aks-hybrid icon indicating copy to clipboard operation
aks-hybrid copied to clipboard

Published 20 hours ago verified publisher icon Azure

Allow users to schedule certificate updates (or set expiration date when running Update-AksHciCertificates)

Open eponerine opened this issue 2 years ago • 3 comments

After May 2022 release, users have 90 days to either upgrade their deployment or update their certificates with Update-AksHciCertificates

This is a drag to have to manually do, especially in environments where stability is paramount (not everyone wants to run the most bleeding edge version of Kubernetes). And from a Customer Support POV, I imagine a decent chunk of tickets come in with users having this issue?

If there is no plan to auto-rotate certs internally, then can we have a way to schedule the Update-AksHciCertificates command using Scheduled Tasks (or clustered scheduled tasks)?

Alternatively, can we have a flag on Update-AksHciCertificates to specify an expiration longer than 90 days?

eponerine avatar Sep 21 '22 14:09 eponerine

We would really appreciate this feature! We are not even in production yet, but it's still a hassle to maintain this.

azpoul avatar Jan 26 '23 12:01 azpoul

Hey @PragyaDw - I see this was maybe gonna make the Jan/Feb release? Is there any update on it?

eponerine avatar Mar 20 '23 20:03 eponerine

Hey @eponerine we shipped the auto rotate cert feature in Feb release: https://github.com/Azure/aks-hybrid/issues/292 Adding @baziwane for more clarity

PragyaDw avatar Mar 22 '23 17:03 PragyaDw