Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of Certificate Renewal Mechanism in Addon Framework #304

Open
yanmxa opened this issue Mar 5, 2025 · 1 comment
Open

Lack of Certificate Renewal Mechanism in Addon Framework #304

yanmxa opened this issue Mar 5, 2025 · 1 comment
Assignees
@elgnay
Labels
enhancement New feature or request

Comments

@yanmxa
Copy link
Member

yanmxa commented Mar 5, 2025
edited
Loading

Currently, the addon-framework supports signing certificate requests on the spoke cluster. However, it appears to lack a renewal mechanism for signed certificates.

For example, when a certificate is signed using a CA via the registration process, it remains valid only as long as the CA is. If the CA expires or becomes invalid, and a new CA is issued, the signed certificate on the spoke cluster will no longer work.

The challenge is that there is no automated way to trigger the registration workflow to re-sign or update the certificate in the spoke cluster. Currently, the only available solution is to manually delete the certificate in the spoke cluster.

Open Question:

How can we automate the certificate renewal process in the spoke cluster when the CA changes?
@yanmxa yanmxa mentioned this issue Mar 5, 2025
Merged
4 tasks
@qiujian16 qiujian16 added the enhancement New feature or request label Mar 10, 2025
@qiujian16
Copy link
Member

/assign @elgnay

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elgnay elgnay

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qiujian16 @yanmxa @elgnay