Description of problem:
Currently if we need to perform logging cert rotation it is a manual process.
The first master needs to have its logging cert directory deleted and then run the logging installation playbook.
Version-Release number of selected component (if applicable):
The secret prometheus-tls were't refreshed. Could you confirm if this secret should be redeployed?
This is only concerned with refreshing the EFK genereated certificates and secrets. Prometheus-tls is managed by the cert signing service https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/tasks/main.yaml#L362
Added to docs via https://github.com/openshift/openshift-docs/pull/15526
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.