diff --git a/controllers/libs/cert/certificates.go b/controllers/libs/cert/certificates.go index f4c1d891..3e3df3f8 100644 --- a/controllers/libs/cert/certificates.go +++ b/controllers/libs/cert/certificates.go @@ -17,7 +17,7 @@ const ( LocalCACertSecretName = "ca-cert" ) -var EonDuration, _ = time.ParseDuration("219000h") // 25 years +var EonDuration, _ = time.ParseDuration("262800h") // 30 years func MkBaseCertificate(name string, ns string, issuerName string, dnsNames []string, secretName string, isCA bool, duration time.Duration, diff --git a/controllers/softwarefactory_controller.go b/controllers/softwarefactory_controller.go index 51cbd17e..589c67ac 100644 --- a/controllers/softwarefactory_controller.go +++ b/controllers/softwarefactory_controller.go @@ -106,7 +106,7 @@ func (r *SFController) cleanup() { caCert := certv1.Certificate{} if r.GetM(cert.LocalCACertSecretName, &caCert) { // Here we are detecting the previous version duration to ensure we have to run the cleanup - prevDuration, _ := time.ParseDuration("87600h") // 10y + prevDuration, _ := time.ParseDuration("219000h") // 25y if caCert.Spec.Duration.Duration.String() == prevDuration.String() { for _, name := range []string{"zookeeper-server", "zookeeper-client", "ca-cert"} { // remove invalid certificate resource @@ -117,6 +117,15 @@ func (r *SFController) cleanup() { }, }) } + for _, name := range []string{"zookeeper-server-tls", "zookeeper-client-tls", "ca-cert"} { + // Remove matching secrets + r.DeleteR(&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: r.ns, + }, + }) + } } } diff --git a/doc/reference/CHANGELOG.md b/doc/reference/CHANGELOG.md index a0a22c0e..3f5ae352 100644 --- a/doc/reference/CHANGELOG.md +++ b/doc/reference/CHANGELOG.md @@ -7,7 +7,13 @@ All notable changes to this project will be documented in this file. ### Added ### Removed ### Changed + +- zookeeper - increase certificate validity duration to 30 years + ### Fixed + +- zookeeper - certificates duration bump of version v0.0.42 was partially handled due to a missing removal of the corresponding `Secrets` resources. + ### Security ## [v0.0.42] - 2024-09-12