Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring CA certificate lifetime #354

Closed
sbernauer opened this issue Jan 29, 2024 · 4 comments · Fixed by #357
Closed

Allow configuring CA certificate lifetime #354

sbernauer opened this issue Jan 29, 2024 · 4 comments · Fixed by #357
Assignees
@nightkr
Labels
release/2024-03

Comments

@sbernauer
Copy link
Member

Extracted from #350 (comment)

This might be a breaking change for stackabletech/issues#504
@sbernauer sbernauer changed the title Aloow configuring CA cert lifetime and refresh interval Allow configuring CA cert lifetime and refresh interval Jan 29, 2024
@sbernauer sbernauer mentioned this issue Jan 29, 2024
Merged
@nightkr
Copy link
Member

nightkr commented Jan 29, 2024

This shouldn't be breaking, since we can default to the current values.

@sbernauer
Copy link
Member Author

Maybe, but maybe we also want to move all that stuff under a common key, such as management. How knows :D

spec:
  backend:
    autoTls:
      ca:
        secret:
          name: secret-provisioner-tls-ca
          namespace: default
        # Change
        autoGenerate: true
        # to something like
        management:
          enabled: true
          caCertLifetime: 2y
          caCertRenewalThreshold: 1y

@nightkr nightkr self-assigned this Jan 30, 2024
nightkr added a commit that referenced this issue Jan 30, 2024
@nightkr
Make CA lifetimes configurable
5f26ea7 
Fixes #354
This was referenced Jan 30, 2024
Merged
Closed
github-merge-queue bot pushed a commit that referenced this issue Feb 1, 2024
@nightkr
Make CA lifetimes configurable (#357)
f5bdbe3 
* Make CA lifetimes configurable

Fixes #354

* Changelog

* Rename autoTls.ca.caLifetime to caCertificateLifetime

* Docs

* Fix børked tests

* Fix broken doc link
@lfrancke
Copy link
Member

lfrancke commented Feb 2, 2024

Is this also the issue that moves the default lifetime to 1y?

@sbernauer
Copy link
Member Author

Nope, that's a different one (#358).
This only gives the config option

@sbernauer sbernauer changed the title Allow configuring CA cert lifetime and refresh interval Allow configuring CA cert lifetime Feb 2, 2024
@sbernauer sbernauer changed the title Allow configuring CA cert lifetime Allow configuring CA certificate lifetime Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nightkr nightkr

Labels
release/2024-03
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make CA lifetimes configurable stackabletech/secret-operator
3 participants
@lfrancke @nightkr @sbernauer