Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cert-manager managed CA certificate Duration & ExpiryWindow #397

Open
mekaan opened this issue Jun 19, 2024 · 0 comments
Open

Cert-manager managed CA certificate Duration & ExpiryWindow #397

mekaan opened this issue Jun 19, 2024 · 0 comments

Comments

@mekaan
Copy link
Contributor

mekaan commented Jun 19, 2024

Request

We request the ability to modify the CA certificate's Duration and ExpiryWindow in the Helm chart, similar to how we can modify these values for node and client certificates.

Why this feature is needed

The default duration is 90 days. When the node certificates have a duration exceeding 90 days, the nodes fail to authenticate because the CA certificate used to create them must remain valid for the node certificate to be valid. Therefore, it is essential to have a CA certificate duration longer than the node certificate duration. Since the default value for node certificate duration is 8760h, they become invalid before getting expire. This feature is necessary to ensure seamless authentication without any manual intervention.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant