Clarify ADR based on design review feedback

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit is contained in:
Brad Davidson 2023-01-13 00:09:23 +00:00 committed by Brad Davidson
parent f13768c247
commit 9b6b72941f

View File

@ -70,14 +70,20 @@ clients using tokens signed by the old key have received new tokens.
## Decision ## Decision
* K3s will allow for use of CA certificates signed by an arbitrary set of external root/intermediate CAs. * K3s will allow for use of CA certificates signed by an arbitrary set of external root/intermediate CAs.
* K3s will allow for nondisruptive renewal or replacement of the CA certificates and keys, if the cluster was * K3s will allow for non-disruptive[^1] renewal or replacement of the CA certificates and keys, if the cluster was
originally started using user-provided certificates signed by an external CA. originally started using user-provided certificates signed by an external CA.
* K3s will allow for disruptive renewal or replacement of cluster CA certificates and keys, if the cluster was * K3s will allow for disruptive[^2] renewal or replacement of cluster CA certificates and keys, if the cluster was
originally started with autogenerated self-signed CAs. originally started with autogenerated self-signed CAs.
* K3s will provide example tooling to allow users to generate cluster CA certificates and keys prior to initial * K3s will provide example tooling to allow users to generate cluster CA certificates and keys prior to initial
cluster startup, and provide tooling and process documentation to update the bootstrap data and prepare agents cluster startup, and provide tooling and process documentation to update the bootstrap data and prepare agents
to trust the new certificates (if necessary) to trust the new certificates (if necessary)
[^1]: Non-disruptive renewal requires no change to node configuration. The service only needs to be restarted.
[^2]: Disruptive renewal requires changes to the K3s CLI flags, configuration file, or environment variables
prior to restarting the service. Additionally, the cluster may experience a temporary outage while the
configuration change has been affected to all nodes, due to cluster nodes temporary not sharing a common
root of trust.
## Consequences ## Consequences
This will require additional documentation, CLI subcommands, and QA work to validate the process steps. This will require additional documentation, CLI subcommands, and QA work to validate the process steps.