Light theme Dark theme

Searching for results...

No results

Your search did not match anything from Mirantis documentation.
Check your spelling or try different keywords.

An error occurred

An error occurred while using the search.
Try your search again or contact us to let us know about it.

LBaaS certificate¶

MOSK automatically generates the TLS certificate used by Octavia Amphora load balancers. This certificate is stored in the octavia-amphora-tls-certs Kubernetes secret in the openstack namespace. It is generated automatically during the initial OpenStack deployment and is renewed through the automated certificate rotation procedure.

Monitoring certificate expiration¶

MOSK exports LBaaS certificate expiration information to StackLight through the osdpl_certificate_expiry metric with the label octavia-amphora-tls-certs. The alert is triggered when the certificate is nearing its expiration date and indicates that a rotation should be scheduled.

Triggering certificate rotation¶

For detailed instructions on how to perform the automated LBaaS certificate rotation, see Rotate Octavia Amphora (LBaaS) certificates.