From bcd642075ca67a63b3974c990d10b7d030dd7a52 Mon Sep 17 00:00:00 2001 From: Ron Stone Date: Fri, 4 Mar 2022 12:47:08 -0500 Subject: [PATCH] Cluster issuer yaml configuration file reports unknown field "organizations" (pick r6) Remove 'organizations' section from cert-manager sample yaml Add note in TPM topic indicating that its use should be avoided Incorporate patchset 1 review comments. Signed-off-by: Ron Stone Change-Id: I6b293d86e2943bf8e505be486cdad536e946337b --- ...t-and-web-certificates-private-key-storage-with-tpm.rst | 7 +++++++ ...ications-and-the-web-admin-server-cert-9196c5794834.rst | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/source/security/kubernetes/secure-starlingx-rest-and-web-certificates-private-key-storage-with-tpm.rst b/doc/source/security/kubernetes/secure-starlingx-rest-and-web-certificates-private-key-storage-with-tpm.rst index 9605e9753..bf76e7799 100644 --- a/doc/source/security/kubernetes/secure-starlingx-rest-and-web-certificates-private-key-storage-with-tpm.rst +++ b/doc/source/security/kubernetes/secure-starlingx-rest-and-web-certificates-private-key-storage-with-tpm.rst @@ -6,6 +6,13 @@ Secure StarlingX REST and Web Certificate's Private Key Storage with TPM ======================================================================== +.. warning:: + + |TPM| support is deprecated and will be removed in an upcoming release + of |prod|. Users should instead use the procedure in + :ref:`starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834`. + + For increased security, the |prod| REST and Web Server's certificate can be installed such that the private key is stored in a |TPM| 2.0 device on the controller. diff --git a/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst b/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst index d8450747c..419e88bbf 100644 --- a/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst +++ b/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.rst @@ -57,8 +57,6 @@ certificates. namespace: cert-manager spec: subject: - organizations: - - ABC-Company organizationalUnits: - StarlingX-system-local-ca secretName: system-local-ca @@ -79,6 +77,9 @@ certificates. secretName: system-local-ca EOF + For more information on supported parameters, see + https://cert-manager.io/v0.14-docs/reference/api-docs/#acme.cert-manager.io%2fv1alpha2 + #. Apply the configuration.