Uploaded image for project: 'Machine Config Operator'
  1. Machine Config Operator
  2. MCO-1323

Stop writing root-ca to disk

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • 3
    • False
    • None
    • False
    • OCPSTRAT-709 - [internal] All OCP internal certificate chains must have clear ownership
    • MCO Sprint 259
    • 0
    • 0.0

      We currently writing rootCA to disk via this template: https://github.com/openshift/machine-config-operator/blob/master/templates/common/_base/files/root-ca.yaml 

      Nothing that we know of currently uses this file and as it is templated via MC, any updates to configmap(root-ca in the kube-system namespace) used to generated this template will cause a MC roll-out. We will be updating this configmap as part of cert rotation in MCO-643, so we'd like to prevent unnecessary rotation by removing this template.

            djoshy David Joshy
            djoshy David Joshy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: