From 9d6f005796bbff6f5318615c77f302f57d1a353c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Fri, 6 Sep 2024 15:34:45 -0300 Subject: [PATCH] fix: certificate rotation workaround is fixed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the page about policy server certificate workaround stating that is valid only for Kubewarden v1.16.0 and earlier. Since v1.17.0, the certificate will be renewed automatically by the controller. Signed-off-by: José Guilherme Vanz --- .../policy-server-certificate-expiry.md | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/howtos/workarounds/policy-server-certificate-expiry.md b/docs/howtos/workarounds/policy-server-certificate-expiry.md index 105e0c1a19..7d0e232ee1 100644 --- a/docs/howtos/workarounds/policy-server-certificate-expiry.md +++ b/docs/howtos/workarounds/policy-server-certificate-expiry.md @@ -13,13 +13,23 @@ doc-topic: [howto, workarounds, policy server certificates] -During the release process for v1.14, a bug related to the policy server certificate rotation was discovered. -The Root CA is configured to expire in 10 years, but each policy-server certificate secret has a one-year expiry. +:::important +This workaround is only needed for Kubewarden v1.16.0 and earlier. Starting +from v1.17.0, the controller will automatically renew the policy server +certificates. +::: + +During the release process for v1.14, a bug related to the policy server +certificate rotation was discovered. The Root CA is configured to expire in 10 +years, but each policy-server certificate secret has a one-year expiry. However, the controller is currently unable to renew them automatically. -In the v1.14 release, we have ensured that policy-server secrets are created with a 10-year expiry. +In the v1.14 release, we have ensured that policy-server secrets are created +with a 10-year expiry. For future releases we'll implement an automated renewal process. -Until then, users can manually delete the expired certificate secret (policy-server-default) and trigger a controller reconciliation. -You do this by adding, removing, or updating a policy or by adjusting the number of replicas of a PolicyServer. \ No newline at end of file +Until then, users can manually delete the expired certificate secret +(policy-server-default) and trigger a controller reconciliation. You do this by +adding, removing, or updating a policy or by adjusting the number of replicas +of a PolicyServer.