Enable 'auto_renew_certificates' in the kubespray config
seumasdunlop opened this issue · comments
By default the certificates created by kubespray are only renewed during an upgrade and they are fixed to a one year duration so the cluster will stop working if it isn't kept on a current version. Ignoring the fact that upgrading is best practice there are some situations where it's not practical so kubespray has a auto_renew_certificates
option that runs a scheduled task to upgrade the certificates.
Should this option should be configurable within kubitect?
Very good point. I have not thought of such situations. So I think it can not hurt to add a configurable option in the 'kubernetes.kubespray' section of the configuration.
I'll include this into the next release.