search

open-cluster-management-io / registration

hub / spoke registration controllers
Apache License 2.0
42 stars 58 forks source link

Specify ExpirationSeconds in CSR request #311

Closed youhangwang closed 1 year ago

youhangwang commented 1 year ago

v1CSRControl create a csr request without ExpirationSeconds. the expiration time of the signed certificate depends on the --cluster-signing-duration in controller manager.

can we add a expirationSeconds param in the function to specify a expiration time to create a csr?

https://github.com/open-cluster-management-io/registration/blob/fc792f3816ed1e2f2d0609a5c0ac69da32ed2ab9/pkg/clientcert/certificate.go#L216

skeeey commented 1 year ago

yeah, we may add an option for registration agent to configure this

/cc @qiujian16

qiujian16 commented 1 year ago

+1

youhangwang commented 1 year ago

I can make this change as the first contribution to OCM proj ;)