Consider making autocert with kubernetes more robust

Bug #1776507 reported by Joel Sing
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
autocert-charm
Triaged
Low
Unassigned

Bug Description

When the autocert charm is used with kubernetes, it deploys a cronjob that runs the autocert client - on completion of an update, the autocert client runs the autocert-kubernetes script to push the new key/cert/chain into kubernetes. If this fails for any reason, we will not recover since on the next autocert run it will not see any change in the on disk certificates.

Given that most of our deployments are running with multiple masters, we may avoid this by having the second master update and push the secret into kubernetes successfully. The alternative would be to run the autocert-kubernetes script on a more regular basis (e.g. daily), in addition to running it from autocert.

Joel Sing (jsing)
Changed in autocert-charm:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.