Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1684602 - Refresh TLS info for httpserver dynamically
Summary: Refresh TLS info for httpserver dynamically
Keywords:
Status: VERIFIED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 4.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.1.0
Assignee: David Eads
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-01 15:53 UTC by Michal Fojtik
Modified: 2019-04-03 07:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Michal Fojtik 2019-03-01 15:53:39 UTC
Description of problem:

https://jira.coreos.com/browse/MSTR-331

Golang provides GetCertificate functions to allow us to dynamically select new tls information for our server. We should do this to avoid unnecessary restarts.

Version-Release number of selected component (if applicable):

4.0

Comment 1 Xingxing Xia 2019-03-04 02:08:28 UTC
Looks like this will address bug 1684547, bug 1678847's restarts as well?

Comment 3 Michal Fojtik 2019-03-26 10:11:56 UTC
This was implemented and should work in new clusters. Moving to QE.

Comment 7 zhou ying 2019-04-03 07:45:29 UTC
Confirmed with latest OCP,the function has finished:
Client Version: v4.0.22
Server Version: v1.12.4+c6be29d
Payload:4.0.0-0.nightly-2019-04-02-133735

I0403 07:03:14.214986       1 certrotationcontroller.go:365] Starting CertRotation


Note You need to log in before you can comment on or make changes to this bug.