Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- no-docs
- qe

Story Points:
5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

Sprint:
PODAUTO - Sprint 264

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

As a cluster admin, I want my server to still be handling my admission requests, if my webhook CA cert happens to rotate or get changed.

As of now, we don't have any implementation of this in the code, however VPA 1.2.0 seems to include this change here to automatically rotate the TLS cert and key, but not the CA cert if need be. Our 4.17 VPA uses upstream VPA 1.1.2, so once we upstream rebase 4.18, at least that part should be good to go (we still need to test this since the PR doesn't seem to actually restart the server to handle new certs). But the CA cert still needs to be watched.

relates to

OCPBUGS-39345 vpa-admission-plugin-default pods are filled with TLS handshake errors

Closed

Assignee:: Max Cao

Reporter:: Max Cao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/10/10 6:22 PM

Updated:: 2024/11/21 3:42 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty