docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16596 from neersighted/swarm_ca_rotate_mke 

swarm: call out CA rotation as potentially dangerous with MKE
This commit is contained in:
David Karlsson 2023-01-27 13:39:39 +01:00 committed by GitHub
parent 756f3b5dd6 c35d70d5e8
commit ff1483fb7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
engine/swarm/how-swarm-mode-works/pki.md
View File

@ -60,6 +60,13 @@ reference for details.
## Rotating the CA certificate
> **Note**
>
> Mirantis Kubernetes Engine (MKE), formerly known as Docker UCP, provides an external
> certificate manager service for the swarm. If you run swarm on MKE, you shouldn't
> rotate the CA certificates manually. Instead, contact Mirantis support if you need
> to rotate a certificate.
In the event that a cluster CA key or a manager node is compromised, you can
rotate the swarm root CA so that none of the nodes trust certificates
signed by the old root CA anymore.