Page MenuHomePhabricator
Create Task
Maniphest T309782

toolforge: Refresh certs that are not controlled by kubeadm (mid 2024 edition)
Open, MediumPublic
Actions

Description

Refresh Toolforge k8s certificates for prometheus and the admission controllers.

For previous work, see T308402. For automating the admission controller certificates, see T292238.

For the admission controller webhooks, rerun the get-cert.sh script similar to the doc, but do not bother the ca-bundle.sh script as that is no longer necessary at all except for local testing. That should inject the secret. To use the secret, delete the appropriate pods in the ingress-admission and registry-admission workspaces to restart them one at a time. Generally the README on the repos for these are the most authoritative docs if in doubt. This is automated now.

For the Prometheus ones, follow the doc on wikitech to recreate the certs.

Details

Due Date
Jun 29 2024, 9:00 PM

Related Objects

Event Timeline

dcaro triaged this task as Medium priority.Jun 2 2022, 12:42 PM
dcaro created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 2 2022, 12:42 PM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:39 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
taavi updated the task description. (Show Details)Apr 5 2023, 9:04 AM
Aklapper added a comment.Jul 24 2023, 1:49 PM

@dcaro: Hi, the Due Date set for this open task passed a while ago.
Could you please either update or reset the Due Date (by clicking Edit Task), or set the status of this task to resolved in case this task is done? Thanks!

Aklapper removed Due Date.Aug 21 2023, 11:05 AM

@dcaro: No reply; reset Due Date.

taavi subscribed.Sep 27 2023, 7:58 AM

Prometheus got renewed via T338025: [tools] Prometheus k8s cert expired this year, I'll re-use this task for next year's renewal.

taavi renamed this task from toolforge: Refresh certs that are not controlled by kubeadm (mid 2023 edition) to toolforge: Refresh certs that are not controlled by kubeadm (mid 2024 edition).Sep 27 2023, 7:59 AM
taavi set Due Date to Jun 29 2024, 9:00 PM.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL