Update rotation flow #2011
Update rotation flow #2011
Conversation
linkerd.io/content/2-edge/tasks/automatically-rotating-control-plane-tls-credentials.md
Outdated
Show resolved
Hide resolved
linkerd.io/content/2-edge/tasks/automatically-rotating-control-plane-tls-credentials.md
Outdated
Show resolved
Hide resolved
| 2. Restart the data plane | ||
| 3. Trigger identity issuer rotation | ||
| 4. Restart the control plane | ||
| 5. Restart the data plane |
There was a problem hiding this comment.
Technically you only need this restart if you can't wait for workload certs to expire.
There was a problem hiding this comment.
Should we add a comment like
- xxxx
- xxxx
Note: Steps 4 and 5 are optional and will force the signing of a new workload certificate by the new identity issuer.
- xxx
There was a problem hiding this comment.
The more I think about this, the more I think we leave step 5 as restarting the data plane -- but maybe add a note after the list about "At step 5, you could also simply wait for workload certificates to be reissued."?
| 3. Trigger identity issuer rotation | ||
| 4. Restart the control plane | ||
| 5. Restart the data plane | ||
| 6. Remove the old anchor from the trust bundle |
There was a problem hiding this comment.
This must happen after all the proxies have new workload certs, if you chose not to wait in step 5.
There was a problem hiding this comment.
Should we add a disclaimer before the point 6 to highlight the importance of waiting for all the proxy to be restarted before moving forward?
Signed-off-by: Ivan Porta <[email protected]>
…#2008) Signed-off-by: Travis Beckham <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
* 202508 Edge Release Roundup Signed-off-by: Flynn <[email protected]> * Lint Signed-off-by: Flynn <[email protected]> * Upgrade graphics Signed-off-by: Flynn <[email protected]> * Date change Signed-off-by: Flynn <[email protected]> * Fix broken slugs 🤦♂️ Signed-off-by: Flynn <[email protected]> --------- Signed-off-by: Flynn <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
Signed-off-by: Travis Beckham <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
Signed-off-by: kahirokunn <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
Signed-off-by: Ivan Porta <[email protected]>
* Added Blake Romano as Linkerd Ambassador Signed-off-by: Travis Beckham <[email protected]> * Optimized Ambassador images Signed-off-by: Travis Beckham <[email protected]> --------- Signed-off-by: Travis Beckham <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
Signed-off-by: Travis Beckham <[email protected]> Signed-off-by: Ivan Porta <[email protected]>
Signed-off-by: Ivan Porta <[email protected]>
|
There has been a rebase with a lot of files coming changes. It might be better to create a new PR to keep it clean. |
No description provided.