New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add summary tables to tls asset docs #529
Add summary tables to tls asset docs #529
Conversation
5ed872b
to
d70147d
Compare
docs/etcd-tls-assets.md
Outdated
| | etcd-serving-ca | openshift-etcd | | ||
| etcd-metric-signer | etcd-metric-serving-ca | openshift-etcd/etcd-metrics-proxy-client-ca | | ||
| | | openshift-etcd/etcd-metrics-proxy-serving-ca | | ||
| (bootstrap signer) | initial-etcd-signer | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This really isn't a separate CA we just reuse[1] etcd-signer based TLS assets generated by the installer.
https://github.com/openshift/cluster-etcd-operator/blob/release-4.7/pkg/cmd/render/render.go#L129
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I screwed up the name, it's initial-etcd-ca
not signer
(fixed). I'm not sure what you mean by this not being a separate CA - it's a ca bundle (i.e. stored in a configmap) and presumably used to validate certs issued by the installer CA. Any ideas why it still exists after install?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gotcha yeah it was cruft ported over from KAS-O. we removed it in 4.7[1]
[1] #501
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we can remove that line then, or mark removed after 4.7?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
small nit otherwise 🚀 yay MOAR docs! |
d70147d
to
fa62d68
Compare
@hexfusion Can we just add bugzilla/valid-bug? Having to add a tracking bug for a non-functional doc addition that requires zero qa oversight does not seem reasonable. |
fa62d68
to
62e955f
Compare
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hexfusion, marun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
manually adding BZ tag as this is non code change. |
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
No description provided.