ROX-28296: central reencrypt route

stehessel · stehessel · commit 6e4260e740fb · 2025-04-17T14:06:51.000+02:00
diff --git a/modules/central-configuration-options-operator.adoc b/modules/central-configuration-options-operator.adoc
@@ -44,10 +44,28 @@ Otherwise, you must reinstall the custom resource to log back in.
 |Use this parameter to specify a static IP address reserved for your load balancer.
 
 |`central.exposure.route.enabled`
-|Set this to `true` to expose Central through a {osp} route. The default value is `false`.
+|Set this to `true` to expose Central through a {osp} passthrough route. Disables all route settings if set to `false`. The default value is `false`.
 
 |`central.exposure.route.host`
-|Specify a custom hostname to use for Central's route. Leave this unset to accept the default value that {ocp} provides.
+|Use this parameter to specify a custom hostname to use for Central's passthrough route. Leave this unset to accept the default value that {ocp} provides.
+
+|`central.exposure.route.reencrypt.enabled`
+|Set this to `true` to expose Central through a {osp} reencrypt route. The default value is `false`.
+
+|`central.exposure.route.reencrypt.host`
+|Use this parameter to specify a custom hostname to use for Central's reencrypt route. Leave this unset to accept the default value that {ocp} provides.
+
+|`central.exposure.route.reencrypt.tls.caCertificate`
+|Use this parameter to specify a PEM-encoded certificate chain that might be used to establish a complete chain of trust. By default, {ocp} provides the certificate authority.
+
+|`central.exposure.route.reencrypt.tls.certificate`
+|Use this parameter to specify the PEM-encoded certificate that is served on the route. The {ocp} certificate authority signs the default certificate.
+
+|`central.exposure.route.reencrypt.tls.destinationCACertificate`
+|Use this parameter to specify the CA certificate of the final destination, that is of Central. The {ocp} router uses this certificate to perform health checks on the secure connection. By default, Central provides the certificate authority.
+
+|`central.exposure.route.reencrypt.tls.key`
+|Use this parameter to specify the PEM-encoded private key of the certificate that is served on the route. The {ocp} certificate authority signs the default certificate.
 
 |`central.exposure.nodeport.enabled`
 |Set this to `true` to expose Central through a node port. The default value is `false`.
diff --git a/modules/central-services-public-config.adoc b/modules/central-services-public-config.adoc
@@ -182,6 +182,40 @@ Red{nbsp}Hat recommends that you do not specify a port number if you are exposin
 
 | `central.exposure.route.enabled`
 | Use `true` to expose Central by using a route.
+Disables all route settings if set to `false`.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.host`
+| Use this parameter to specify a custom hostname to use for Central's passthrough route.
+Leave this unset to accept the default value that {ocp} provides.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.reencrypt.enabled`
+| Set this to `true` to expose Central through a {osp} reencrypt route.
+The default value is `false`.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.reencrypt.host`
+| Use this parameter to specify a custom hostname to use for Central's reencrypt route.
+Leave this unset to accept the default value that {ocp} provides.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.reencrypt.tls.caCertificate`
+| Use this parameter to specify a PEM-encoded certificate chain that might be used to establish a complete chain of trust.
+By default, {ocp} provides the certificate authority.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.reencrypt.tls.certificate`
+| Use this parameter to specify the PEM-encoded certificate that is served on the route. The {ocp} certificate authority signs the default certificate.
+This parameter is only available for {ocp} clusters.
+
+| `central.exposure.route.reencrypt.tls.destinationCACertificate`
+| Use this parameter to specify the CA certificate of the final destination, that is of Central.
+The {ocp} router uses this certificate to perform health checks on the secure connection. By default, Central provides the certificate authority.
+
+| `central.exposure.route.reencrypt.tls.key`
+| Use this parameter to specify the PEM-encoded private key of the certificate that is served on the route.
+The {ocp} certificate authority signs the default certificate.
 This parameter is only available for {ocp} clusters.
 
 | `central.db.external`
