I guess the intended usecase is so that full CA-provided certs can be placed in those locations. However, openshift_master_overwrite_named_certificates should be an environment.yaml switch so that the default self-signed behaviour can still be used if required.
It appears that ansible run will always fail if getCertificates is false in openshift-heat run because the following is static:
I guess the intended usecase is so that full CA-provided certs can be placed in those locations. However, openshift_master_overwrite_named_certificates should be an environment.yaml switch so that the default self-signed behaviour can still be used if required.