Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow cert rotation to store less backup tls directories #5532

Closed
rancher-max opened this issue May 3, 2022 · 1 comment
Closed

Allow cert rotation to store less backup tls directories #5532

rancher-max opened this issue May 3, 2022 · 1 comment
Labels
area/cert-rotation
Projects
Development [DEPRECATED]

Comments

@rancher-max
Copy link
Contributor

By default, I believe this value is unlimited. We should allow users to be able to specify how many backups they may want, and by default only store 2-5. In current state, you could have a directory like the following after doing multiple cert rotations, which may be undesired on some systems.

# /var/lib/rancher/k3s/server
tls
tls-81281295
tls-81281300
tls-81281305
tls-81281310
tls-81281315
tls-81281320
tls-81281325
tls-81281330
tls-81281335

I'd expect it to work similar to the following, where the number specified is how many backup files to store:

$ k3s server --cert-rotation-retention=5

...
# /var/lib/rancher/k3s/server
tls
tls-81281315
tls-81281320
tls-81281325
tls-81281330
tls-81281335
@rancher-max rancher-max added this to To Triage in Development [DEPRECATED] via automation May 3, 2022
@caroline-suse-rancher
Copy link
Contributor

Closing, as we now offer cert rotation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/cert-rotation
Projects
K3s Development
Archived in project
Development [DEPRECATED]
To Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rancher-max @caroline-suse-rancher