As part of OSE 3.X installation we have to generate multiple SSL certs for clusters objects to communication (master, node, router, registry etc). I knew all communication with in OSE using SSL. By default we might be generating certs using OSE provided CA cert and key.
What is the validity of these certs?
Will OSE automatically monitor and renewal?
If not, infra teams has to closely monitor and renewal before expiration?
Can we use any SSL certs instead using OSE default CA authority?
What is the impact if we don’t’ renewal these internal certs?
If customer has multiple clusters in production, don’t you think it is over burden to watch and renewal?
Any other useful information for cluster admins or planners?