Add options for specifying named ca certificates to be added to the openshift ca bundle.

1 files changed, 11 insertions, 3 deletions

diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index b18a42e32..662f23aa3 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -156,7 +156,11 @@ oauthConfig:
 {% for line in translated_identity_providers.splitlines() %}
   {{ line }}
 {% endfor %}
-  masterCA: ca.crt
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+  masterCA: ca-bundle.crt
+{% else %}
+  masterCA: ca.rt
+{% endif %}
   masterPublicURL: {{ openshift.master.public_api_url }}
   masterURL: {{ openshift.master.api_url }}
   sessionConfig:
@@ -189,7 +193,11 @@ serviceAccountConfig:
   - default
   - builder
   - deployer
-  masterCA: ca.crt
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+  masterCA: ca-bundle.crt
+{% else %}
+  masterCA: ca.rt
+{% endif %}
   privateKeyFile: serviceaccounts.private.key
   publicKeyFiles:
   - serviceaccounts.public.key
@@ -201,7 +209,7 @@ servingInfo:
   keyFile: master.server.key
   maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
   requestTimeoutSeconds: 3600
-{% if openshift.master.named_certificates %}
+{% if openshift.master.named_certificates | default([]) | length > 0 %}
   namedCertificates:
 {% for named_certificate in openshift.master.named_certificates %}
   - certFile: {{ named_certificate['certfile'] }}