Uploaded image for project: 'OpenShift Etcd'
  1. OpenShift Etcd
  2. ETCD-378

ETCD Signer Certificates cannot be rotated

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • None
    • False
    • None
    • False

      Description of problem:

      Currently, it's not possible to manually rotate the ETCD signer certificates. This may be required under certain scenarios.

      Version-Release number of selected component (if applicable):

      All releases

      How reproducible:

      Always

      Steps to Reproduce:

      1. Delete signer certs
     oc -n openshift-config delete secret etcd-signer
     oc -n openshift-config delete secret etcd-metric-signer

      Actual results:

      New signer certs won't be generated

      Expected results:

      New signer certs generated, new serving and client certs issued by the new signer certs and ETCD components restarted to use them.

      Additional info:

      Some telco customers are requesting this feature, an RFE was opened. https://issues.redhat.com/browse/RFE-3276

            dwest@redhat.com Dean West
            mavazque@redhat.com Mario Vazquez Cebrian
            ge liu ge liu
            Votes:
            3 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: