The CA certificates used in the tls operations of these pods need to be periodically renewed. Specifically, there are four which need to be updated:
- ./jsonnet/vendor/github.com/observatorium/observatorium/configuration/tests/manifests/observatorium-xyz-tls-configmap.yaml
- ./jsonnet/vendor/github.com/observatorium/observatorium/configuration/tests/manifests/observatorium-xyz-tls-dex.yaml
- ./jsonnet/vendor/github.com/observatorium/observatorium/configuration/tests/manifests/observatorium-xyz-tls-secret.yaml
- ./jsonnet/vendor/github.com/observatorium/observatorium/configuration/tests/manifests/test-ca-tls.yaml
observatorium-xyz-tls-configmap.yaml needs to be updated next on Mar 5 16:41:00 2028 GMT
observatorium-xyz-tls-dex.yaml needs to be updated next on Mar 6 16:41:00 2024 GMT
observatorium-xyz-tls-secret.yaml needs to be updated next on Mar 6 16:41:00 2024 GMT
test-ca-tls.yaml needs to be updated next on Mar 5 16:41:00 2028 GMT
To generate new CA certificates, clone the observatorium project https://github.com/observatorium/observatorium, then run:
$ make ./configuration/tests/manifests --always-makeAfter the certs are generated, copy the newly generated certs into observatorium-operator.