Table of Contents
CertificateVerification is the resource by which a user can verify the traffic during a VirtualMesh certificate rotation.
To do this, a user would create a CertificateVerification containing: 1. The step being verified 2. The action which the user would like to kick off 3. The VirtualMesh being rotated
An example of a Verification for a Virtual Mesh which has just added a new root successfully would be:
yaml apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1 kind: CertificateVerification metadata: name: successful-verification namespace: gloo-mesh spec: action: CONTINUE virtualMesh: name: my-virtual-mesh namespace: gloo-mesh step: ADDING_NEW_ROOT
An example of a Verification for a Virtual Mesh which has failed to propagate the new intermediate would be the following: In addition this example does not specify a namespace for the virtualMesh because it is in the same namesapce as the CertificateVerification.
yaml apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1 kind: CertificateVerification metadata: name: successful-verification namespace: gloo-mesh spec: action: ROLLBACK virtualMesh: name: my-virtual-mesh step: PROPAGATING_NEW_INTERMEDIATE
|step||certificates.mesh.gloo.solo.io.CertificateRotationState||The rotation state to verify using this CertificateVerification. This must be an active state 1. ADDING_NEW_ROOT 2. PROPAGATING_NEW_INTERMEDIATE 3. DELETING_OLD_ROOT 4. PREVIOUS_CA|
|action||networking.enterprise.mesh.gloo.solo.io.CertificateVerificationSpec.VerificationAction||The action which this verification will kick off|
|virtualMesh||core.skv2.solo.io.ObjectRef||The VirtualMesh being rotated which this resource should apply to.|
|observedGeneration||int64||The most recent generation observed in the the CertificateVerification metadata. If the
|errors||string||repeated||Any error observed which prevented the CertificateVerification from being processed. If the error is empty, the request has been processed successfully|
|state||networking.enterprise.mesh.gloo.solo.io.CertificateVerificationStatus.State||The current state of the CertificateVerification resource as reported by the rotation verifier.|
The actions available when verifying
|CONTINUE||0||Default action. This will continue the rotation. This option should only be used if the traffic has been verified to be healthy across the VirtualMesh|
|ROLLBACK||1||This action will move the rotation back to the previous active state. This should be used when the traffic is unhealthy as a result of a rotation step, and you need to return to the previous good state.|
Possible states in which a CertificateVerification can exist.
|PENDING||0||The CertificateVerification has yet to be picked up by the translator.|
|VERIFIED||1||The CertificateVerification has been used to verify a rotation step.|
|INVALID||2||The CertificateVerification is invalid.|