Use ECDSA P-256 private keys for cert-manager certificates#1973
Conversation
Switch all cert-manager Certificate resources from the default RSA algorithm to ECDSA P-256. This applies to webhook serving certs, metrics server certs, and all operator bindata certificates. The sync-bindata.sh script is updated accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Francesco Pantano <fpantano@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: fmount The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
OpenStackControlPlane CRD Size Report
Threshold reference
|
|
Build failed (check pipeline). Post ❌ openstack-k8s-operators-content-provider FAILURE in 4m 01s |
|
/test openstack-operator-build-deploy-kuttl-4-18 |
|
recheck |
|
I guess its ok to get this in 18 as well? for the 18/19 branching, we plan to branch one more from main. we'll discuss in our tomorrows meeting |
This is technically ok for 18 as well. The target is 19 of course, so we can also hold it until we branch a |
@stuggi as this is not a goal for 18, my proposal is to land this after we branch |
Switch all
cert-managerCertificateresources from the defaultRSAalgorithm toECDSAP-256. This applies towebhookserving certs,metricsserver certs, and all operatorbindatacertificates. Thesync-bindata.shscript is updated accordingly (and it properly regenerates all the services files).Jira: https://redhat.atlassian.net/browse/OSPRH-27314