Fix documentation about install and renew your own CA certificates #6240
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Paolo Patierno <[email protected]>
Signed-off-by: Paolo Patierno <[email protected]>
|
This PR can be merged only after #6180 |
Signed-off-by: Paolo Patierno <[email protected]>
scholzj
reviewed
Jan 21, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: Paolo Patierno <[email protected]>
PaulRMellor
reviewed
Jan 21, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
PaulRMellor
reviewed
Jan 21, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: Paolo Patierno <[email protected]>
PaulRMellor
reviewed
Jan 24, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: Paolo Patierno <[email protected]>
scholzj
reviewed
Jan 24, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: Paolo Patierno <[email protected]>
|
@scholzj I pushed changes related to your comments, can you have another pass please? |
I just updated the procedure with the additional stuff needed. I think the current way works why re-writing it again if it was approved in the past? |
scholzj
reviewed
Jan 25, 2022
There was a problem hiding this comment.
TBH, I'm not sure I think this is really understandable. What about:
- Splitting the key replacement and CA renewal into two separate procedures?
- Adding more examples which would include a YAMLs of the secrets to show exactly how they should look like? I think that will make it much clearer and you can use callouts to point out what should be where, what needs to be changed etc. Editing the secrets would also help to deal with the delayed annotations etc.
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
|
Ok then. I will re-write this PR by having two procedures:
It will follow the same pattern we have for the ones related to auto-generated CA by Strimzi. |
with/without new key Changed to not using Secret deletion but edit in place Signed-off-by: Paolo Patierno <[email protected]>
|
@scholzj @PaulRMellor I made a big change on this PR with two different procedures (if key is replaced or not). |
scholzj
reviewed
Jan 25, 2022
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-installing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
Added pause/resume reconcile in the replace CA key procedure Signed-off-by: Paolo Patierno <[email protected]>
Signed-off-by: Paolo Patierno <[email protected]>
scholzj
reviewed
Jan 26, 2022
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: Paolo Patierno <[email protected]>
scholzj
approved these changes
Jan 26, 2022
Signed-off-by: Paolo Patierno <[email protected]>
Signed-off-by: prmellor <[email protected]>
Signed-off-by: prmellor <[email protected]>
PaulRMellor
approved these changes
Jan 27, 2022
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
tombentley
approved these changes
Jan 27, 2022
ppatierno
commented
Jan 27, 2022
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-renewing-your-own-ca-certificates.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
documentation/modules/security/proc-replacing-your-own-private-keys.adoc
Outdated
Show resolved
Hide resolved
Signed-off-by: prmellor <[email protected]>
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Description
This is the documentation related update for PR #6180 which fixes issues #5466.
The PR adds more information about certification generations to be added to the Secret for handling your own CA certificates and corresponding renewal.
Checklist