Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-29674

[Operator] Propagate CA bundle to the ValidatingWebhookConfiguration of admission-control

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • OpenShift Operator
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False

      Overview:

      When rotating the leaf certificate of admission-control, if the CA that was used to sign the leaf certificate is changed, the caBundle field of the ValidatingWebhookConfiguration must be updated to contain the new CA.

      The ValidatingWebhookConfiguration is owned by the Operator (or Helm), so the update has to be done by the Operator, which can cause syncing issues with Sensor (which handles the CA rotation and cert refresh). We should try to avoid downtime of admission-control.

      A high level summary that describes this Task in a clear, concise way. Complete during New status.

      Acceptance Criteria:

      A list of specific needs or objectives that this task must deliver in order to be considered complete. Complete during Refinement status.

              rh-ee-vbologa Vlad Bologa
              rh-ee-vbologa Vlad Bologa
              ACS Install
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: