Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-642

[Part 1] Fallback (Protocol) for Emergency Certificate Rotation

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • None
    • openshift-4.13
    • API & Datastore
    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-714Provide Detailed Administrative Control of all OCP Certs and Keys
    • 0% To Do, 0% In Progress, 100% Done
    • 0

      https://docs.google.com/document/d/198C4xwi5td_V-yS6w-VtwJtudHONq0tbEmjknfccyR0/edit#heading=h.oynu7bkhz613

       

      Goal:

      • recover the cluster when certs expire while a nod is down
      • should work for OpenShift (both HA and Single)
      • Ideally, if possible, we want to make it an automated repair process. 
      • cover both rebooted node and suspended node
      • Evaluate (during the research) effort to provide a mechanism to the admin so he/she can trigger a cert regeneration

       

      Non Goal:

      • change host name / node identity
      • make rotation faster
      • any existing cert we have today should not have modified expiration period

       

      Acceptance Criteria:

      • documentation with findings
      • OpenShift KEP 

              wcabanba@redhat.com William Caban
              dgrisonn@redhat.com Damien Grisonnet
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: