Hello Teams,

A critical audit of certificate information for OpenShift operators is required due to a recent GitLab incident. While platform-side audits are complete, we need each operator team's cooperation to collect necessary data.
 
 
 
 
 
 

• This is a action to ensure compliance and security across the OpenShift operator portfolio.
   
   
   
   

• The goal is to complete the audit by the end of 2025.
   
   
   
   
   
   

Required Certificate Details

Each operator team must audit and capture the following details for their certificates :
 
 
 
 
 
 

System/User Managed: Whether the certificate is system or user managed (or both).
 
 
 
 
 
 

Purpose: The function of the certificate.
 
 
 
 

Duration: The total validity period.
 
 
 
 
 
 

Rotation Automation: Whether automatic rotation is provided.
 
 
 
 
 

Validity Timing: How long the certificate is valid for (e.g., 30 days, one year).
 
 
 

Action Item: Run Script and Submit Data

To simplify this process, Ramon Acedo Rodriguez has created a script to automate data collection.
 
 
 
 
 
 

1. Run the Script:

• Log into an installed cluster as kube-admin.
   
   
   
   

• Run the script created by Ramon: https://github.com/racedo/openshift-certificate-analyzer/blob/main/get-all-cluster-certificates.sh
   
   
   
   
   
   

2. Submit the Data:

• The script will generate a CSV file containing all the necessary certificate information.
   
   
   
   
   
   

• You must then extract the line entries/rows for your specific operator(s) and insert them directly into the "layered operator inputs" spreadsheet. 

Failure to provide this data will result in non-compliance for your operator.