Is there a clean way to update the domains (SAN) of a ManagedCertificate?
I assumed that updating a certificate would not cause an outage due to re-provisioning, and the old certificate would at least hang around until the new one is ready. Instead the old cert is deleted and you must wait ~50 minutes for the new cert to become active, leaving a nice dent in your uptime budget.
Is there a clean way to update the domains (SAN) of a ManagedCertificate?
I assumed that updating a certificate would not cause an outage due to re-provisioning, and the old certificate would at least hang around until the new one is ready. Instead the old cert is deleted and you must wait ~50 minutes for the new cert to become active, leaving a nice dent in your uptime budget.
I found an official workaround buried here: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#manual-update and while I could automate this, I feel that this normal usecase should be handled by the controller.
Is this a bug or a not well documented sharp edge?