Request to provide a clear documentation for CA rotation for those who want to do it #19165
Comments
|
/sig auth |
k8s-ci-robot
added
the
sig/auth
|
@abhiTamrakar as pointed out earlier, it would be best to notify SIG Auth on their slack channel or zoom meeting about this ticket. |
|
@neolit123 Yes sure, will do that. |
|
Is this also /sig cluster-lifecycle? |
ideally the documentation for CA rotation should be deployer agnostic (e.g. not being a guide for kubeadm). |
|
I was thinking about cluster lifecycle in general per https://github.com/kubernetes/community/blob/master/sig-cluster-lifecycle/charter.md#sig-cluster-lifecycle-charter rather than specifically about |
|
@sftim It should be a part of cluster lifecycle as certificates would anyways be a part of it, irrespective of the individual segregation of entities. |
it's certainly not in the SIG Cluster Lifecycle charter to own this space or to document it (maybe falling under the "Improving the Kubernetes user experience for cluster administration", umbrella but that's too generic anyway). /sig cluster-lifecycle |
k8s-ci-robot
added
the
sig/cluster-lifecycle
|
I'd like to make a PR documenting how to do this. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
preventing it from rotting, since the PR is WIP /remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
/assign @abhiTamrakar |
|
@neolit123: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is a Bug Report
Problem: There is no documentation for CA rotation, kubernetes does not supports it through kubeadm and it is also not documented anywhere.
Issue link: kubernetes/kubeadm#2027
Proposed Solution:
I tried and successfully rotated the CA manually, there are some issues with kubelet which I am working but otherwise I was able to rotate the CA.
Steps recorded in kubernetes/kubeadm#2027. If this is not the right way, I would say help me and other people who would want to do it.
For example, my organization has a mandate to rotate CA every year and if this is documented somewhere, it would be a big help for people me and everybody using kubernetes.
Page to Update:
https://kubernetes.io/docs/tasks/tls/certificate-rotation/
Kubernetes Version: v1.16.x and v1.15.3
Additional Information:
The documentation should be a separate page references in https://kubernetes.io/docs/tasks/tls/certificate-rotation/ somewhere, so that people can actually make use of it.
This issue #18169 has some information but it is not very much related to CA rotation.
The text was updated successfully, but these errors were encountered: