A critical audit of certificate information for OpenShift operators is required due to a recent GitLab incident.

Each operator team must audit and capture the following details for their certificates :

• System/User Managed: Whether the certificate is system or user managed (or both).

• Purpose: The function of the certificate.

• Duration: The total validity period.

• Rotation Automation: Whether automatic rotation is provided.

• Validity Timing: How long the certificate is valid for (e.g., 30 days, one year).

Action Item: Run Script and Submit Data

To simplify this process, Ramon Acedo Rodriguez has created a script to automate data collection.

1. Run the Script:

• Log into an installed cluster as kube-admin.

• Run the script created by Ramon: https://github.com/racedo/openshift-certificate-analyzer/blob/main/get-all-cluster-certificates.sh

2. Submit the Data:

• The script will generate a CSV file containing all the necessary certificate information.

• You must then extract the line entries/rows for your specific operator(s) and insert them directly into the "layered operator inputs" spreadsheet.