Can the duration of the server cert that is generated for the webhook be set?

[michaelajr]

Is your feature request related to a problem? Please describe.

We are running the webhook on the host network - and our scanning tools are picking up that the cert is going to expire in a few days. We get cyber alerts raised when when this happens.

Describe the solution you'd like

Is there any way to set the duration and renewal time of the generated TLS cert used by the webhook server?

Describe alternatives you've considered

Additional context

Environment details (remove if not applicable): EKS

• Kubernetes version: 1.26
• Cloud-provider/provisioner: AWS/EKS
• cert-manager version: 1.13.1-r4
• Install method: e.g. helm/static manifests: helm

/kind feature

[michaelajr]

I think this is closed by #6552

[jetstack-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. /lifecycle stale

[jetstack-bot]

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close. /lifecycle rotten /remove-lifecycle stale

[cert-manager-bot]

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten. /close

[cert-manager-prow[bot]]

@cert-manager-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.