You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently all certificates expire 5 years after creation.
Do we want to utilize a parameter for this value? Also, maybe a separate parameter specifically for the common authority certificates for kube-apiserver and etcd, maybe also with a bit longer default?
Maybe also have another parameter for forcing recreation of common authorities, regenerate_ca_certificates=True (in additionl to regenerate_certificates).
When the time comes to renew certificates (common authorities specifically) it would be nice with a zero-downtime routine. I'll see if I can try to test this routine (as soon as I have time). If it only means downtime for state updates (such as Ingress controller config and node updates and similar), I think it's OK. As long as traffic are still routed properly to the containers.
The text was updated successfully, but these errors were encountered:
Currently all certificates expire 5 years after creation.
Do we want to utilize a parameter for this value? Also, maybe a separate parameter specifically for the common authority certificates for
kube-apiserver
andetcd
, maybe also with a bit longer default?Maybe also have another parameter for forcing recreation of common authorities,
regenerate_ca_certificates=True
(in additionl toregenerate_certificates
).When the time comes to renew certificates (common authorities specifically) it would be nice with a zero-downtime routine. I'll see if I can try to test this routine (as soon as I have time). If it only means downtime for state updates (such as Ingress controller config and node updates and similar), I think it's OK. As long as traffic are still routed properly to the containers.
The text was updated successfully, but these errors were encountered: