Cert-manager managed CA certificate Duration & ExpiryWindow

### Request

We request the ability to modify the [CA certificate](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/templates/certificate.ca.yaml)'s Duration and ExpiryWindow in the Helm chart, similar to how we can modify these values for [node](https://github.com/cockroachdb/helm-charts/blob/31f086fb896d53658bf29e51fdc61a2b45a6efb3/cockroachdb/values.yaml#L528) and [client](https://github.com/cockroachdb/helm-charts/blob/31f086fb896d53658bf29e51fdc61a2b45a6efb3/cockroachdb/values.yaml#L524) certificates.
### Why this feature is needed

The [default duration is 90 days](https://cert-manager.io/v1.2-docs/faq/#if-renewbefore-or-duration-is-not-defined-what-will-be-the-default-value). When the node certificates have a duration exceeding 90 days, the nodes fail to authenticate because the CA certificate used to create them must remain valid for the node certificate to be valid. Therefore, it is essential to have a CA certificate duration longer than the node certificate duration. Since the [default value for node certificate duration](https://github.com/cockroachdb/helm-charts/blob/31f086fb896d53658bf29e51fdc61a2b45a6efb3/cockroachdb/values.yaml#L528) is 8760h, they become invalid before getting expire. This feature is necessary to ensure seamless authentication without any manual intervention.

Jira issue: HELM-12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cert-manager managed CA certificate Duration & ExpiryWindow #397

Request

Why this feature is needed

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cert-manager managed CA certificate Duration & ExpiryWindow #397

Description

Request

Why this feature is needed

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions