SuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 6. Responsive restarts and security certificates

Red Hat build of MicroShift responds to system configuration changes and restarts after alterations are detected, including IP address changes, clock adjustments, and security certificate age.

6.1. IP address changes or clock adjustments

MicroShift depends on device IP addresses and system-wide clock settings to remain consistent during its runtime. However, these settings may occasionally change on edge devices, such as DHCP or Network Time Protocol (NTP) updates.

When such changes occur, some MicroShift components may stop functioning properly. To mitigate this situation, MicroShift monitors the IP address and system time and restarts if either setting change is detected.

The threshold for clock changes is a time adjustment of greater than 10 seconds in either direction. Smaller drifts on regular time adjustments performed by the Network Time Protocol (NTP) service do not cause a restart.

6.2. Security certificate lifetime

MicroShift certificates are separated into two basic groups:

  1. Short-lived certificates having certificate validity of one year.
  2. Long-lived certificates having certificate validity of 10 years.

Most server or leaf certificates are short-term.

An example of a long-lived certificate is the client certificate for system:admin user authentication, or the certificate of the signer of the kube-apiserver external serving certificate.

6.2.1. Certificate rotation

Certificates that are expired or close to their expiration dates need to be rotated to ensure continued MicroShift operation. When MicroShift restarts for any reason, certificates that are close to expiring are rotated. A certificate that is set to expire imminently, or has expired, can cause an automatic MicroShift restart to perform a rotation.

Note

If the rotated certificate is a Certificate Authority, all of the certificates it signed rotate.

6.2.1.1. Short-term certificates

The following situations describe MicroShift actions during short-term certificate lifetimes:

  1. No rotation:

    1. When a short-term certificate is up to 5 months old, no rotation occurs.

  2. Rotation at restart:

    1. When a short-term certificate is 5 to 8 months old, it is rotated when MicroShift starts or restarts.

  3. Automatic restart for rotation:

    1. When a short-term certificate is more than 8 months old, MicroShift can automatically restart to rotate and apply a new certificate.

6.2.1.2. Long-term certificates

The following situations describe MicroShift actions during long-term certificate lifetimes:

  1. No rotation:

    1. When a long-term certificate is up to 8.5 years old, no rotation occurs.

  2. Rotation at restart:

    1. When a long-term certificate is 8.5 to 9 years old, it is rotated when MicroShift starts or restarts.

  3. Automatic restart for rotation:

    1. When a long-term certificate is more than 9 years old, MicroShift can automatically restart to rotate and apply a new certificate.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.