Bug 1973274
| Summary: | Update doc on how long a cluster can remain down and be gracefully restarted | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Nitish Kaushik <nkaushik> |
| Component: | Documentation | Assignee: | Mike Pytlak <mpytlak> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ke Wang <kewang> |
| Severity: | high | Docs Contact: | Vikram Goyal <vigoyal> |
| Priority: | high | ||
| Version: | 4.6 | CC: | aos-bugs, jokerman, kahara, kewang, mas-hatada, maszulik, mfuruta, rgangwar, rh-container, vfarias, vgoyal, xxia |
| Target Milestone: | --- | ||
| Target Release: | 4.6.z | ||
| Hardware: | x86_64 | ||
| OS: | Other | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-08-12 19:49:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Nitish Kaushik
2021-06-17 14:13:28 UTC
Dear Red Hat, Although Comment 0 focuses on kube-apiserver-to-kubelet-signer cert, we need to take care every certificates which won't be recovered by https://docs.openshift.com/container-platform/4.6/backup_and_restore/disaster_recovery/scenario-3-expired-certs.html . There are many certificates in OpenShift4 according to https://docs.openshift.com/container-platform/4.6/security/certificate_types_descriptions/ . On the other hand, scenario-3-expired-certs.html handles only control plane and node certificate. Really is kube-apiserver-to-kubelet-signer the only cert we need to take care in Cold DR? We believe the answer is yes, but we would like to know Red Hat's opinion. Best Regards, Masaki Hatada Capturing conversation that I had with Stephanie Stout and Vikram Goyal.
Confirmed via NEC TAMS that there are two separate things here:
• For this bug, we need to update the docs to provide the maximum time a cluster can be down for the reasons of cert expiry. We should be able to gather this after talking with Eng and QE.
• The larger bit about hot and cold DR can stay in the RFE, which does require Tushar/Mike to weigh in and some Eng support to understand for us to take on eventually. Suggestion is that we can leave that for now. See: https://mailman-int.corp.redhat.com/archives/openshift-sme/2021-June/msg00769.html.
You probably meant vigoyal (Vikram Goyal) and not vgoyal (vgoyal) (In reply to Vivek Goyal from comment #5) > You probably meant vigoyal (Vikram Goyal) and not > vgoyal (vgoyal) Correct. Sorry about that. Ready for QE review Added a note to "Shutting down a cluster gracefully", stating that a cluster can remain down for up to 1 year and be expected to restart gracefully. This can be reviewed at https://github.com/openshift/openshift-docs/pull/35099 Please also see additional request for verification in the PR. Updating based on comments in the PR. Updates are complete. This can be reviewed at https://github.com/openshift/openshift-docs/pull/35099 Please also see additional request for verification in the PR. QE approved the changes in the PR. (CC: @xxia) Updates published successfully. Verified on docs.openshift.com 4.6+ https://docs.openshift.com/container-platform/4.6/backup_and_restore/graceful-cluster-shutdown.html Verified on Customer Portal 4.6+ https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/backup_and_restore/graceful-shutdown-cluster#graceful-shutdown_graceful-shutdown-cluster |