Certificate Authority Bundles

The Certificate Authority (CA) bundle for Compute Cloud@Customer is downloaded and made available to a cluster when the cluster is created. The CA bundle includes the certificate, private and public keys, and other authorization information.

The CA bundle is automatically updated when regular certificate rotation occurs or when Compute Cloud@Customer is upgraded.

A process runs every hour to check the validity of the CA bundle and updates the CA bundle if needed.

When the CA bundle is updated on the infrastructure, it must be updated on the local system that you use to manage the OKE service. For example, the CA bundle authorizes the use of cluster-api. This is similar to replacing the CA bundle in your ~/.oci configuration so that you can run CLI commands. To obtain the CA bundle for your local system, contact Oracle for support. See Create a service request.