New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add renewBeforePercentage alternative to renewBefore #6987
base: master
Are you sure you want to change the base?
Conversation
Hi @cbroglie. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I can do a pass to update the relevant docs as well if things look reasonable functionality wise. I considered introducing a |
/ok-to-test |
@cbroglie the tests are failing, could you take a look? |
Yep, will do. I was only running |
4c19cad
to
2ada16e
Compare
6264b5b
to
686e461
Compare
Thank you @cbroglie for this well-written feature! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, really appreciate you raising this - it's a great addition and it makes a tonne of sense.
We discussed this today (2024-05-14) and we love the idea but we're scared of the breaking change to our Go API. I've added a comment with a suggested change which wouldn't be breaking; what do you think?
686e461
to
b4c2e2d
Compare
New changes are detected. LGTM label has been removed. |
Since the actual duration is unknown until a cert has been issued, providing an absolute duration for renewBefore can result in accidental renewal loops. The new renewBeforePercentage field computes the effective renewBefore using the actual duration, allowing users to better express intent while maintaining backwards compatibility. Fixes cert-manager#4423, resolves cert-manager#5821 Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
b4c2e2d
to
65cfbdf
Compare
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.
Fixes #4423, resolves #5821
Pull Request Motivation
#4423 (comment)
Kind
/kind feature
Release Note