-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
-
BU Product Work
-
False
-
-
False
-
33% To Do, 0% In Progress, 67% Done
-
XL
-
0
-
Backlog Refinement
Feature Overview
We have a documented manual procedure https://access.redhat.com/articles/regenerating_cluster_certificates to rotate internal platform certificates. The platform should provide a declarative way to trigger this procedure. This feature creates a cluster-level API for the cluster admin to initiate that process.
This should allow cluster operators to watch this attribute for when a rotation is requested (e.g., "rotation requested") and report rotation status and progress (e.g., rotating, completed, failing). The concept is to provide a cluster-level certificate registry for the internal platform certificates.
Goals
Provide a source of truth for cluster certificates with a declarative API for triggering certificate rotation.
Requirements
- After the feature is implemented, CI-test should prevent the creation of cluster-level certificates not following the notifications for the cert rotation
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. Initial completion during Refinement status.
Interoperability Considerations
Which other projects and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.