Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a tool script for updating the certificates and private keys #2400

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add a tool script for updating the certificates and private keys #2400

wants to merge 1 commit into from

Conversation

lfbear
Copy link
Member

@lfbear lfbear commented Aug 22, 2022

Signed-off-by: lfbear [email protected]

What type of PR is this?

  1. converge function generate_cert_secret to util.sh
  2. add a script for updating all certificates and private keys

What this PR does / why we need it:

For early users, the expiration date of certificates and private keys was only one year. The expiration of the cert will lead to an unavailable status for some components, such as Etcd.
This script will re-sign all certs and keys and update the related secrets in Karmada's host cluster. It will also update the credentials in Karmada's kubeconfig file.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from lfbear after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 22, 2022
@RainbowMango
Copy link
Member

So glad that see you back @lfbear :)

@lonelyCZ
Copy link
Member

Cool, I think this feature also need to be realized in karmadactl in the future.

@RainbowMango
Copy link
Member

@chaosi-zju Please look at this.

I'm so sorry for missing this. Nowadays, a lot of users want a tools to update their certificates.

@RainbowMango RainbowMango added this to the v1.10 milestone Apr 11, 2024
@chaosi-zju
Copy link
Member

@chaosi-zju Please look at this.
I'm so sorry for missing this. Nowadays, a lot of users want a tools to update their certificates.

ok, I am interested in this PR too, review is on going.

But before I give any comments, I would like to spend some time investigating the official practice of k8s certificate rotation. since this is a key feature, we will strive to make it the best.

@RainbowMango
Copy link
Member

Make sense.

@RainbowMango
Copy link
Member

I hope this could be done along with karmada-io/community#69.

@RainbowMango RainbowMango modified the milestones: v1.10, v1.11 May 29, 2024
@RainbowMango RainbowMango modified the milestones: v1.11, v1.12 Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikaven1024 ikaven1024 Awaiting requested review from ikaven1024

@mrlihanbo mrlihanbo Awaiting requested review from mrlihanbo

Assignees
No one assigned
Labels
size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.12
Development

Successfully merging this pull request may close these issues.
5 participants
@lfbear @karmada-bot @RainbowMango @lonelyCZ @chaosi-zju