Hi,
The pods will only run on the workers.
However, the actual communication will go through the router which most likely runs on your master node.
This may actually wary depending on the OCP configuration.
Thanks
------------------------------
TOMASZ HANUSIAK
------------------------------
Original Message:
Sent: Wed August 05, 2020 12:17 AM
From: Hisham Ghanem
Subject: Is Self-Signed TLS Certificate required for worker nodes
Hi. I am looking to replace the default IBM provided self-signed TLS certificate with customer's certificate. Following this guide for CP4D 2.5:
https://www.ibm.com/support/knowledgecenter/SSQNUZ_2.5.0/cpd/install/https-config-openshift.html
Question: Will the TLS certificate be needed/used on the worker nodes, or only on the master node(s)?
This makes a difference to the customer, because the Common Name (CN) and DNS Name/IP that will be provided by the customer are specific to a node. Meaning there are multiple CNs for the cluster, one per node
|
CN=master01.w-intra.net, dns=master01, dns=10.31.22.31
CN=master02.w-intra.net, dns=master02, dns=10.31.22.32
.
.
CN=worker01.w-intra.net, dns=worker01, dns=10.31.22.36
|
Thanks
------------------------------
Hisham Ghanem
Architect
IBM
Vienna VA
571-4216350
------------------------------
#CloudPakforDataGroup