-
Epic
-
Resolution: Done
-
Critical
-
None
-
None
-
Allow setting custom cert expiration and rotation times.
-
BU Product Work
-
False
-
None
-
False
-
Not Selected
-
To Do
-
OCPSTRAT-693 - Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys
-
-
0% To Do, 50% In Progress, 50% Done
-
Hypershift Sprint 256, Hypershift Sprint 257, Hypershift Sprint 258
-
0
-
0
-
0
User Story:
As a hypershift QE, I want to be able to:
- Set the certificate expiration time of a HostedCluster's certificates to a custom duration via HostedCluster annotation.
- Set the certificate rotation time of a HostedCluster's certificates to a custom duration via HostedCluster annotation.
so that I can achieve
- Verify that a HostedCluster continues to function after its certificates have rotated and old ones have expired.
Acceptance Criteria:
- Annotation to set custom expiration and rotation times takes effect on certificates created in a HostedCluster namespace.
Engineering Details:
- Validity is hardcoded here: https://github.com/openshift/hypershift/blob/3efa23b932a59681346a7a432d349cfb6e44b13d/support/certs/tls.go#L363
- Rotation period is hardcoded here: https://github.com/openshift/hypershift/blob/3efa23b932a59681346a7a432d349cfb6e44b13d/support/certs/tls.go#L367
This does not require a design proposal.
This does not require a feature gate.
- blocks
-
OCPBUGS-36133 Unable to access the production ROSA HCP clusters - IBM 4.13
-
- New
-
- relates to
-
-
- New
-
- links to
