Comment 2 for bug 1959779

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/827932
Committed: https://opendev.org/starlingx/config/commit/681deef0e509653109e3baa51e1b097b47dd68a3
Submitter: "Zuul (22348)"
Branch: master

commit 681deef0e509653109e3baa51e1b097b47dd68a3
Author: Michel Thebeau <email address hidden>
Date: Wed Feb 2 09:04:59 2022 -0500

    Add 180d alarm-before default for kube root CA

    The default 30 day alarm-before value for a root CA gives insufficient
    notice for certificate renewal in large deployments.

    Add a default 180 days and apply it to the kubernetes root CA.

    Test plan:
     - configure 180+ days k8s rootCA on bootstrap: PASS
     - examine /var/log/cert-alarm.log: kubernetes-root-ca: PASS
     - Observe expiring alarm 180 days before expiry: PASS

    Closes-Bug: 1959779

    Change-Id: Iaee16494bb29038753d8e7a7137d6795b473df4a
    Signed-off-by: Michel Thebeau <email address hidden>