Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-577

Ability to specify maintenance window for cert rotation

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-16OpenShift - Kubernetes and Core Platform
    • 0
    • 0% 0%
    • 0
    • 0

      Feature Overview

      Provide the ability to specify an optional time slot on which the kube-apiserver cert renewal may be proceed to avoid causing API instability during critical hours for the customer.

      Due to automatic renewal of kube-apiserver cert renewal, Cu is not able to pause this process and this is affecting cluster operations during peak hours. Either they want a way to pause this renewal so they can schedule it during night hours instead of peak hours. This is happening during peak hours and API Server returned 502 to some requests hence they want to schedule these renewals during night times.

      https://issues.redhat.com/browse/RFE-3055
      https://issues.redhat.com/browse/RFE-1994

      Might need coordination with https://issues.redhat.com/browse/RFE-2799

      Goals

      • Have cluster admin to optionally be able to define time slots where kube-apiserver cert renewal can proceed
      • Test the feature
      • Document how to use the feature

            wcabanba@redhat.com William Caban
            wcabanba@redhat.com William Caban
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: