New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature request: Add custom renewal time for certificates #437
Comments
#292 adds this feature, although it is set on a per-issuer basis (i.e. we add a |
wow, thanks for the mega quick reply. I'll look through that Pull Request and see if it has what I need. |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
This has been completed in #893 😄 |
It'd be useful to give people more control over when certificates renew rather than a constant 30 days before expiry. Shorter times would be useful for testing, and in general people or companies could choose a different interval to match their own schedule.
At the moment the time to renewal is set as a constant in
pkg/controller/certificates/sync.go
const renewBefore = time.Hour * 24 * 30
It subtracts this number from the expiry date and renews if the result is less than 0
I propose that the user should be allowed to provide their own renewIn as an annotation on the ingress or a field in the certificate issue. In the form of a string "00d00h00m".
The tricky thing is, since as of now the code relies on a fixed timestamp on the certificate to count down the hours until renewal. A variable renewal time would have to be stored somewhere. Possibly as a field on the certificate resource.
Basically the program would take this string, convert it into a duration, subtract that duration from the expiry date, and store this as a renewBefore. So for instance if the user provides 15d00h00m. For a certificate that expires in 90 days renewBefore should be set to
90 days - 15 days = 75 days
. So we'd store75*time.Hour*24 + 0*time.Hour + 0*time.Minute
or as a string75d00h00m
So then every time the controller checks if it should renew instead of subtracting the constant
time.Hour * 24 * 30
it would get the custom duration and subtract that.I've started writing some of this code, but I'm having trouble figuring out a) how to read from an annotation and pass it onto
pkg/controller/certificates/sync.go
b) how to read and write from the certificate resource forpkg/controller/certificates/sync.go
I also wonder if other people might not have a better way to do this. This is just what I figured would be one way to do it that leaves most of the existing code untouched.
/kind feature
The text was updated successfully, but these errors were encountered: