Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Labels:
None

Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
ETCD-445
Feature Link:
OCPSTRAT-1104 - [etcd] rotation of etcd signer certs when the cluster is still online
Intelligence Requested:
Market:

Sprint:
ETCD Sprint 248, ETCD Sprint 249

SFDC Cases Links:
SFDC Cases Counter:

Refactoring in ~~ETCD-512~~ creates a rotation due to incompatible certificate creation processes. We should update the render [1] the same way the controller manages the certificates. Keep in mind that important information are always stored in annotations, which means we also need to update the manifest template itself (just exchanging file bytes isn't enough).

AC:

CEO should render the same certificates it would otherwise when the refactored CertSignerController runs
test that a fresh installation avoids re-creating certificates after the bootstrap phase

[1] https://github.com/openshift/cluster-etcd-operator/blob/master/pkg/cmd/render/render.go#L347-L365

clones

ETCD-516 CEO needs to react on changing CA cert bundle and client certs

Closed

is caused by

ETCD-512 Use the library-go cert rotation controller in etcd-operator

Closed

is cloned by

ETCD-518 Refactored CertSignerController needs to garbage collect unused node certs

Closed

links to

openshift/cluster-etcd-operator#1186: ETCD-517: run certsignercontroller for bootstrap render

Assignee:: Thomas Jungblut

Reporter:: Thomas Jungblut

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/01/17 10:11 AM

Updated:: 2024/02/14 2:05 PM

Resolved:: 2024/02/14 2:05 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates