StarlingX

  1. Bug #1838659
  2. Comment #24

Comment 24 for bug 1838659

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (r/stx.2.0)

Reviewed: https://review.opendev.org/705387
Committed: https://git.openstack.org/cgit/starlingx/config/commit/?id=16f3c29c7db3b01d48f57437f731c053d11f03c1
Submitter: Zuul
Branch: r/stx.2.0

commit 16f3c29c7db3b01d48f57437f731c053d11f03c1
Author: Mingyuan Qi <email address hidden>
Date: Thu Oct 31 11:16:01 2019 +0800

    Rotate k8s certificate automatically

    By default, k8s cluster certificates generated by kubeadm have 1
    year expiration. After certificates expired, k8s will not rotate
    them automatically.

    This commit checks the cert expiration date every day and rotates
    them automatically if they expires within 90 days. After cert
    renewed, all the k8s master component configurations will be updated.

    An alarm will be sent to fm to notify the administrator to
    reboot the controllers or renew the certs manually if the automatic
    process fails.

    Change-Id: I383120b8904857bcf09ad6ca999900ce8eda9b95
    Closes-Bug: 1838659
    Depends-On: https://review.opendev.org/#/c/705383/
    Depends-On: https://review.opendev.org/#/c/705382/
    Signed-off-by: Mingyuan Qi <email address hidden>