Uploaded image for project: 'OpenShift Etcd'
  1. OpenShift Etcd
  2. ETCD-580

Shorten the cert refresh period

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • 4.16
    • None
    • None
    • ETCD Sprint 252

      Given the scope creep of the work required to enable an offline cert rotation (or an automated restore), we are going to rely on online cert rotation to ensure that etcd certs don't expire during a cluster shutdown/hibernation.

      Slack thread for background:
      https://redhat-internal.slack.com/archives/C851TKLLQ/p1712533437483709?thread_ts=1712526244.614259&cid=C851TKLLQ

      The estimated maximum shutdown period is 9 months. The refresh rate for the etcd certs can be increased so that there are always e.g 10 months left on the cert validity in the worst case i.e we shutdown right before the controller does its rotation.  

            rhn-coreos-htariq Haseeb Tariq
            rhn-coreos-htariq Haseeb Tariq
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: