Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle updates to certs or CA info #2

Merged
merged 1 commit into from Jul 15, 2019

Conversation

@johnsca
Copy link
Contributor

commented Jun 27, 2019

If the certificates or CA info is updated (re-issued, transferred to a different CA, etc), the charm needs to handle that by updating the files on disk (already done) and restarting the services (added here).

If the certificates or CA info is updated (re-issued, transferred to a
different CA, etc), the charm needs to handle that by updating the files
on disk (already done) and restarting the services (added here).
@Cynerva

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

LGTM. Has this been tested?

@johnsca

This comment has been minimized.

Copy link
Contributor Author

commented Jul 1, 2019

Sorry, yes. This was tested on AWS by doing the following:

  1. Deploy CDK with the four patched charms & docker subordinate, wait to settle
  2. Run some test pod in the cluster (I used busybox, but see below)
  3. Add Vault to the cluster, wait to settle
  4. Unseal Vault, wait to settle
  5. Remove EasyRSA, wait to settle
  6. Update kubectl config
  7. Confirm pod is still functioning

The one downside of using busybox to test was that the connection was going through kubectl so I couldn't maintain a constant connection to it. However, processes that I left running were still running after the changeover.

@Cynerva

This comment has been minimized.

Copy link
Contributor

commented Jul 10, 2019

@Cynerva Cynerva merged commit b4ce350 into master Jul 15, 2019
@Cynerva Cynerva deleted the johnsca/bug/cert-ca-updates branch Jul 15, 2019
Cynerva added a commit that referenced this pull request Jul 30, 2019
If the certificates or CA info is updated (re-issued, transferred to a
different CA, etc), the charm needs to handle that by updating the files
on disk (already done) and restarting the services (added here).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.