talos icon indicating copy to clipboard operation
talos copied to clipboard

Published 20 hours ago verified publisher icon siderolabs

etcd / k8s-aggregator CA rotation

Open pQraus opened this issue 1 year ago • 0 comments

Feature Request

It would be nice to have an option to rotate the CA for etcd and k8saggregator, like / with talosctl rotate-ca --etcd=true.

Description

Currently only the os ca and kube CA can be rotated with talosctl. To rotate the etcd CA, you must manually create a new certificate and update the machine configuration. This must be done if the etcd CA is compromised or the certificate is about to expire.

pQraus avatar May 27 '24 11:05 pQraus