b7e75df19b
Add note as include Add include where renewBefore is mentioned Address patchset 1 review comments Closes-Bug: 2042545 Change-Id: Iad4f58fd2cd4743605089b453ededce1e720c8e9 Signed-off-by: Ron Stone <ronald.stone@windriver.com>
16 lines
686 B
ReStructuredText
16 lines
686 B
ReStructuredText
.. _recommended-renewbefore-value-for-certificates-c929cf42b03b:
|
|
|
|
|
|
.. note::
|
|
|
|
The Certificate usage of Cert-manager Documentation
|
|
(https://cert-manager.io/docs/usage/certificate/) states that one should
|
|
"Take care when setting the ``renewBefore`` field to be very close to the
|
|
duration as this can lead to a renewal loop, where the Certificate is always
|
|
in the renewal period."
|
|
|
|
In the light of the statement above, you must not set ``renewBefore`` to a
|
|
value very close to the "duration" value, such as a renewBefore of 29 days
|
|
and a duration of 30 days. Instead, you could set values such as
|
|
renewBefore=15 days and duration=30 days to avoid renewal loops.
|