Skip to content

K8SPXC-1494: add .spec.tls.certValidityDuration field #2127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

K8SPXC-1494: add .spec.tls.certValidityDuration field #2127

wants to merge 7 commits into from
+116 −35

Conversation

@pooknull
Copy link
Contributor

@pooknull pooknull commented Jul 23, 2025
edited
Loading

K8SPXC-1494 Powered by Pull Request Badge

https://perconadev.atlassian.net/browse/K8SPXC-1494

DESCRIPTION

This PR adds a .spec.tls.certValidityDuration and .spec.tls.caValidityDuration fields to the cr.yaml. These fields control the validity period of the TLS certificates generated by the operator

CHECKLIST

Jira

  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?
  • Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported PXC version?
  • Does the change support oldest and newest supported Kubernetes version?

@pull-request-size pull-request-size bot added the size/M 30-99 lines label Jul 23, 2025
@hors hors added this to the v1.19.0 milestone Jul 29, 2025
egegunes
egegunes requested changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@egegunes egegunes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pooknull please add PR description and check golangci-lint errors

egegunes
egegunes reviewed Nov 6, 2025
View reviewed changes
pkg/controller/pxc/tls.go Outdated
Group: issuerGroup,
},
Duration: &metav1.Duration{Duration: pxctls.DefaultValidity},
Duration: duration,
Copy link
Contributor

@egegunes egegunes Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so when i set validity duration all certs will be valid for this duration, including CA. i wonder if this will make rotation harder when these certs are expired. in PSMDB operator, we don't use this field for CA cert and hardcode 365 days for its validity duration (i don't think that approach is correct either bc what happens if user specifies 366 days for cert validity?). maybe we need to have a separate field for CA validity duration?

@hors wdyt?

Copy link
Collaborator

@hors hors Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am ok to add a separate field for CA validity duration

Copy link
Contributor Author

@pooknull pooknull Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ff71ada

@pull-request-size pull-request-size bot added size/L 100-499 lines and removed size/M 30-99 lines labels Nov 11, 2025
@pooknull pooknull marked this pull request as ready for review November 12, 2025 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hors hors hors left review comments

@egegunes egegunes egegunes requested changes

@jvpasinatto jvpasinatto Awaiting requested review from jvpasinatto jvpasinatto is a code owner

@eleo007 eleo007 Awaiting requested review from eleo007 eleo007 is a code owner

@valmiranogueira valmiranogueira Awaiting requested review from valmiranogueira valmiranogueira is a code owner

@nmarukovich nmarukovich Awaiting requested review from nmarukovich nmarukovich is a code owner

@gkech gkech Awaiting requested review from gkech gkech is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

size/L 100-499 lines

Projects

None yet

Milestone

v1.19.0

Development

Successfully merging this pull request may close these issues.

4 participants

@pooknull @hors @egegunes