-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
BU Product Work
-
2
-
False
-
None
-
False
-
OCPSTRAT-1422 - [etcd] Automatic rotation of etcd signer certs when the cluster is still online
-
-
-
ETCD Sprint 256
For backward compatibility we tried to keep the previous named certificates the way they were:
https://github.com/openshift/cluster-etcd-operator/blob/master/pkg/operator/starter.go#L614-L639
Many of those are currently merely copied with the ResourceSyncController and could be replaced with their source configmap/secret.
This should help with easier understanding and mental load of the codebase.
Some replacement suggestions:
- etcd-serving-ca -> etcd-ca-bundle
- etcd-peer-client-ca -> etcd-ca-bundle
- etcd-metrics-proxy-serving-ca -> etcd-metrics-ca-bundle
- etcd-metrics-proxy-client-ca -> etcd-metrics-ca-bundle
AC:
- replaced the above suggestions
- updated static pod manifests and references in backups
- updated docs/etcd-tls-assets.md