Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-4821

Certificate key replacement fails when Cluster Operator crashes after the trust is established

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • 2.4.0.GA
    • None
    • None
    • None
    • False
    • None
    • False

      When a Cluster CA private key is replaced, the operator needs to follow through a series of three different rolling updates:

      1. First rolling update establishes the trust to the new CA while still using the old server certificates and trusting the old CA as well
      2. Second rolling update issues and rolls out the new server certificates signed by the new CA (while still trusting the old CA as well)
      3. Third rolling update removes the trust in the old CA

      When the operator crashes between the first and second step or during the second step, it will not roll out the new server certificates signed by the new CA, but it will instead just silently bump the CA generation IDs in the secret annotations. That will cause the operands still use the old server certificates even after phase 2. That will work seemingly fine as we still trust the old CA. But in phase 3, we remove the trust in the old CA and thus break the operands.

      Created by Strimzi#8401

            Unassigned Unassigned
            scholzj JAkub Scholz
            Jakub Stejskal Jakub Stejskal
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: