cluster-api-provider-azure icon indicating copy to clipboard operation
cluster-api-provider-azure copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Automatic certificate rotation

Open ritazh opened this issue 4 years ago • 22 comments

/kind documentation

Describe the solution you'd like [A clear and concise description of what you want to happen.] Documentation, guidance, and known issues around how to perform cert rotation for both leaf and CA cert rotation. Beyond these: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#automatic-certificate-renewal https://cluster-api.sigs.k8s.io/tasks/certs/using-custom-certificates.html

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Environment:

  • cluster-api-provider-azure version:
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):

ritazh avatar Aug 31 '21 18:08 ritazh

@ritazh Can you provide a bit more insight on the task?

sayantani11 avatar Sep 02 '21 22:09 sayantani11

I would like to work on it, but would require some help

sayantani11 avatar Sep 06 '21 16:09 sayantani11

It would be great to have a step-by-step guide to help users get started on how to perform cert rotation for both leaf and CA cert rotation, including known issues and recommendations. The links above are pretty high level. FYI @devigned

ritazh avatar Sep 07 '21 15:09 ritazh

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 06 '21 16:12 k8s-triage-robot

/remove-lifecycle stale

devigned avatar Dec 06 '21 16:12 devigned

I would like to try this issue.

sayantani11 avatar Jan 09 '22 16:01 sayantani11

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 09 '22 17:04 k8s-triage-robot

/remove-lifecycle stale

shysank avatar Apr 12 '22 16:04 shysank

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 11 '22 17:07 k8s-triage-robot

/remove-lifecycle stale

jackfrancis avatar Jul 12 '22 11:07 jackfrancis

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 10 '22 11:10 k8s-triage-robot

/remove-lifecycle stale

jackfrancis avatar Oct 14 '22 18:10 jackfrancis

Lots of things changing in this space, so probably best to document after things here are merged. i.e. https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/915

dtzar avatar Jan 04 '23 00:01 dtzar

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 04 '23 01:04 k8s-triage-robot

Housekeeping! Do we keep this open @CecileRobertMichon @dtzar ?

nawazkh avatar Apr 04 '23 21:04 nawazkh

I feel like this should be at the CAPI level first

dtzar avatar Apr 04 '23 21:04 dtzar

Agree ^

CecileRobertMichon avatar Apr 04 '23 22:04 CecileRobertMichon

/remove-lifecycle stale

Still a valid request. Even when/if an implementation or spec for CAPI is addressed, it's possible we might still want an Azure-specific implementation (i.e. connecting the CAPZ machine control plane cluster secrets with Key Vault and then using Key Vault for rotation)

dtzar avatar Apr 05 '23 16:04 dtzar

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 04 '23 17:07 k8s-triage-robot

/remove-lifecycle stale

nawazkh avatar Jul 26 '23 21:07 nawazkh

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 25 '24 08:01 k8s-triage-robot

/remove-lifecycle stale /lifecycle frozen

dtzar avatar Jan 25 '24 21:01 dtzar