Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-642

[Part 1] Fallback (Protocol) for Emergency Certificate Rotation

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • None
    • openshift-4.13
    • API & Datastore
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-714Comprehensive overhaul of handling OCP internal cert & keys
    • 100
    • 100% 100%
    • 0
    • 0

      https://docs.google.com/document/d/198C4xwi5td_V-yS6w-VtwJtudHONq0tbEmjknfccyR0/edit#heading=h.oynu7bkhz613

       

      Goal:

      • recover the cluster when certs expire while a nod is down
      • should work for OpenShift (both HA and Single)
      • Ideally, if possible, we want to make it an automated repair process. 
      • cover both rebooted node and suspended node
      • Evaluate (during the research) effort to provide a mechanism to the admin so he/she can trigger a cert regeneration

       

      Non Goal:

      • change host name / node identity
      • make rotation faster
      • any existing cert we have today should not have modified expiration period

       

      Acceptance Criteria:

      • documentation with findings
      • OpenShift KEP 

            wcabanba@redhat.com William Caban
            dgrisonn@redhat.com Damien Grisonnet
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: