Description
Exalate commented:
If developers follow the "Orchestrate Cockroachdb with K8s" documentation (https://www.cockroachlabs.com/docs/v20.1/orchestrate-cockroachdb-with-kubernetes.html) [1], they're using the official cockroachdb/cockroach Docker images in their pods (https://hub.docker.com/r/cockroachdb/cockroach/) [2]. This becomes problematic when attempting to rotate node certs following the "Rotate Certificates" documentation (https://www.cockroachlabs.com/docs/stable/rotate-certificates.html) [3], as the documentation contains commands that are not included in the base cockroach container (such as sudo or pkill). Additionally, when the reader is instructed to run scp certs/node.crt certs/node.key <username>@<node address>:~/certs, there is no consideration given to where the k8s guide (1) actually puts the certs in the nodes (/cockroach/cockroach-certs), or to the networking realities. If a developer is running the cluster in k8s, this command will never work without port-forwarding or using kubectl cp. Finally, this does not provide any insight into what "username" is expected (I made the assumption that root wasn't going to work; if the username expected for a vanilla cluster is "root" then there should be some doc around using the root cert).
I think updating this document (3) to walkthrough rotating certs after implementing a cluster using the k8s guide (1) would make it more useful to developers, as the little idiosyncrasies in the existing doc makes it hard to successful accomplish the walkthrough.
(related to: https://github.com/cockroachdb/cockroach/issues/51487 . Apologies if that's not the preferred way of linking these together)
Jira Issue: DOC-592