Merge pull request #1091 from equinor/certificate-rotation-policy

set certificate private key rotation policy to always
equinor · Apr 17, 2024 · 8fed749 · 8fed749
2 parents 15f80a9 + b10aafa
commit 8fed749
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/pkg/apis/deployment/deployment_test.go b/pkg/apis/deployment/deployment_test.go
@@ -4034,6 +4034,7 @@ func Test_ExternalDNS_Legacy_ResourcesMigrated(t *testing.T) {
 		SecretTemplate: &cmv1.CertificateSecretTemplate{
 			Labels: map[string]string{kube.RadixAppLabel: appName, kube.RadixExternalAliasFQDNLabel: fqdnAutomation},
 		},
+		PrivateKey: &cmv1.CertificatePrivateKey{RotationPolicy: cmv1.RotationPolicyAlways},
 	}
 	assert.Equal(t, expectedCertSpec, cert.Spec)
 }
@@ -4097,6 +4098,7 @@ func Test_ExternalDNS_ContainsAllResources(t *testing.T) {
 			SecretTemplate: &cmv1.CertificateSecretTemplate{
 				Labels: map[string]string{kube.RadixAppLabel: appName, kube.RadixExternalAliasFQDNLabel: fqdn},
 			},
+			PrivateKey: &cmv1.CertificatePrivateKey{RotationPolicy: cmv1.RotationPolicyAlways},
 		}
 		assert.Equal(t, expectedCertSpec, cert.Spec)
 	}

diff --git a/pkg/apis/deployment/externaldns.go b/pkg/apis/deployment/externaldns.go
@@ -162,6 +162,9 @@ func (deploy *Deployment) createOrUpdateExternalDnsCertificate(externalDns radix
 			SecretTemplate: &cmv1.CertificateSecretTemplate{
 				Labels: radixlabels.ForExternalDNSTLSSecret(deploy.registration.Name, externalDns),
 			},
+			PrivateKey: &cmv1.CertificatePrivateKey{
+				RotationPolicy: cmv1.RotationPolicyAlways,
+			},
 		},
 	}