You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before() function , that we are using here, compares if a time has happened before the time provided as the argument and returns false if both times are equal.
returntrue, "Certificate about to expire, rotating certificate"
}
We need to trigger cert rotation before/equals/close to actual cert expiration. For that we can compare expiryTime with nextRun using Sub() function.
Also, we came across with a case while rotating root cert every month, helm chart calculated the cronStr as 0 0 */23 * * (i.e. cron gets executed every 1st and 23rd day of the month). Our certificate didn't get rotated and was due expiration on 7th day of the month. Rotation didn't happen by the cronjob that ran on the 1st day of the month and the next run is in 23 days while the certificate is expiring in 6 days. So, to avoid this issue, we should also calculate if the cert is expiring before next-to-next cronjob run.
The text was updated successfully, but these errors were encountered:
Before()function , that we are using here, compares if a time has happened before the time provided as the argument and returns false if both times are equal.helm-charts/pkg/resource/tls_secret.go
Lines 159 to 163 in c1bd1b7
We need to trigger cert rotation before/equals/close to actual cert expiration. For that we can compare
expiryTimewithnextRunusingSub() function.Also, we came across with a case while rotating root cert every month, helm chart calculated the
cronStras0 0 */23 * *(i.e. cron gets executed every 1st and 23rd day of the month). Our certificate didn't get rotated and was due expiration on 7th day of the month. Rotation didn't happen by the cronjob that ran on the 1st day of the month and the next run is in 23 days while the certificate is expiring in 6 days. So, to avoid this issue, we should also calculate if the cert is expiring before next-to-next cronjob run.The text was updated successfully, but these errors were encountered: