Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1694451 - Redeploying node certificates does not work as documentation explains any more
Summary: Redeploying node certificates does not work as documentation explains any more
Status: NEW
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Vikram Goyal
QA Contact: Xiaoli Tian
Vikram Goyal
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-31 15:04 UTC by Jose Ignacio Jerez
Modified: 2019-04-01 07:02 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Description Jose Ignacio Jerez 2019-03-31 15:04:28 UTC
Document URL:

Section Number and Name: 

12.3.6 Redeploying Node Certificates Only

Describe the issue: 

In OCP 3.11 the node certificates are not redeployed using playbooks any more, the kubelet is reposnsible for creating a new CSR (certificate signing request) file when the old node certificate is close to expiring, then the cluster administrator must accept this CSR and the new certificate will be created and deployed.

The playbook mentioned in the documentation (redeploy-certificates.yml ) is not available in 3.11 

Suggestions for improvement: 

Describe the new mechanism on how the node certificates are redeployed.

Additional information:

Note You need to log in before you can comment on or make changes to this bug.