Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Labels:
None

Work Type:
Strategic Product Work
Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
ETCD-445
Feature Link:
OCPSTRAT-1104 - [etcd] manual rotation of etcd signer certs when the cluster is still online
Intelligence Requested:
Market:

Sprint:
ETCD Sprint 249, ETCD Sprint 250

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Refactoring in ~~ETCD-512~~ does not clean up certificates that are dynamically generated. Imagine you're recreating all your master nodes everyday, we would create new peer/serving/metrics certificates for each node and never clean them up.

We should try to be conservative when cleaning them up, so keep them around for a certain retention period (7-10 days?) after the node went away.

AC:

CEO should clean up old-enough "node" certificates

clones

ETCD-517 CEO render should reuse library-go rotation CAs, bundles and certs

Closed

is caused by

ETCD-512 Use the library-go cert rotation controller in etcd-operator

Closed

links to

openshift/cluster-etcd-operator#1209: ETCD-518: garbage collect unused dynamic certs

Assignee:: Thomas Jungblut

Reporter:: Thomas Jungblut

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/01/17 3:48 PM

Updated:: 2024/11/24 12:36 AM

Resolved:: 2024/03/07 12:22 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates