-
Feature Request
-
Resolution: Done
-
Normal
-
None
-
openshift-4.14.z
-
False
-
None
-
False
-
Not Selected
-
-
1. Proposed title of this feature request
Document Procedure to revoke Internal OpenShift Certificates
2. What is the nature and description of the request?
Segments considered critical infrastructure where OpenShift is being used have specific to comply with specific regulations and standards. One of these industries is Telco.
Currently OpenShift self-manages certificates for internal components inside the cluster. These certificates are managed without the end user interfering. However, if a certificate needs to be revoked because, for example, the private key has been compromised, it should be possible for the user to revoke the certificate internally, create a new certificate without impacting cluster's availability.
There is a non-documented procedure to do this, and the this RFE is to document this procedure and include it as part of customer documentation.
3. Why does the customer need this? (List the business requirements here)
Ensure confidentiality of thei application and to comply with regulatory frameworks.
4. List any affected packages or components.
All OpenShift Certificates inside the cluster.
- is incorporated by
-
OCPSTRAT-159 Auto removal of expired certificates from secrets [etcd, kube-apiserver, ocp-apiserver]
- Closed
- relates to
-
OCPSTRAT-159 Auto removal of expired certificates from secrets [etcd, kube-apiserver, ocp-apiserver]
- Closed