Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- 4.18-candidate
- needs-grooming

Epic Name:
Implement CA Certificate Rotation
Work Type:
BU Product Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Yellow
Epic Status:
To Do
Feature Link:
OCPSTRAT-693 - Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys
Parent Link:
OCPSTRAT-693Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys
Hierarchy Progress Bar:

100% To Do, 0% In Progress, 0% Done

Cost of Delay:
0
WSJF:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Self-hosted OCP rotates not only serving certificates but also the CA signers.

See: https://github.com/openshift/cluster-kube-apiserver-operator/blob/72074e8e5494c42c9517c7376193d5216246f567/pkg/operator/certrotationcontroller/certrotationcontroller.go

We need to implement a similar mechanism in HyperShift

is related to

HOSTEDCP-1779 Allow setting custom cert expiration and rotation times.

Release Pending

OCPSTRAT-693 Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys

Refinement

relates to

OCPSTRAT-591 HyperShift Core Component Readiness for GA - Part I

Closed

links to

openshift/hypershift#1657: Ignition server: Use common pki code

Assignee:: Cesar Wong

Reporter:: Adel Zaalouk

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2022/05/23 1:27 PM

Updated:: 2024/09/04 9:39 PM