mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/certificate_types_descriptions/etcd-certificates.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="etcd-cert-alerts-metrics-signer_{context}"]
|
|
= etcd certificate rotation alerts and metrics signer certificates
|
|
|
|
Two alerts inform users about pending `etcd` certificate expiration:
|
|
|
|
`etcdSignerCAExpirationWarning`:: Occurs 730 days until the signer expires.
|
|
`etcdSignerCAExpirationCritical`:: Occurs 365 days until the signer expires.
|
|
|
|
These alerts track the expiration date of the signer certificate authorities in the `openshift-etcd` namespace.
|
|
|
|
You can rotate the certificate for the following reasons:
|
|
|
|
* You receive an expiration alert.
|
|
* The private key is leaked.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
When a private key is leaked, you must rotate all of the certificates.
|
|
====
|
|
|
|
There is an `etcd` signer for the {product-title} metrics system. Substitute the following metrics parameters in _Rotating the etcd certificate_.
|
|
|
|
* `etcd-metric-signer` instead of `etcd-signer`
|
|
* `etcd-metrics-ca-bundle` instead of `etcd-ca-bundle` |