Update certificates.md with cert rotation process #50557
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
We shouldn't merge this as-is, because moving manifests for static Pods aside typically causes failure of that component. If we advise people to move then back then that helps a lot.
Overall, I recommend writing a new and brief (but accurate) task page.
content/en/docs/setup/best-practices/certificates.md can then link to the new page.
| For clusters using static pods, follow these steps: | ||
|
|
||
| 1. Replace the existing certificate files on disk (e.g., `/etc/kubernetes/pki/apiserver.crt`). | ||
| 2. Temporarily move the manifest file for the component (e.g., `/etc/kubernetes/manifests/kube-apiserver.yaml`) to another directory. |
There was a problem hiding this comment.
I think this will take the control plane offline unless there are further steps.
Co-authored-by: Tim Bannister <[email protected]>
Description
To address Issue #30575 in the kubernetes/website repository, which pertains to documenting the requirements and recommended process for updating cluster certificates, need to create or modify specific documentation files within the repository.
GitHub
📄 Target Documentation Files
Based on the nature of the issue, the following files are relevant candidates for updates:
content/en/docs/setup/best-practices/certificates.md
This file discusses best practices for managing certificates in Kubernetes.
Issue
#30575
Closes: # #30575