Merge pull request #51021 from kquinn1204/gh-51016

mburke5678 · web-flow · commit 53b904068247 · 2022-12-02T09:38:28.000-05:00
Gh 51016
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -806,6 +806,10 @@ Topics:
     File: etcd-certificates
   - Name: OLM certificates
     File: olm-certificates
+  - Name: Aggregated API client certificates
+    File: aggregated-api-client-certificates
+  - Name: Machine Config Operator certificates
+    File: machine-config-operator-certificates
   - Name: User-provided certificates for default ingress
     File: user-provided-certificates-for-default-ingress
   - Name: Ingress certificates
diff --git a/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc b/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc
@@ -0,0 +1,26 @@
+:_content-type: ASSEMBLY
+[id="cert-types-aggregated-api-client-certificates"]
+= Aggregated API client certificates
+include::_attributes/common-attributes.adoc[]
+:context: cert-types-aggregated-api-client-certificates
+
+toc::[]
+
+== Purpose
+
+Aggregated API client certificates are used to authenticate the KubeAPIServer when connecting to the Aggregated API Servers.
+
+== Management
+
+These certificates are managed by the system and not the user.
+
+== Expiration
+This CA is valid for 30 days.
+
+The managed client certificates are valid for 30 days.
+
+CA and client certificates are rotated automatically through the use of controllers.
+
+== Customization
+
+You cannot customize the aggregated API server certificates.
diff --git a/security/certificate_types_descriptions/machine-config-operator-certificates.adoc b/security/certificate_types_descriptions/machine-config-operator-certificates.adoc
@@ -0,0 +1,24 @@
+:_content-type: ASSEMBLY
+[id="cert-types-machine-config-operator-certificates"]
+= Machine Config Operator certificates
+include::_attributes/common-attributes.adoc[]
+:context: cert-types-machine-config-operator-certificates
+
+toc::[]
+
+== Purpose
+
+Machine Config Operator certificates are used to secure connections between the Red Hat Enterprise Linux CoreOS (RHCOS) nodes and the Machine Config Server.
+
+== Management
+
+These certificates are managed by the system and not the user.
+
+== Expiration
+This CA is valid for 10 years.
+
+The issued serving certificates are valid for 10 years.
+
+== Customization
+
+You cannot customize the Machine Config Operator certificates.
diff --git a/security/index.adoc b/security/index.adoc
@@ -50,6 +50,8 @@ You can also review more details about the types of certificates used by the clu
 * xref:../security/certificate_types_descriptions/bootstrap-certificates.adoc#cert-types-bootstrap-certificates[Bootstrap certificates]
 * xref:../security/certificate_types_descriptions/etcd-certificates.adoc#cert-types-etcd-certificates[etcd certificates]
 * xref:../security/certificate_types_descriptions/olm-certificates.adoc#cert-types-olm-certificates[OLM certificates]
+* xref:../security/certificate_types_descriptions/aggregated-api-client-certificates.adoc#cert-types-aggregated-api-client-certificates[Aggregated API client certificates]
+* xref:../security/certificate_types_descriptions/machine-config-operator-certificates.adoc#cert-types-machine-config-operator-certificates[Machine Config Operator certificates]
 * xref:../security/certificate_types_descriptions/user-provided-certificates-for-default-ingress.adoc#cert-types-user-provided-certificates-for-default-ingress[User-provided certificates for default ingress]
 * xref:../security/certificate_types_descriptions/ingress-certificates.adoc#cert-types-ingress-certificates[Ingress certificates]
 * xref:../security/certificate_types_descriptions/monitoring-and-cluster-logging-operator-component-certificates.adoc#cert-types-monitoring-and-cluster-logging-operator-component-certificates[Monitoring and cluster logging Operator component certificates]
