Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1838

Quay operator creates with every restart a new root ca

    XMLWordPrintable

Details

    Description

      An initial creation of a root ca is fine... but do not recreate the root ca with every restart...
      The recreation will break reencrypted routes and has as a drawback the "trust-the-new-root-ca"-procedure.

      If the QuayRegistry is restarting (by any reason) the already existing root ca should be reuse... as long as it is still a valid one!

      Maybe the Quay operator should hold one "Quay root ca" for the whole cluster and sign freshly made certs with this "operator root ca"!

      Attachments

        Issue Links

          Activity

            People

              rmarasch@redhat.com Ricardo Maraschini
              rhn-gps-lbohnsack Lars Bohnsack
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: