Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-2899

MicroShift supports controlled certificate and CA renewal

XMLWordPrintable

    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Feature Overview (aka. Goal Summary)  

      MicroShift customers need a way to rotate/renew certs and CA when it is suitable to do so, e.g. in a maintenance window. This is to avoid unplanned downtime induced by restarts that the renewal requires. 

      Goals (aka. expected user outcomes)

      Provide a controlled way of triggering re-newal of certs and CA, e.g. using a command line / API call like "microshift renew-internal-certs now"

      Requirements (aka. Acceptance Criteria):

      1. Customers MUST be able to trigger immediate renewal of all internal serving certs
      2. Customers MUST be able to trigger immediate renewal of all internal CA  certs (which obviously triggers renewal of all servering certs)
      3. Customers SHOULD be able to configure expiry date of all internal serving certs in the MicroShift configuration (default: same as currently hardcoded 1y)
      4. Customers SHOULD be able to configure expiry date of all internal CAs in the MicroShift configuration (default: same as currently hardcoded 10y)
      5. Renewal of a serving cert SHOULD have as little impact as possible. Best would be a automated rolling update/restart of the affected component with minimal disruption/downtime. A full restart of MicroShift or even the whole system should be avoided as much as possible. 
      6. Clear messages on the impact of action are MUST be given on the response, e.g. "Certs A, B and C renewed. Restart of MicroShift required to take effect. Please make sure distribute the new client cert to where it is needed".
      7. A "--dry-run" option SHOULD be available for users to get a feeling of the impact this might have.

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios.  Initial completion during Refinement status.

      As microshift admin, I can rotate all serving certs during a maintenance window a couple of weeks/month before they expire, so that the downtime/restart falls into a convenient point in time.

      As security sensitive admin, I can configure lifetime of all serving certs to only 6 weeks, to be in line with cert management best practises. 

      Questions to Answer (Optional):

      1. This should be accompanied by Prod Security with reviews in design and implementation stage, so we are sure to apply all best practises.

      Out of Scope

      tbd

      Background

      tbd

      Customer Considerations

      This relates back to telco customer request

      Documentation Considerations

      This needs to be documented in the Configuring book of the doc, most likely in the auth and security section

      Interoperability Considerations

      none

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              None
              Lucas Celant
              Geri Peterson Geri Peterson
              John George John George
              Tami Love Tami Love
              Jon Thomas Jon Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: