Loading...

XML

Word

Printable

Type: Epic
Resolution: Done
Priority: Critical
Fix Version/s: Alongside OpenShift 4.11
Affects Version/s: None
Component/s: None
Labels:
- hypershift-core

Epic Name:
Decouple pki generation into its own component
Work Type:
BU Product Work
Blocked:
False
Ready:
False
Epic Status:
Done
Feature Link:
OCPSTRAT-99 - Introduce Certificate Management & PKI for HyperShift
Parent Link:
OCPSTRAT-99Introduce Certificate Management & PKI for HyperShift
Release Note Text:
Undefined

Sprint:
Hypershift Sprint 3, Hypershift Sprint 4
Cost of Delay:
0
WSJF:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Market:

Context:

pki generation is currently implemented by the hcp controller at creation time "statically", there's no rotation mechanism in place.

As part of decoupling the machine config lifecycle from the hcp we need it to be able to generate new certs for new machine config servers.

DoD:

If a component we own needs a certificate of any kind, that certificate should be expressed declaratively (as a cert request?) and then referenced in terms of the outcome of that request
The actual certificate generation/issuance is a concern outside hypershift itself.
Consider https://cert-manager.io/docs

Assignee:: Alvaro Aleman (Inactive)

Reporter:: Alberto Garcia Lamela

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/03/09 9:58 AM

Updated:: 2024/09/04 9:40 PM

Resolved:: 2022/01/04 7:41 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates