Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix CA rotation for multi-node
etcd
s (gardener#8303)
Earlier, the peer client/server certificate was only signed by the current CA if the rotation phase was in `Preparing`. This will become an issue if a 'normal' reconciliation is triggered while the cluster is in `Prepared` because then the certificate is singed by the old CA again. The next phase, `Completing`, will eventually fail because `etcd` peers cannot validate their certificates anymore.
- Loading branch information