From a6a6a5ec8e8cf4ee6ecfd79206f8c97a71b28221 Mon Sep 17 00:00:00 2001
From: Ansil H <ansil.hameedkunju@suse.com>
Date: Mon, 31 May 2021 22:13:48 +0530
Subject: [PATCH] Include CSR example

To fix https://github.com/rancher/rke/issues/2550
---
 content/rke/latest/en/cert-mgmt/_index.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/content/rke/latest/en/cert-mgmt/_index.md b/content/rke/latest/en/cert-mgmt/_index.md
index 95ba2123720..1d60d38c3be 100644
--- a/content/rke/latest/en/cert-mgmt/_index.md
+++ b/content/rke/latest/en/cert-mgmt/_index.md
@@ -108,3 +108,16 @@ INFO[0001] [certificates] Generating etcd-zzzzz certificate and key
 INFO[0001] Successfully Deployed state file at [./cluster.rkestate]
 INFO[0001] Rebuilding Kubernetes cluster with rotated certificates
 ```
+
+### Optional settings 
+
+Use [extra_args]({{<baseurl>}}rke/latest/en/config-options/services/services-extras/#extra-args) to enable optional settings of each [services]({{<baseurl>}}/rke/latest/en/config-options/services/) that needs certificates and keys.
+
+For example, to enable [Certificate Management](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/), add `cluster-signing-cert-file` & `cluster-signing-key-file` to kube-controller in `cluster.yml` file.
+```
+services:
+  kube-controller: 
+    extra_args: 
+      cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
+      cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
+```