XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • False
    • None
    • False
    • ACM-2643 - Next Generation Control Plane

      Description of problem:

      Currently we use shell scripts to generate the certs which is not a final solution. We should generate the certs before start the api server. And we need to handle the cert rotation. We cannot just remove the certs dir and regenerate all the certificates, because there are some long-lived certs and CAs that shouldn't be swapped. e.g.:

      1. kube-apiserver serving certificate CAs - if you're connecting from the outside, the CA swap would likely be confusing
      2. system:admin client certificate - we don't want to rotate the certificate that allows you to authenticate to the API

       

      Goals:

      This task is focusing on generate the certs by using go code and handle the cert rotation as well.

       

      /assign Yuchen Yao

       

       

            yuyao@redhat.com Yuchen Yao (Inactive)
            clyang82 Chunlin Yang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: