Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-789

Certificate rotation for tracing and OpenTelemetry artifacts

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Undefined Undefined
    • rhosdt-3.3
    • None
    • PM Tracing
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% To Do, 0% In Progress, 100% Done

      Functionality

      Requested in OBSDA-174

      The Service CA certificates are updated automatically, but Pods should also automatically reload.

      CA certificates are valid for 26 months and will be renewed after 13 months.[1]

      This is based on the life cycle of the minor version of OCP would reach EOL in 12 months, but now it has been extended to 18 months, so in some cases the problem became apparent and customers found the problem. Customers will have to fix it manually after seeing so.

      To avoid experiencing this issue, the pod should automatically reload the new certificate.

       

      [1] Securing service traffic using service serving certificates - Configuring certificates
      https://docs.openshift.com/container-platform/4.10/security/certificates/service-serving-certificate.html#manually-rotate-service-ca_service-serving-certificate

      Scope

      Tempo and OpenTelemetry operator artifacts. Nice to have (must be at least considered) Jaeger.

              rh-ee-jgomezse Jose Gomez-Selles
              rh-ee-jgomezse Jose Gomez-Selles
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: