Root certificate rotation

Hello,

Is it possible to rotate Linkerd’s root certificate without downtime and without restarting pods that are already joined to the mesh?

Either by running install with these commands or modifying the k8s secret directly?

–identity-issuer-key-file
–identity-issuer-certificate-file

Thanks!

@afah Yes it should be possible to rotate the signing keys if you have generated them yourself from a CA … You’ll also need to set the identity-trust-trust-anchors file to point to the certificate of the root CA.

This workflow definitely needs more testing & documentation, though, so please don’t hesitate to open an issue if you get stuck!