Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CA lifecycle] Re-apply MachineRegistration on updates #861

Open
anmazzotti opened this issue Oct 3, 2024 · 1 comment
Open

[CA lifecycle] Re-apply MachineRegistration on updates #861

anmazzotti opened this issue Oct 3, 2024 · 1 comment
Labels
Milestone

Comments

@anmazzotti
Copy link
Contributor

This issue is a requirement to allow CA lifecycle management on Elemental machines, but it can also be generalized to simply reapply the MachineRegistration and all of its logic when running upgrades.

In this way not only a CA cert can be renewed, by updating all machines before updating your ingress for example, but it will also enable MachineRegistration's cloud-config update, if needed. We could also have toggles to allow or not updates of certain logic when it makes sense, for example the cloud-config since it could lead to undesirable outcomes.

Note that a requirement for doing this safely is to use OEM partition snapshots, so that any apply change can be rolled back on a failed boot assessment.

@davidcassany
Copy link
Contributor

A generalized view of this ticket should also cover, or at least, be closely related to #849. Probably the upgrades cloud-config mentioned there should be the one from registration. We need to carefully find procedures for applying config changes after deployment, CA lifecycle turns to be a really good use case to analyze.

@kkaempf kkaempf added kind/enhancement New feature or request area/certificates labels Oct 4, 2024
@kkaempf kkaempf added this to the Micro6.2 milestone Oct 4, 2024
@fgiudici fgiudici changed the title Re-apply MachineRegistration on updates [CA lifecycle] Re-apply MachineRegistration on updates Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: No status
Development

No branches or pull requests

3 participants