How to test certificate rotation - cniackz/public GitHub Wiki

How to test certificate rotation:

1. Change --cluster-signing-duration from 1 year to 15 minutes:

• How to change kube-controller-manager in kubernetes

2. Deploy Operator

3. Deploy Tenant

4. Observe how the tenant tls secret gets rotated every 15 minutes or so:

• From:

        Validity
            Not Before: Sep 15 13:33:42 2023 GMT
            Not After : Sep 15 13:53:42 2023 GMT

• To:

        Validity
            Not Before: Sep 15 13:47:31 2023 GMT
            Not After : Sep 15 14:07:31 2023 GMT

Additional information:

• For reading/decoding a cert, use openssl commands like:

openssl x509 -in public-2.crt -text