github/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-04-15 07:06:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use duration and renewBefore to control API cert rotation

Browse Source 
These configuration knobs are much more human-understandable than the
previous percentage-based threshold flag.

We now allow users to set the lifetime of the serving cert via a ConfigMap.
Previously this was hardcoded to 1 year.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
2020-08-20 15:17:18 -04:00
parent 3929fa672e
commit 39c299a32d
14 changed files with 190 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
pkg/config/testdata/no-discovery.yaml → pkg/config/testdata/default.yaml vendored
View File

4
pkg/config/testdata/happy.yaml vendored
View File

@@ -4,3 +4,7 @@ discovery:
webhook:
url: https://tuna.com/fish?marlin
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u
api:
servingCertificate:
durationSeconds: 3600
renewBeforeSeconds: 2400

8
pkg/config/testdata/invalid-duration-renew-before.yaml vendored Normal file
View File

@@ -0,0 +1,8 @@
---
webhook:
url: https://tuna.com/fish?marlin
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u
api:
servingCertificate:
durationSeconds: 2400
renewBeforeSeconds: 3600