Details
-
Epic
-
Resolution: Unresolved
-
Critical
-
None
-
openshift-4.13
-
Fallback (Protocol) for Emergency Certificate Rotation
-
False
-
None
-
False
-
Not Selected
-
To Do
-
50
-
50%
Description
Goal:
- recover the cluster when certs expire while a node is down
- should work for OpenShift (both HA and Single)
- Ideally, if possible, we want to make it an automated repair process.
- cover both rebooted node and suspended node
- Evaluate (during the research) effort to provide a mechanism to the admin so he/she can trigger a cert regeneration
Non Goal:
- change host name / node identity
- make rotation faster
- any existing cert we have today should not have modified expiration period
Acceptance Criteria:
- documentation with findings
- OpenShift KEP
Attachments
Issue Links
- blocks
-
OCPSTRAT-714 Comprehensive overhaul of handling OCP internal cert & keys
- In Progress
- is cloned by
-
OCPSTRAT-642 [Part 1] Fallback (Protocol) for Emergency Certificate Rotation
- Closed
- is related to
-
OCPBUGS-30741 kube-scheduled certificates not correctly rotated after restart of cluster powered of for 2 months
- New
-
API-1687 Impact cert issues after 4.14 to 4.15 upgrade
- Review
-
OCPSTRAT-642 [Part 1] Fallback (Protocol) for Emergency Certificate Rotation
- Closed
- relates to
-
API-1376 OpenShift 4.X supports an official process to shut down, restart, and resume an OpenShift cluster from a powered off state, this function should be continuously validated, supported, and guaranteed for consumers for DR and lifecycle use-cases
- New