Open mlavacca opened 2 years ago
CA certificate recreation would effectively invalidate all the PKI that depends on being signed by that CA. Therefore, this feature likely needs rotation of all the certificates dependent on the deleted CA.
CA certificate recreation would effectively invalidate all the PKI that depends on being signed by that CA. Therefore, this feature likely needs rotation of all the certificates dependent on the deleted CA.
I've updated the acceptance criteria to incorporate this.
Problem Statement
At controller startup time the operator tries to retrieve the ca secret (name and namespace are passed as args or defaulted to
kong-system/kong-operator-ca
). If such a secret does not exist, it is created. The existence of the CA is never enforced. Thus, if the secret containing the CA is deleted the operator will not be able to issue mTLS certificates anymore (unless it restarts).Proposed Solution
If the CA secret is not provided by the user but is created by the operator, it needs to be enforced in the cluster. This can be achieved through a controller that watches all the secrets with a specific label and whenever such a secret triggers an event, the desired state (i.e., having a valid CA secret) is enforced.
Additional information
This issue may considered one step in resolving Kong/gateway-operator#199, in which a secret controller has been mentioned as well.
Acceptance Criteria