fix(cert-manager): Ensure there is at least one leaf certificate rene…

…wal when renewing the CA The renewBefore value for the root ca was simply too low barely giving the leaf certificate any time to renew itself. This leads to the root ca expiring before the leaf certificates expires. By removing the renewBefore values we go back to the 2/3 default and as long as the leaf certificate is only valid for half of the root it should be fine. Signed-off-by: Miguel Sacristán Izcue <[email protected]>
kedacore · Dec 1, 2024 · ca8f2f4 · ca8f2f4
1 parent 3ad2830
commit ca8f2f4
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/keda/templates/cert-manager/self-ca.yaml b/keda/templates/cert-manager/self-ca.yaml
@@ -13,8 +13,7 @@ spec:
   privateKey:
     algorithm: RSA
     size: 2048
-  duration: 8760h0m0s # 1 year
-  renewBefore: 720h0m0s # 1 month
+  duration: 43800h0m0s # 5 years
   issuerRef:
     name: {{ .Values.operator.name }}-selfsigned-issuer
     kind: Issuer