You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the best way to do this? I can think of two possible solution -
Adding them as optional fields in Certificate and CertificateRequest apis -
We can add two optional fields, such as NotBefore and NotAfter along with Duration field and add some validation to make sure either Duration or NotAfter is set. If NotAfter field is set and NotBefore is empty, we can continue to use time.Now() in that case as well.
Providing these through Annotations
We can use annotations in both Certificate and CertificateRequest apis, to provide this information.
I think a new field would be preferable if we want this feature to be widely supported. The logic itself will have to be implemented by each issuer individually, if we only add support to a very limited set of issuers, an annotation might be preferable. Altering the CertificateRequest API is not a decision to be taken without much thought. So, creating a design document first might be desirable.
Is your feature request related to a problem? Please describe.
We want to issue a certificate with NotBefore set as some future time.
Describe the solution you'd like
Instead of using time.Now() here - https://github.com/cert-manager/cert-manager/blob/master/pkg/util/pki/certificatetemplate.go#L58, can you add support to set this as custom value?
/kind feature
The text was updated successfully, but these errors were encountered: