Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kuma-cp) dataplane certificate rotation #722

Merged
merged 2 commits into from
May 12, 2020
Merged

feat(kuma-cp) dataplane certificate rotation #722

merged 2 commits into from
May 12, 2020

Conversation

jakubdyszkiewicz
Copy link
Contributor

Summary

Introduce certificate rotation after 4/5 life of the certificate.
Also changed the default expiration to 30 days.

@jakubdyszkiewicz jakubdyszkiewicz requested a review from a team May 7, 2020 12:20
@tharun208 tharun208 mentioned this pull request May 7, 2020
Closed
@subnetmarco
Copy link
Contributor

Does this PR also introduce new properties for mtls? Also please link to the documentation PR once it's ready.

@jakubdyszkiewicz
Copy link
Contributor Author

@subnetmarco I still need to do builtin CA expiration and rsaBits. I'll update docs after this change

@jakubdyszkiewicz jakubdyszkiewicz force-pushed the parametrize-expiration branch from c6075e1 to 8a24bd6 Compare May 11, 2020 12:50
@jakubdyszkiewicz jakubdyszkiewicz changed the base branch from sds-cache to master May 11, 2020 12:51
lobkovilya
lobkovilya approved these changes May 12, 2020
View reviewed changes
pkg/sds/server/reconciler.go
return false, "", errors.Wrap(err, `invalid snapshot version format. Format should be "UnixNano;NameOfTheCA"`)
}
expiration := issuer.DefaultWorkloadCertValidityPeriod
if mesh.GetEnabledCertificateAuthorityBackend().GetDpCert().GetRotation().GetExpiration() != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think makes sense to specify MinWorkloadCertValidityPeriod to avoid a mess with small values

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you elaborate here? What will be the mess with small values?

@jakubdyszkiewicz jakubdyszkiewicz merged commit 13f503f into master May 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lobkovilya lobkovilya lobkovilya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jakubdyszkiewicz @subnetmarco @lobkovilya