summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_hosted/README.md1
-rw-r--r--roles/openshift_hosted/defaults/main.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml1
3 files changed, 3 insertions, 0 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md
index 328f800bf..6d576df71 100644
--- a/roles/openshift_hosted/README.md
+++ b/roles/openshift_hosted/README.md
@@ -26,6 +26,7 @@ From this role:
| openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on. |
| openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. |
| openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. |
+| openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. |
Dependencies
------------
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 32bcd8d08..d73f339f7 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -28,3 +28,4 @@ openshift_hosted_routers:
openshift_hosted_router_certificates: {}
+openshift_hosted_registry_cert_expire_days: 730
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index f9ea2ebeb..8a159bf73 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -57,6 +57,7 @@
- "{{ docker_registry_route_hostname }}"
cert: "{{ openshift_master_config_dir }}/registry.crt"
key: "{{ openshift_master_config_dir }}/registry.key"
+ expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}"
register: server_cert_out
- name: Create the secret for the registry certificates
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 21:17:21 +0000