commit 681deef0e509653109e3baa51e1b097b47dd68a3
Author: Michel Thebeau <email address hidden>
Date: Wed Feb 2 09:04:59 2022 -0500
Add 180d alarm-before default for kube root CA
The default 30 day alarm-before value for a root CA gives insufficient
notice for certificate renewal in large deployments.
Add a default 180 days and apply it to the kubernetes root CA.
Test plan:
- configure 180+ days k8s rootCA on bootstrap: PASS
- examine /var/log/cert-alarm.log: kubernetes-root-ca: PASS
- Observe expiring alarm 180 days before expiry: PASS
Closes-Bug: 1959779
Change-Id: Iaee16494bb29038753d8e7a7137d6795b473df4a
Signed-off-by: Michel Thebeau <email address hidden>
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/827932 /opendev. org/starlingx/ config/ commit/ 681deef0e509653 109e3baa51e1b09 7b47dd68a3
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 681deef0e509653 109e3baa51e1b09 7b47dd68a3
Author: Michel Thebeau <email address hidden>
Date: Wed Feb 2 09:04:59 2022 -0500
Add 180d alarm-before default for kube root CA
The default 30 day alarm-before value for a root CA gives insufficient
notice for certificate renewal in large deployments.
Add a default 180 days and apply it to the kubernetes root CA.
Test plan: cert-alarm. log: kubernetes-root-ca: PASS
- configure 180+ days k8s rootCA on bootstrap: PASS
- examine /var/log/
- Observe expiring alarm 180 days before expiry: PASS
Closes-Bug: 1959779
Change-Id: Iaee16494bb2903 8753d8e7a7137d6 795b473df4a
Signed-off-by: Michel Thebeau <email address hidden>