8cd5f76083
K8s certificates rotation after they reach the expiry date requires restart of sysinv services, both sysinv-conductor and sysinv-inv. The sysinv services cache k8s client object and get credentials from admin.conf. Restaring only the sysinv-conductor and missing the restart of the sysinv api causes the certificates not to be updated and this way affecting subcloud management functionality. The fix updates the script "kube-cert-rotation.sh" to restart all sysinv services and not only sysinv-conductor. The script "kube-cert-rotation.sh" requires to be installed with "700" permission. Tests performed: PASS: kube-cert-rotation.sh script gets installed correctly in directory /usr/bin and is set with permissions "700". PASS: kube-cert-rotation.sh script executes without errors when run to renew K8s certificates. PASS: After K8s certificates are renewed, all sysinv services get restarted. PASS: Executed successfully kube-cert-rotation.sh in AIO-SX and DC system configurations. Closes-Bug: 2002452 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: Ie74a47226280b9362558ebfa158a4bf91209e957 |
||
---|---|---|
.. | ||
ceph_k8s_update_monitors.sh | ||
kube-cert-rotation.sh | ||
manage-partitions | ||
partition_info.sh | ||
query_pci_id | ||
sysinv-api | ||
sysinv-api.service | ||
sysinv-conductor | ||
sysinv-conductor.service | ||
validate-platform-backup.sh |