Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-855

Ensure HyperShift Deployed Components Meet New Cert Handling Criteria

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 50% To Do, 0% In Progress, 50% Done
    • 6
    • 0

      Problem Statement 

      In line with OCPSTRAT-714, which overhauls the handling of OCP internal certs & keys, we need to ensure that the components deployed directly by the HyperShift operator, especially those which do not follow the usual operator approach, meet the new criteria.

       

      TODO:

      • Review all components directly deployed by the Hypershift operator, especially those like kas, etcd, kcm, konnectivity, etc. where we don't run the corresponding cluster operator.
      • Ensure these components' certificate handling mechanisms are compliant with the criteria listed in OCPSTRAT-714.
      • Implement changes if any discrepancies are found.

      Additional Notes 

      This task focuses on the components unique to HyperShift and hosted control planes vs those deployed via the CPO (standard OpenShift components).

      For CPO deployed components withing the HyperShift architecture, teams owning the OpenShift components that were refactored to match the HyperShift architecture, should keep updating their CI to ensure compliance with the cert rotation mechanisms. 
       
       

              azaalouk Adel Zaalouk
              azaalouk Adel Zaalouk
              Yu Li Yu Li
              Servesha Dudhgaonkar Servesha Dudhgaonkar
              Adel Zaalouk Adel Zaalouk
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: