New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reviewing 'minimum certificate duration' requirements and handling #3067
Comments
Tested on the latest alpha and we do seem to enforce it now :) I'll just blame an old cert-manager version with bad validation when I saw this before.
I think we should add a minimal duration check, well keep it as it seems to work. Just to prevent user error making
Adding a more reasonable edge case the user requests a longer valid cert than it receives and the duration happens to be 1 minute more than the renewBefore? Should we enforce a minimal duration on the CR?
How about we do a check on that, if so place the CR in a failed state so it is exponentially retried till the CA fixes their behavior? |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jetstack-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
As per #3038 (comment), we should ensure that the 'minimum certificate duration' logic we have is a) needed and b) works properly.
/milestone Next
/priority important-longterm
/area api
The text was updated successfully, but these errors were encountered: