting subcloud's region - name (logs can be found in dcmanager.log). +- SSL_CA certs (system_local_ca_cert, system_local_ca_key, and + system_root_ca_cert) need to be installed on the factory installed subclouds + in ``localhost.yaml`` to enable the |SSL| communication via |OAM| connection during + enrollment. The system controller performing the subcloud enrollment needs to + have a trusted |CA| that can validate the server certificates used for the + factory installed systems. For more details, see :ref:`add-a-trusted-ca`. - Kubernetes RootCA certs need to be specified during the factory installation process in ``localhost.yaml``, otherwise, the kube-rootca endpoint will be