-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
openshift-4.11.z, openshift-4.12, openshift-4.13
-
False
-
None
-
False
-
Not Selected
-
-
-
-
1. Proposed title of this feature request
Notify/Display the list of certs which expires in next 30 days
2. What is the nature and description of the request?
Motivation of the RFE is to ONLY display all the certs in the cluster (platform+apps) which expiry in 1 month regardless of auto rotating or no ,
WE can get list of all the TLS in cluster using below command, Can we use the command in the Code and generate a report that displays the cert expiry report in the OCP console
echo -e "NAMESPACE\tNAME\tEXPIRY" && oc get secrets -A -o go-template='{{range .items}}{{if eq .type "kubernetes.io/tls"}}{{.metadata.namespace}}{{" "}}{{.metadata.name}}{{" "}}{{index .data "tls.crt"}}{{"\n"}}{{end}}{{end}}' | while read namespace name cert; do echo -en "$namespace\t$name\t"; echo $cert | base64 -d | openssl x509 -noout -enddate; done | column -t
3. Why does the customer need this? (List the business requirements here)
Helps in Monitoring of the cluster certs Ensures if there are any certs rotating causing the pod restart CU will not panic Makes sure CU timely rotates the certs that do not auto rotate reduces the incoming support cases
4. List any affected packages or components.
- Kube-apiserver
- KCM
- Ingress
- node
- openshift-apiserver
- openshift-authnetication
- relates to
-
-
- Rejected
-
