Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-789

Certificate rotation for tracing and OpenTelemetry artifacts

    XMLWordPrintable

Details

    • Feature
    • Resolution: Unresolved
    • Undefined
    • rhosdt-3.3
    • None
    • PM Tracing
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0
    • 0% 0%
    • 0

    Description

      Functionality

      Requested in OBSDA-174

      The Service CA certificates are updated automatically, but Pods should also automatically reload.

      CA certificates are valid for 26 months and will be renewed after 13 months.[1]

      This is based on the life cycle of the minor version of OCP would reach EOL in 12 months, but now it has been extended to 18 months, so in some cases the problem became apparent and customers found the problem. Customers will have to fix it manually after seeing so.

      To avoid experiencing this issue, the pod should automatically reload the new certificate.

       

      [1] Securing service traffic using service serving certificates - Configuring certificates
      https://docs.openshift.com/container-platform/4.10/security/certificates/service-serving-certificate.html#manually-rotate-service-ca_service-serving-certificate

      Scope

      Tempo and OpenTelemetry operator artifacts. Nice to have (must be at least considered) Jaeger.

      Attachments

        Activity

          People

            rh-ee-jgomezse Jose Gomez-Selles
            rh-ee-jgomezse Jose Gomez-Selles
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: