Details
-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
1. Proposed title of this feature request
Extend the validity of CSR-signer CA initially configured on the OCP cluster to one month instead of 1 day for a newly installed cluster.
2. What is the nature and description of the request?
The csr-signer CA initially configured on the OCP cluster seems to have a short validity of one day and hence client certificates signed by this CA via CSR request lack enough validity for us to deploy our CNF applications on the cluster.
3. Why does the customer need this? (List the business requirements here)
As RAN rollouts happen in a short time window, we are setting up the infrastructure (OCP cluster) and workloads (CNF applications deployed on OCP cluster) in a span of few hours. We are creating client certificate to access the OCP cluster remotely to deploy the CNF applications. Due to short day validity of CA, our client certificates have a shorter validity as well and we are unable to deploy or undeploy CNF applications using these certificates.
4. List any affected packages or components.
kube-controller-manager,CSR, installer
