Comment 3 for bug 1949238

Reviewed: https://review.opendev.org/c/starlingx/config/+/816069
Committed: https://opendev.org/starlingx/config/commit/947226b935c77b86464b80e189e302bc05feb380
Submitter: "Zuul (22348)"
Branch: master

commit 947226b935c77b86464b80e189e302bc05feb380
Author: Rafael Camargos <email address hidden>
Date: Fri Oct 29 18:18:07 2021 -0300

    Ignore 500.200 alarm on kube rootca update

    Generating a close-to-expiration certificate is a possible scenario of
    the rootca update procedure but it is not handled within the
    `kube-rootca-update-complete` command.

    This adds the 'certificate expiring soon' (500.200) alarm to the
    `kube-rootca-update-start` and `kube-rootca-update-complete` ignore list
    in order to allow starting and completing the update using a certificate
    that has an expiration date below the threshold.

    Note that it is still not possible starting the update if the rootca
    certificate has already expired. Same for generating an expired
    certificate during the update.

    Test Plan:

    PASS: Verify that the rootca update can be started if a certificate is
    expiring soon
    PASS: Verify that the rootca update can be completed after generating a
    certificate expiring soon

    Closes-Bug: 1949238
    Signed-off-by: Rafael Camargos <email address hidden>
    Change-Id: I241861890f56abd32b35e6e7b465cfd0515b75d9