Contour should document the gRPC TLS rotation process #2020

youngnick · 2019-12-09T23:13:31Z

Contour should have at least documentation on how to rotate the certificates used for securing gRPC traffic with TLS, currently generated by contour certgen.

An automated solution to perform the rotation might be acceptable as long as it's tightly scoped to only rotate those certificates, but would need a design doc to ensure that we don't increase the scope of Contour too much, and in order to write that, someone is going to need to figure out how to actually do the rotation.

So, the first step is to document how to rotate the certificates manually (possibly using certgen from a terminal). Then we can consider if and how we automate.

The text was updated successfully, but these errors were encountered:

jpeach · 2019-12-11T22:52:47Z

Related to #2023 and #2017

jpeach · 2020-02-09T23:58:37Z

Duplicate of #1857

youngnick added this to the Backlog milestone Dec 9, 2019

youngnick mentioned this issue Dec 9, 2019

Certgen: provide parameter for setting expiry date for gRPC certificates #2017

Closed

youngnick mentioned this issue Jan 12, 2020

certs: Rotate certs in 1-year #1856

Closed

jpeach added the documentation label Jan 30, 2020

jpeach added the area/deployment Issues or PRs related to deployment tooling or infrastructure. label Feb 9, 2020

jpeach marked this as a duplicate of #1857 Feb 9, 2020

youngnick closed this as completed Feb 17, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Contour should document the gRPC TLS rotation process #2020

Contour should document the gRPC TLS rotation process #2020

youngnick commented Dec 9, 2019

jpeach commented Dec 11, 2019

jpeach commented Feb 9, 2020

Contour should document the gRPC TLS rotation process #2020

Contour should document the gRPC TLS rotation process #2020

Comments

youngnick commented Dec 9, 2019

jpeach commented Dec 11, 2019

jpeach commented Feb 9, 2020