Skip to content

Reuse an existing TLS CA from a previous installation #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
siegfriedweber opened this issue Jun 26, 2024 · 0 comments · Fixed by #476
Closed

Reuse an existing TLS CA from a previous installation #453

siegfriedweber opened this issue Jun 26, 2024 · 0 comments · Fixed by #476
Labels
release/24.7.0

Comments

@siegfriedweber
Copy link
Member

Until SDP 24.3, the SecretClass tls used the default namespace to store the TLS CA. In #397, the namespace was changed to the operator's namespace in the Helm installation. This is a breaking change and users migrating from a prior SDP version must either revert this change by setting the Helm value secretClasses.tls.caSecretNamespace to default or by copying the Secret secret-provisioner-tls-ca to the operator's namespace.

This change was already implemented and released in the OLM version 24.4.0 (see stackabletech/stackable-utils#65).

It was planned to just add a note to the changelog. But it turned out, that this manual step is error-prone and should be performed automatically.

One solution is to add a Job to the Helm installation which checks if the secret exists in the default namespace but not in the one set in caSecretNamespace and copies the secret in this case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release/24.7.0
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: migrate CA secret to new namespace stackabletech/secret-operator
2 participants
@lfrancke @siegfriedweber