[K8SPSMDB-574] Set certificate duration for external certificates to 100 years - Percona JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Done
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.0
Component/s: None
Labels:
None

Needs QA:
Yes
Needs Doc:
Yes
Needs Deploy:
Yes

Description

We are going to allow user to choose the validity duration of the external certificate for cert manager. Right now it is 90 days, which might be suboptimal for some deployments.

Community PR (https://github.com/percona/percona-server-mongodb-operator/pull/779) is great, but it sets default duration to 100 years, which is not aligned with security best practices.

We are going to add a new section

spec:
  tls:

Under it we are going to have

spec:
  tls:
    certValidityDuration:

Measured in days.
90 days is default

Attachments

Activity

People

Assignee:: Dmitriy Kostiuk

Reporter:: Ege Gunes

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Oct/21 1:10 PM

Updated:: 05/May/22 3:51 PM

Resolved:: 30/Nov/21 5:10 PM