Uploaded image for project: 'OpenShift API Server'
  1. OpenShift API Server
  2. API-1603

Fallback (Protocol) for Emergency Certificate Rotation

    XMLWordPrintable

Details

    • Epic
    • Resolution: Unresolved
    • Critical
    • None
    • openshift-4.13
    • kube-apiserver
    • Fallback (Protocol) for Emergency Certificate Rotation
    • False
    • None
    • False
    • Not Selected
    • To Do
    • 50
    • 50% 50%

    Description

      https://docs.google.com/document/d/198C4xwi5td_V-yS6w-VtwJtudHONq0tbEmjknfccyR0/edit#heading=h.oynu7bkhz613

       

      Goal:

      • recover the cluster when certs expire while a node is down
      • should work for OpenShift (both HA and Single)
      • Ideally, if possible, we want to make it an automated repair process. 
      • cover both rebooted node and suspended node
      • Evaluate (during the research) effort to provide a mechanism to the admin so he/she can trigger a cert regeneration

       

      Non Goal:

      • change host name / node identity
      • make rotation faster
      • any existing cert we have today should not have modified expiration period

       

      Acceptance Criteria:

      • documentation with findings
      • OpenShift KEP 

      Attachments

        Issue Links

          blocks

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. OCPSTRAT-714 Comprehensive overhaul of handling OCP internal cert & keys

          • Critical - To be worked on immediately following BLOCKER issues.
          • In Progress
          is cloned by

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-642 [Part 1] Fallback (Protocol) for Emergency Certificate Rotation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-30741 kube-scheduled certificates not correctly rotated after restart of cluster powered of for 2 months

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New

          Spike - Represents a research-related task. API-1687 Impact cert issues after 4.14 to 4.15 upgrade

          • Critical - To be worked on immediately following BLOCKER issues.
          • Review

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-642 [Part 1] Fallback (Protocol) for Emergency Certificate Rotation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. API-1376 OpenShift 4.X supports an official process to shut down, restart, and resume an OpenShift cluster from a powered off state, this function should be continuously validated, supported, and guaranteed for consumers for DR and lifecycle use-cases

          • Undefined - Priority not specified.
          • New

          Activity

            People

              dgrisonn@redhat.com Damien Grisonnet
              dgrisonn@redhat.com Damien Grisonnet
              Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated: