kubernetes
Allow SSL certificate expiration warning threshold to be adjusted
Some PKI implementations like https://github.com/smallstep/certificates issue aggressively short-lived certificates by default (24 hours, for example). In situations where this is the desired/intended configuration for Ingress TLS certs, this causes a disproportionate amount of warning messages.
W0122 17:44:59.804433 9 controller.go:1339] SSL certificate for server "prometheus.k8s.home.arpa" is about to expire (2022-01-23 16:50:14 +0000 UTC)
W0122 17:44:59.804670 9 controller.go:1339] SSL certificate for server "grafana.k8s.home.arpa" is about to expire (2022-01-23 16:50:15 +0000 UTC)
W0122 17:44:59.804801 9 controller.go:1339] SSL certificate for server "alertmanager.k8s.home.arpa" is about to expire (2022-01-23 16:50:15 +0000 UTC)
The warning threshold is currently hard-coded here: https://github.com/kubernetes/ingress-nginx/blob/abdece6e80b6d54d177cf3f51e43d1f8220c1b1c/internal/ingress/controller/controller.go#L1349
It would be useful to make this an adjustable value.
Hi @gclawes ,
There is lack of resources & developer time. This seems like a reasonable improvement. Lets hope the developers get time to come around and look at this.
/triage accepted
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue or PR with
/reopen - Mark this issue or PR as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
@k8s-triage-robot: Closing this issue.
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue or PR with
/reopen- Mark this issue or PR as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
