Make the renewal margin configurable, in days before certificate expiry

[whereisaaron]

Currently certificates are renewed if they have less than a week before they expire. This is reasonable, but hard coded, and some people may wish to adjust that. In my case I'd like to match other ACME tool configurations on other system that are set for 10 days before expiry.

I propose adding an --renewal-margin-in-days argument for this setting. It will have a default value of 7. Values less that 1 will be treated as 1. Values greater that 89 will log a warning that this might be longer than the certificate lifetime; just a warning because Let's Encrypt or another ACME provider could ofer a different period or change their policy.

https://github.com/whereisaaron/kube-cert-manager/blob/master/processor.go#L337-L342

// If certificate expires in more than a week, don't renew
if parsedCert.NotAfter.After(time.Now().Add(time.Hour * 24 * 7)) {
	return false, nil
}

log.Printf("[%v] Expiry for cert is in less than a week (%v), attempting renewal", cert.Spec.Domain, parsedCert.NotAfter.String())

[sfrique]

@whereisaaron it seems it is at master already

https://github.com/PalmStoneGames/kube-cert-manager/blob/master/processor.go#L428

kube-cert-manager/main.go

Line 83 in 6cf132d

flag.IntVar(&renewBeforeDays, "renew-before-days", 7, "Renew certificates before this number of days until expiry")

[whereisaaron]

Yep @sfrique ! Kindly added by @stigsb a couple months ago in #62.