Consider making autocert with kubernetes more robust
Bug #1776507 reported by
Joel Sing
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
autocert-charm |
Triaged
|
Low
|
Unassigned |
Bug Description
When the autocert charm is used with kubernetes, it deploys a cronjob that runs the autocert client - on completion of an update, the autocert client runs the autocert-kubernetes script to push the new key/cert/chain into kubernetes. If this fails for any reason, we will not recover since on the next autocert run it will not see any change in the on disk certificates.
Given that most of our deployments are running with multiple masters, we may avoid this by having the second master update and push the secret into kubernetes successfully. The alternative would be to run the autocert-kubernetes script on a more regular basis (e.g. daily), in addition to running it from autocert.
Changed in autocert-charm: | |
status: | New → Triaged |
importance: | Undecided → Low |
To post a comment you must log in.