[Bug]: fix(example): schedule for re-generate client cert (postgresql , cockroach) #310
Open
2 tasks done
Labels
bug
Something isn't working
Comments
panapol-p
changed the title
panapol-p
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight Checklist
Version
all version
App version
all version
Describe the problem caused by this bug
In the charts for 2-postgres-secure and 4-cockroach-secure, we have observed an issue where certificates expire within one year. The database certificates are automatically generated by CockroachDB and PostgreSQL, but the client certificates do not have an automatic renewal function to regenerate them before they expire.
Could we consider adding functionality to automatically generate new client certificates prior to expiration? This would help prevent any service interruptions caused by expired certificates.
To reproduce
1.Shorten the Client Certificate Lifetime:
Modify the client certificate expiration in the file zitadel-cert-job.yaml to reduce its validity period.
2.Deploy the Chart:
Deploy the chart with the updated client certificate expiration settings.
3.Wait for Certificate Expiration:
Allow the system to run until the client certificate reaches its (shortened) expiration time.
4.Observe the Failure:
After the certificate expires, the client will be unable to connect, and Zitadel will crash.
Logs
No response
Expected behavior
The system should automatically re-create the client certificate before it expires, ensuring that Zitadel continues to operate normally without crashing.
Relevant Configuration
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: