added documentation for root certificate rotation (#3298)

ValClarkson · cbandy · web-flow · commit c72c6a0838a1 · 2022-07-14T09:53:29.000-04:00
* added documentation for root certificate rotation

[sc-14561]

* Update docs/content/tutorial/administrative-tasks.md

Co-authored-by: Chris Bandy &lt;bandy.chris@gmail.com&gt;

* updated per pr comments

Co-authored-by: Chris Bandy &lt;bandy.chris@gmail.com&gt;
diff --git a/docs/content/tutorial/administrative-tasks.md b/docs/content/tutorial/administrative-tasks.md
@@ -143,6 +143,18 @@ There are a few ways to restart an older version PgBouncer to reload Secrets:
      --patch '{"spec":{"proxy":{"pgBouncer":{"metadata":{"annotations":{"restarted":"'"$(date)"'"}}}}}}'
    ```
 
+### Rotating the Root Certificate
+
+Is it time to rotate your PGO root certificate? All you need to do is delete the `pgo-root-cacert` secret. PGO will regenerate it and roll it out seamlessly, ensuring your apps continue communicating with the Postgres cluster without having to update any configuration or deal with any downtime.
+
+```yaml
+kubectl delete secret pgo-root-cacert
+```
+
+{{% notice note %}}
+PGO only updates secrets containing the generated root certificate. It does not touch custom certificates.
+{{% /notice %}}
+
 ## Changing the Primary
 
 There may be times when you want to change the primary in your HA cluster. This can be done
