cert-manager icon indicating copy to clipboard operation
cert-manager copied to clipboard

Published 20 hours ago verified publisher icon cert-manager

Schedule certificate renewal outside business hours

Open charvadzo opened this issue 1 year ago • 17 comments

Is your feature request related to a problem? Please describe. When a server certificate is renewed the server usually needs to be restarted to reload. This restart means disconnecting currently connected clients in case of a stateful connection.

Describe the solution you'd like If it would be possible to schedule renewal only to some time window during the day (maybe day in a week as well) it would be possible to do it outside business hours and minimize service disruption for the clients.

Describe alternatives you've considered Tried alternative approach to reload certificate without server restart but is some cases I did not found a way (e.g. VertX MQTT server).

Additional context Currently I'm using Stakater Reloader to restart the servers upon cert renewal

/kind feature

charvadzo avatar Feb 13 '24 08:02 charvadzo

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. /lifecycle stale

cert-manager-bot avatar May 13 '24 09:05 cert-manager-bot

Still relevant

applejag avatar May 13 '24 10:05 applejag

/remove-lifecycle stale

charvadzo avatar May 13 '24 20:05 charvadzo

any possible workarounds for this?

oanabutaru98 avatar May 22 '24 21:05 oanabutaru98

@oanabutaru98 at our workplace we've employed a very crude workaround.

We've set a reminder about a week before when the Certificate will renew (seen in .status.renewalTime), and then task someone to run cmctl renew to manually renew it outside office hours :)

applejag avatar May 23 '24 13:05 applejag