Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-457

Implement CA Certificate Rotation

    XMLWordPrintable

Details

    • Epic
    • Resolution: Unresolved
    • Critical
    • None
    • None
    • None
    • Implement CA Certificate Rotation
    • False
    • None
    • False
    • Yellow
    • To Do
    • 0
    • 0% 0%
    • 0
    • 0
    • 0

    Description

      Self-hosted OCP rotates not only serving certificates but also the CA signers. 

      See: https://github.com/openshift/cluster-kube-apiserver-operator/blob/72074e8e5494c42c9517c7376193d5216246f567/pkg/operator/certrotationcontroller/certrotationcontroller.go

      We need to implement a similar mechanism in HyperShift

      Attachments

        Issue Links

          is related to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-693 Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Refinement
          relates to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-591 HyperShift Core Component Readiness for GA - Part I

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/hypershift#1657: Ignition server: Use common pki code

          Activity

            People

              cewong@redhat.com Cesar Wong
              azaalouk Adel Zaalouk
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: