mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
47 lines
1.7 KiB
Plaintext
47 lines
1.7 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/virtual_machines/advanced_vm_management/virt-configuring-certificate-rotation.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="virt-troubleshooting-cert-rotation-parameters_{context}"]
|
|
= Troubleshooting certificate rotation parameters
|
|
|
|
[role="_abstract"]
|
|
Deleting one or more `certConfig` values in the `HyperConverged` custom resource (CR) causes the `certConfig` values to revert to the default values.
|
|
|
|
If the default values conflict with one of the following conditions, you receive an error message instead:
|
|
|
|
* The value of `ca.renewBefore` must be less than or equal to the value of `ca.duration`.
|
|
* The value of `server.duration` must be less than or equal to the value of `ca.duration`.
|
|
* The value of `server.renewBefore` must be less than or equal to the value of `server.duration`.
|
|
|
|
For example, if you remove the `server.duration` value, the default value of `24h0m0s` is greater than the value of `ca.duration`, which conflicts with the specified conditions:
|
|
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: hco.kubevirt.io/v1beta1
|
|
kind: HyperConverged
|
|
metadata:
|
|
name: kubevirt-hyperconverged
|
|
namespace: {CNVNamespace}
|
|
spec:
|
|
# ...
|
|
certConfig:
|
|
ca:
|
|
duration: 4h0m0s
|
|
renewBefore: 1h0m0s
|
|
server:
|
|
duration: 4h0m0s
|
|
renewBefore: 4h0m0s
|
|
# ...
|
|
----
|
|
|
|
This results in the following error message:
|
|
|
|
[source,terminal]
|
|
----
|
|
error: hyperconvergeds.hco.kubevirt.io "kubevirt-hyperconverged" could not be patched: admission webhook "validate-hco.kubevirt.io" denied the request: spec.certConfig: ca.duration is smaller than server.duration
|
|
----
|
|
|
|
The error message only mentions the first conflict. Review all `certConfig` values before you proceed.
|