Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-855

Ensure HyperShift Deployed Components Meet New Cert Handling Criteria

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • 50
    • 50% 50%
    • 0
    • 0

    Description

      Problem Statement 

      In line with OCPSTRAT-714, which overhauls the handling of OCP internal certs & keys, we need to ensure that the components deployed directly by the HyperShift operator, especially those which do not follow the usual operator approach, meet the new criteria.

       

      TODO:

      • Review all components directly deployed by the Hypershift operator, especially those like kas, etcd, kcm, konnectivity, etc. where we don't run the corresponding cluster operator.
      • Ensure these components' certificate handling mechanisms are compliant with the criteria listed in OCPSTRAT-714.
      • Implement changes if any discrepancies are found.

      Additional Notes 

      This task focuses on the components unique to HyperShift and hosted control planes vs those deployed via the CPO (standard OpenShift components).

      For CPO deployed components withing the HyperShift architecture, teams owning the OpenShift components that were refactored to match the HyperShift architecture, should keep updating their CI to ensure compliance with the cert rotation mechanisms. 
       
       

      Attachments

        Issue Links

          is related to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-693 Implement Rotation Procedure for Hypershift Cluster CAs/Certs/Keys

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Refinement

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. OCPSTRAT-714 Comprehensive overhaul of handling OCP internal cert & keys

          • Critical - To be worked on immediately following BLOCKER issues.
          • In Progress

          Activity

            People

              azaalouk Adel Zaalouk
              azaalouk Adel Zaalouk
              Yu Li (李宇) Yu Li (李宇)
              Servesha Dudhgaonkar Servesha Dudhgaonkar
              Adel Zaalouk Adel Zaalouk
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: