operator icon indicating copy to clipboard operation
operator copied to clipboard

Published 20 hours ago verified publisher icon minio

Support automatic certificate rotation for KES tls secrets

Open cyvcloud opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe. We configure our k8s controller manager in a way to only create short lived certificates (using --cluster-signing-duration=96h0m0s). Additionally we use the Minio operator to deploy Minio tenants in combination with KES. We would like to use the auto certificate generation of the operator but this means that after 4 days we have to manually delete the KES tls secret for it to be regenerated by the operator. Otherwise trying to login to the console fails with an error message informing us that the KES service certificate has expired.

Describe the solution you'd like The operator should rotate the KES certificate and restart the KES pods a certain amount of time before the KES tls certificates expire.

Describe alternatives you've considered We are currently investigating the use of cert-manager to automate the creation of KES certificates.

cyvcloud avatar Feb 28 '23 14:02 cyvcloud

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 11 '23 13:06 stale[bot]

@pjuarezd is this already fixed?

cesnietor avatar Sep 11 '23 17:09 cesnietor

not sure, will research it

pjuarezd avatar Sep 12 '23 21:09 pjuarezd