starlingx/docs
Code Issues Proposed changes
docs/doc/source/shared/_includes/recommended-renewbefore-value-for-certificates-c929cf42b03b.rest
Ron Stone b7e75df19b Recommended "renewBefore" value for a certificate (r8, r7, r5, r5, dsR8, dsR7, dsR6, dsR5) 
Add note as include
Add include where renewBefore is mentioned
Address patchset 1 review comments

Closes-Bug: 2042545

Change-Id: Iad4f58fd2cd4743605089b453ededce1e720c8e9
Signed-off-by: Ron Stone <ronald.stone@windriver.com>
2023-11-07 15:03:24 +00:00

16 lines
686 B
ReStructuredText
Raw Permalink Blame History

.. _recommended-renewbefore-value-for-certificates-c929cf42b03b:
.. note::
The Certificate usage of Cert-manager Documentation
(https://cert-manager.io/docs/usage/certificate/) states that one should
"Take care when setting the ``renewBefore`` field to be very close to the
duration as this can lead to a renewal loop, where the Certificate is always
in the renewal period."
In the light of the statement above, you must not set ``renewBefore`` to a
value very close to the "duration" value, such as a renewBefore of 29 days
and a duration of 30 days. Instead, you could set values such as
renewBefore=15 days and duration=30 days to avoid renewal loops.
View Git Blame Copy Permalink