The current certificate rotation to start we needs to wait for 24 hours, which is a blocker for CodeReady Containers team's build process. Also for CI process also I think the initial cert rotation time interval should be customized to minutes and not 24 hours.
There must be someway to reduce the initial cert rotation to couple of minutes or less.
// GetCertRotationScale The normal scale is based on a day. The value returned by this function
// is used to scale rotation durations instead of a day, so you can set it shorter.
func GetCertRotationScale(client kubernetes.Interface, namespace string) (time.Duration, error) {
certRotationScale := time.Duration(0)
err := wait.PollImmediate(time.Second, 1*time.Minute, func() (bool, error) {
certRotationConfig, err := client.CoreV1().ConfigMaps(namespace).Get("unsupported-cert-rotation-config", metav1.GetOptions{})
if err != nil {
if errors.IsNotFound(err) {
return true, nil
}
return false, err
}
if value, ok := certRotationConfig.Data["base"]; ok {
certRotationScale, err = time.ParseDuration(value)
if err != nil {
return false, err
}
}
return true, nil
})
if err != nil {
return 0, err
}
if certRotationScale > 24*time.Hour {
return 0, fmt.Errorf("scale longer than 24h is not allowed: %v", certRotationScale)
}
return certRotationScale, nil
}