Skip to content

Commit

Permalink
Fix default renewal period
Browse files Browse the repository at this point in the history 
Documentation and logged comments indicate the default should renew a
cert when it has only 1/3 of its valid lifetime left.  This fixes the
logic to match the documentation.  The code was previously renewing
when a cert had 2/3 of its valid lifetime left.

Signed-off-by: Sean Dilda <[email protected]>
  • Loading branch information
@seandilda
seandilda committed Apr 3, 2023
1 parent d7a6e49 commit b24dd59
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions internal/controller/sync.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,10 +169,10 @@ func (r *Route) hasValidCertificate(route *routev1.Route) bool {
)
}
}
// As there is no renew-before, is the cert less than 2/3 through its life?
// As there is no renew-before, is the cert more than 2/3 through its life?
totalDuration := cert.NotAfter.Sub(cert.NotBefore)
timeToExpiry := cert.NotAfter.Sub(time.Now())
if timeToExpiry < (totalDuration * 2 / 3) {
if timeToExpiry < (totalDuration * 1 / 3) {
r.eventRecorder.Event(route, corev1.EventTypeNormal, ReasonIssuing, "Issuing cert as the existing cert is more than 2/3 through its validity period")
return false
}
Expand Down

0 comments on commit b24dd59

Please sign in to comment.