Versions Compared

Version Old Version 3 New Version 4
Changes made by

Igor D.C.

Igor D.C.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Here's a rough summary of the sequence of operations between DCM, rsync and clusters:

  1. Create/Apply CSR (like other resources)
  2. Approve CSR (new via /subresources/approval)
    1. K8s signer will issue a certificate some time after approval of CSR takes place
    2. To read about the new /subresources level, check Supporting subresources
  3. Watch/monitor CSR to see when a .status is created
  4. Return signed certificate obtained from CSR .status.certificate all the way back to etcd
  5. DCM will read the certificate from etcd

See also: Sequence Diagram

...

Again, the reader is referred to the Sequence Diagramdiagram to better understand how the Monitor, together with cluster etcd and rsync (cluster watcher) work together to detect that a CSR has been approved and has issued a certificate in its own .status.certificate subresource field. This certificate is then propagated back to the main etcd instance, where DCM can read from using the lazy-load method presented above.

...