Skip to content
This repository has been archived by the owner on Jul 16, 2024. It is now read-only.

Support etcd certificate rotation #56

Closed
sarun87 opened this issue Aug 30, 2018 · 10 comments
Closed

Support etcd certificate rotation #56

sarun87 opened this issue Aug 30, 2018 · 10 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
Next

Comments

@sarun87
Copy link
Contributor

sarun87 commented Aug 30, 2018

The Peer, Client and Server certs we generate today is valid for one year. We will need to run etcdadm reset followed by etcdadm join/init to create new certs within the given year for the etcd cluster to continue functioning.

Cert rollover needs to be implemented.
@dlipovetsky dlipovetsky changed the title etcd certs rollover must be possible Support etcd certificate rotation Sep 19, 2018
@sarun87 sarun87 added kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. labels Oct 3, 2018
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 25, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 25, 2019
@dlipovetsky dlipovetsky removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Jun 14, 2019
@kimtore
Copy link

kimtore commented Jul 5, 2019

My cluster refuses to start today because the etcd certificates expired. I was looking for some tooling to automatically renew them, but it seems I have to do it manually? This cluster was created using kubeadm.

@dlipovetsky dlipovetsky added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Aug 27, 2019
@dlipovetsky dlipovetsky added this to the Next milestone Oct 21, 2019
@pytimer pytimer mentioned this issue Dec 22, 2019
Closed
@pytimer
Copy link
Contributor

pytimer commented Dec 22, 2019

I send a PR to implement certificates rotation, if someone needs, welcome to review it.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 21, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 20, 2020
@dlipovetsky dlipovetsky removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label May 5, 2020
justinsb added a commit to justinsb/etcdadm that referenced this issue Jul 25, 2020
@justinsb
Merge pull request kubernetes-retired#56 from justinsb/vfs_discovery
fc50093 
Initial VFS discovery mechanism
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 3, 2020
justinsb added a commit to justinsb/etcdadm that referenced this issue Aug 28, 2020
@justinsb
Merge pull request kubernetes-retired#56 from justinsb/vfs_discovery
58964e8 
Initial VFS discovery mechanism
justinsb added a commit to justinsb/etcdadm that referenced this issue Aug 29, 2020
@justinsb
Merge pull request kubernetes-retired#56 from justinsb/vfs_discovery
6b76c6b 
Initial VFS discovery mechanism
justinsb pushed a commit to justinsb/etcdadm that referenced this issue Aug 29, 2020
@kirrmann
Merge pull request kubernetes-retired#56 from justinsb/vfs_discovery
30401c3 
Initial VFS discovery mechanism
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Sep 2, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

justinsb added a commit to justinsb/etcdadm that referenced this issue Dec 4, 2020
@justinsb
Merge pull request kubernetes-retired#56 from justinsb/vfs_discovery
2e6fdd7 
Initial VFS discovery mechanism
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
Next
Development

No branches or pull requests
6 participants
@kimtore @sarun87 @dlipovetsky @pytimer @k8s-ci-robot @fejta-bot