Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Document Forced CA Cert Renewal and Key Replacement #1800

Merged
merged 10 commits into from
Jul 19, 2019
Merged

[DOC] Document Forced CA Cert Renewal and Key Replacement #1800

merged 10 commits into from
Jul 19, 2019

Conversation

d-laing
Copy link
Member

@d-laing d-laing commented Jul 15, 2019

Type of change

  • Documentation

Description

This pull request adds new procedures for:

  • Manually renewing the cluster and clients CA certificates
  • Replacing the private keys for the above

It documents the annotations strimzi.io/force-renew and strimzi.io/force-replace, which were originally added in #1193 (see the discussion in the comments between @tombentley and @ppatierno for context).

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • Update/write design documentation in ./design
  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update CHANGELOG.md

scholzj
scholzj reviewed Jul 15, 2019
View reviewed changes
documentation/book/assembly-deployment-configuration-kafka.adoc Show resolved Hide resolved
documentation/book/proc-renewing-ca-certs-manually.adoc Outdated Show resolved Hide resolved
documentation/book/proc-renewing-ca-certs-manually.adoc Outdated Show resolved Hide resolved
documentation/book/proc-renewing-ca-certs-manually.adoc Show resolved Hide resolved
documentation/book/proc-replacing-private-keys.adoc Show resolved Hide resolved
documentation/book/proc-replacing-private-keys.adoc Outdated Show resolved Hide resolved
documentation/book/proc-replacing-private-keys.adoc Outdated Show resolved Hide resolved
documentation/book/proc-replacing-private-keys.adoc Outdated Show resolved Hide resolved
documentation/book/proc-renewing-ca-certs-manually.adoc Outdated Show resolved Hide resolved
@d-laing d-laing self-assigned this Jul 16, 2019
PaulRMellor
PaulRMellor approved these changes Jul 16, 2019
View reviewed changes
Copy link
Contributor

@PaulRMellor PaulRMellor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few comments. LGTM.

Daniel Laing and others added 5 commits July 16, 2019 11:54
@PaulRMellor
Update documentation/book/proc-renewing-ca-certs-manually.adoc
1142826 
Co-Authored-By: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com>
@PaulRMellor
Update documentation/book/proc-replacing-private-keys.adoc
48032ce 
Co-Authored-By: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com>
Review comments
238b761
Test commit
20574e9
troubleshooting git
16ae00b
@d-laing
Copy link
Member Author

d-laing commented Jul 17, 2019

@scholzj - the procedures are now updated with changes from your review. Please check again, thanks.

scholzj
scholzj reviewed Jul 17, 2019
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few more comments. But looks good otherwise. Thanks.

@ppatierno Do you think you could have a look at this as well?

documentation/book/proc-renewing-ca-certs-manually.adoc Outdated Show resolved Hide resolved
documentation/book/proc-renewing-ca-certs-manually.adoc Outdated Show resolved Hide resolved
documentation/book/proc-replacing-private-keys.adoc Outdated Show resolved Hide resolved
Daniel Laing and others added 2 commits July 19, 2019 12:59
@d-laing
Copy link
Member Author

d-laing commented Jul 19, 2019

Great feedback, thank you. @scholzj and @ppatierno - please check and approve.

I reworded the final part of both procedures to start with the case where maintenance time windows are not configured. It's then easier to explain what happens if they are configured.

I removed maintenance time windows from the prerequisites.

scholzj
scholzj approved these changes Jul 19, 2019
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. LGTM.

@scholzj scholzj added the ready for merge Label for PRs which are ready for merge label Jul 19, 2019
@scholzj scholzj merged commit e079c25 into strimzi:master Jul 19, 2019
@d-laing d-laing deleted the doc-cert-renewal-key-replacement branch July 19, 2019 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scholzj scholzj scholzj approved these changes

@ppatierno ppatierno ppatierno approved these changes

@PaulRMellor PaulRMellor PaulRMellor approved these changes

Assignees

@d-laing d-laing

Labels
documentation peer-review-done ready for merge Label for PRs which are ready for merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@d-laing @scholzj @ppatierno @PaulRMellor