Uploaded image for project: 'OpenShift Etcd'
  1. OpenShift Etcd
  2. ETCD-378

ETCD Signer Certificates cannot be rotated

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • None
    • False
    • None
    • False

      Description of problem:

      Currently, it's not possible to manually rotate the ETCD signer certificates. This may be required under certain scenarios.

      Version-Release number of selected component (if applicable):

      All releases

      How reproducible:

      Always

      Steps to Reproduce:

      1. Delete signer certs
     oc -n openshift-config delete secret etcd-signer
     oc -n openshift-config delete secret etcd-metric-signer

      Actual results:

      New signer certs won't be generated

      Expected results:

      New signer certs generated, new serving and client certs issued by the new signer certs and ETCD components restarted to use them.

      Additional info:

      Some telco customers are requesting this feature, an RFE was opened. https://issues.redhat.com/browse/RFE-3276

              dwest@redhat.com Dean West
              mavazque@redhat.com Mario Vazquez Cebrian
              Ge Liu Ge Liu
              Votes:
              3 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: