diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-07-06 14:58:25 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-07-06 15:04:08 +0200 |
commit | 27fd489f622ea4a3b9134690631aa0505686a304 (patch) | |
tree | 88d49802127e8442d3f687ea6cc93b3d59a1fee6 /controller-server | |
parent | 35cde94db752bfba089c3ced946eb3ec31476f71 (diff) |
Add horrifying TODO
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java index 052d70e92bc..12beaa635ac 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java @@ -194,6 +194,16 @@ public class EndpointCertificates { instanceSpec.get().deploysTo(zone.environment(), zone.region()))) .forEach(requiredZones::add); } + /* TODO(andreer/mpolden): To allow a seamless transition of existing deployments to using generated endpoints, + we need to something like this: + 1) All current certificates must be re-provisioned to contain the same wildcard names + as CertificatePoolMaintainer, and a randomized ID + 2) Generated endpoints must be exposed *before* switching deployment to a + pre-provisioned certificate + 3) Tenants must shift their traffic to generated endpoints + 4) We can switch to the pre-provisioned certificate. This will invalidate + non-generated endpoints + */ Set<String> requiredNames = requiredZones.stream() .flatMap(zone -> controller.routing().certificateDnsNames(new DeploymentId(deployment.applicationId(), zone), deploymentSpec) |