generated from canonical/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 7
TLS CA rotation flow
René Radoi edited this page Aug 22, 2024
·
4 revisions
sequenceDiagram
tls_operator->>opensearch_tls.py: CertificateAvailableEvent
loop new CA?
opensearch_tls.py->>opensearch_tls.py: store CA
end
opensearch_tls.py->>tls_operator: event.defer()
opensearch_tls.py->>opensearch_base_charm.py: on_tls_ca_rotation
opensearch_tls.py->>peer databag: "tls_ca_renewing"
opensearch_base_charm.py->>opensearch_base_charm.py: restart opensearch
opensearch_base_charm.py->>opensearch_base_charm.py: post start init
opensearch_base_charm.py->>opensearch_tls.py: reset ca rotation state
opensearch_tls.py->>peer databag: "tls_ca_renewed"
tls_operator->>opensearch_tls.py: CertificateAvailableEvent
opensearch_tls.py->>opensearch_tls.py: store new tls resources
opensearch_tls.py->>opensearch_peer_clusters.py: refresh relation data
opensearch_tls.py->>opensearch_base_charm.py: on_tls_conf_set
opensearch_base_charm.py->>opensearch_tls.py: reload tls certs
opensearch_tls.py->>peer databag: delete "tls_ca_renewing" and "tls_ca_renewed"
opensearch_base_charm.py->>opensearch_tls.py: update requests ca bundle
opensearch_base_charm.py->>opensearch_tls.py: remove old ca