You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In #46 we're implementing the CA for generating certificates for the etcd-proxy.
As decided, the initial implementation is not going to implement the mechanism for regenerating certificates, in order to make it easier to review and ship changes.
The implementation could happen in three stages:
Implement mechanism for checking are certificates in-place and valid. It is up to be discussed how exactly are we going to check this. Potentially, we could put expiry date in an annotation, but we could also check several more things, such are hosts valid.
Implement mechanism for regenerating certificates. If certificates are not in-place or not valid, we want to regenerate them. This could require an architectural change: we want to save to save the signer keys, so we can sign new certificates. Currently, signer keys are discarded as we don't regenerate certificates. I think saving them in EtcdProxyController namespace is enough. It's up to be decided do we want to save keys in a new Secret, or we want to reuse the Secret we already have for etcd-proxy server certificate and key.
In #46 we're implementing the CA for generating certificates for the etcd-proxy.
As decided, the initial implementation is not going to implement the mechanism for regenerating certificates, in order to make it easier to review and ship changes.
The implementation could happen in three stages:
/cc @sttts @deads2k
The text was updated successfully, but these errors were encountered: