-
Epic
-
Resolution: Done
-
Critical
-
None
-
None
-
Fallback (Protocol) for Emergency Certificate Rotation
-
BU Product Work
-
False
-
None
-
False
-
Not Selected
-
To Do
-
OCPSTRAT-1395 - Automated control-plane recovery from expired certificates (hibernation)
-
-
0% To Do, 0% In Progress, 100% Done
Goal:
- recover the cluster when certs expire while a node is down
- should work for OpenShift (both HA and Single)
- Ideally, if possible, we want to make it an automated repair process.
- cover both rebooted node and suspended node
- Evaluate (during the research) effort to provide a mechanism to the admin so he/she can trigger a cert regeneration
Non Goal:
- change host name / node identity
- make rotation faster
- any existing cert we have today should not have modified expiration period
Acceptance Criteria:
- documentation with findings
- OpenShift KEP
- blocks
-
OCPSTRAT-714 Provide Detailed Administrative Control of all OCP Certs and Keys
-
- In Progress
-
- is cloned by
-
OCPSTRAT-642 [Part 1] Fallback (Protocol) for Emergency Certificate Rotation
-
- Closed
-
- is depended on by
-
OCPBUGS-30741 kube-scheduled certificates not correctly rotated after restart of cluster powered of for 2 months
-
- New
-
- is related to
-
API-1687 Impact cert issues after 4.14 to 4.15 upgrade
-
- Review
-
-
-
- Closed
-
- relates to
-
-
- New
-
