Snapshot Manager manual certificate renewal in Cloud Scale
Trigger mechanism
Certificate renewal is initiated manually by modifying the environment configuration file:
Under the
cpServersection, set therenewflag toTrue.The flexsnap operator continuously monitors this flag for changes.
When the flag transitions from
False to True, the operator triggers a certificate renewal process.To initiate renewal again in the future, users must first reset the flag to
False, then set it back toTrue.
Certificate revocation and generation
Once the renewal is triggered:
The flexsnap operator starts a Kubernetes job with as the entry point, passing the renew argument.
The utility performs the following steps:
Iterates through a list of services (either from
/cloudpoint/keysor the predefined service list inflexsnap-certauth).Revokes and regenerates certificates for each service.
Creates new kubernetes secrets containing the regenerated certificates.