feat: daily crl rotation

3scale-ops / aws-cvpn-pki-manager

A small API that helps you manage the PKI infrastructure for your AWS Client VPN setup

Apache License 2.0

1 stars 1 forks source link

feat: daily crl rotation #10

Closed raelga closed 2 years ago

raelga commented 2 years ago

The CRL update operation resets all clients connections as stated in the documentation:

https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#EC2.ImportClientVpnClientCertificateRevocationList

screenshot_2022-06-20_at_16 24 15_720

This PR changes the rotation cron task to @daily schedule (each day, at 00:00) to mitigate the user impact.

Also fixes the Excessive Platform Resource Consumption within a Loop in Kubernetes #3 security issue.

/kind feature /kind release /priority important-longterm /assign

slopezz commented 2 years ago

/lgtm

3scale-robot commented 2 years ago

LGTM label has been added.

Git tree hash: 10087fa2bd54cecc71016f46a329e2590b712237

raelga commented 2 years ago

/approve

3scale-robot commented 2 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: raelga

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/3scale-ops/aws-cvpn-pki-manager/blob/main/OWNERS)~~ [raelga] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment