)]}'
{"cert-rotation/Chart.yaml":[{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"3a01acb96dc53943a881230ccde5adb50438d314","unresolved":true,"context_lines":[{"line_number":13,"context_line":"---"},{"line_number":14,"context_line":"apiVersion: v1"},{"line_number":15,"context_line":"appVersion: \"1.0\""},{"line_number":16,"context_line":"description: Rotate the certificates geenrated by cert-manager"},{"line_number":17,"context_line":"home: https://cert-manager.io/"},{"line_number":18,"context_line":"name: cert-rotation"},{"line_number":19,"context_line":"version: 0.1.0"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"df5cc4a3_72e91961","line":16,"range":{"start_line":16,"start_character":37,"end_line":16,"end_character":47},"updated":"2021-05-07 22:22:27.000000000","message":"typo","commit_id":"b4900b38b4176f612aeb8be0bc61323cf3611ff8"}],"cert-rotation/templates/bin/_cron-job-rotate-certs.sh.tpl":[{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"0c10be28b947b57a2efa411f8f5cb23a4add3fe6","unresolved":true,"context_lines":[{"line_number":66,"context_line":"        sleep 30"},{"line_number":67,"context_line":"    fi"},{"line_number":68,"context_line":"    # Restart the resources that mount these certificates."},{"line_number":69,"context_line":"{{ tuple . | include \"cert-rotation.pod_restart\" | indent 4 }}"},{"line_number":70,"context_line":"fi"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"exit 0"}],"source_content_type":"text/x-smarty","patch_set":14,"id":"5bced3ab_ec1fd050","line":69,"range":{"start_line":69,"start_character":0,"end_line":69,"end_character":62},"updated":"2021-08-02 15:46:07.000000000","message":"would it be possible to create a list of exception resource that admin may not want to be restarting automatically, like for things that may cause traffic disruption or other unintended outages?","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"}],"cert-rotation/templates/bin/_helpers.tpl":[{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"1def50e26c773004d487168b13c1b70be0aaac6d","unresolved":true,"context_lines":[{"line_number":23,"context_line":"            fi"},{"line_number":24,"context_line":"        done"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"        idx\u003d$((idx+3))"},{"line_number":27,"context_line":"    done"},{"line_number":28,"context_line":"done"},{"line_number":29,"context_line":"{{- end -}}"}],"source_content_type":"text/x-smarty","patch_set":14,"id":"0659ef13_dad0510e","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":1},"updated":"2021-07-29 21:08:16.000000000","message":"nip: would be good to add comments about the magic number 3 😊","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"b60a9e9f4dc2ce1c40d378eb84f89dfb7c36f3bc","unresolved":false,"context_lines":[{"line_number":23,"context_line":"            fi"},{"line_number":24,"context_line":"        done"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"        idx\u003d$((idx+3))"},{"line_number":27,"context_line":"    done"},{"line_number":28,"context_line":"done"},{"line_number":29,"context_line":"{{- end -}}"}],"source_content_type":"text/x-smarty","patch_set":14,"id":"cdb866c1_bef17a9d","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":1},"in_reply_to":"0659ef13_dad0510e","updated":"2021-07-29 21:31:30.000000000","message":"It is code logic based of the output of line 8","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"6753436370eda87fe4eabc725821c3f28eaad93d","unresolved":false,"context_lines":[{"line_number":23,"context_line":"            fi"},{"line_number":24,"context_line":"        done"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"        idx\u003d$((idx+3))"},{"line_number":27,"context_line":"    done"},{"line_number":28,"context_line":"done"},{"line_number":29,"context_line":"{{- end -}}"}],"source_content_type":"text/x-smarty","patch_set":14,"id":"6b221ced_c65c9a26","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":1},"in_reply_to":"cdb866c1_bef17a9d","updated":"2021-08-02 19:32:06.000000000","message":"this is really confusing - and should be explained","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"}],"cert-rotation/templates/bin/_job-rotate-certs.sh.tpl":[{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"75c1a7ad818330f939ee408f2ca061620b30bc0b","unresolved":true,"context_lines":[{"line_number":31,"context_line":"echo \"Sleeping to give time for Certificates to be renewed\""},{"line_number":32,"context_line":"sleep 30"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"# Restart the resources that mount these certificates."},{"line_number":35,"context_line":"for kind in statefulset deployment daemonset"},{"line_number":36,"context_line":"do"},{"line_number":37,"context_line":"    resource\u003d($(kubectl get ${kind} -n ${namespace} -o custom-columns\u003d\u0027NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath\u0027 --no-headers | grep tls.crt))"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"    idx\u003d0"},{"line_number":40,"context_line":"    while [[ $idx -lt ${#resource[@]} ]]"},{"line_number":41,"context_line":"    do"},{"line_number":42,"context_line":"        resourceName\u003d${resource[$idx]}"},{"line_number":43,"context_line":"        resourceSecrets\u003d${resource[$idx+1]}"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"        for secret in ${resourceSecrets//,/ }"},{"line_number":46,"context_line":"        do"},{"line_number":47,"context_line":"            if [[ \"${secretsRotated[@]}\" \u003d~ \"${secret}\" ]]"},{"line_number":48,"context_line":"            then"},{"line_number":49,"context_line":"                echo \"Restarting ${kind} ${resourceName}\""},{"line_number":50,"context_line":"                kubectl rollout restart -n ${namespace} ${kind} ${resourceName}"},{"line_number":51,"context_line":"                break"},{"line_number":52,"context_line":"            fi"},{"line_number":53,"context_line":"        done"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"        idx\u003d$((idx+3))"},{"line_number":56,"context_line":"    done"},{"line_number":57,"context_line":"done"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"exit 0"}],"source_content_type":"text/x-smarty","patch_set":11,"id":"70f908b8_2a9ca17f","line":58,"range":{"start_line":34,"start_character":0,"end_line":58,"end_character":0},"updated":"2021-07-07 21:42:02.000000000","message":"Some of the code for the job seems to be duplicated with the cronjob. Can we avoid the duplicated code and logic by putting the common code in a function of separate tpl/file/script, then source the file and invoke the function accordingly?","commit_id":"d292289a8726526b6bfd8faae464717e0ecb4f85"},{"author":{"_account_id":30495,"name":"Nafiz Haider","email":"nafizhaider22@gmail.com","username":"nafh27"},"change_message_id":"68629f0eb21080737aafc7e825ce90be08941b33","unresolved":true,"context_lines":[{"line_number":31,"context_line":"echo \"Sleeping to give time for Certificates to be renewed\""},{"line_number":32,"context_line":"sleep 30"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"# Restart the resources that mount these certificates."},{"line_number":35,"context_line":"for kind in statefulset deployment daemonset"},{"line_number":36,"context_line":"do"},{"line_number":37,"context_line":"    resource\u003d($(kubectl get ${kind} -n ${namespace} -o custom-columns\u003d\u0027NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath\u0027 --no-headers | grep tls.crt))"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"    idx\u003d0"},{"line_number":40,"context_line":"    while [[ $idx -lt ${#resource[@]} ]]"},{"line_number":41,"context_line":"    do"},{"line_number":42,"context_line":"        resourceName\u003d${resource[$idx]}"},{"line_number":43,"context_line":"        resourceSecrets\u003d${resource[$idx+1]}"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"        for secret in ${resourceSecrets//,/ }"},{"line_number":46,"context_line":"        do"},{"line_number":47,"context_line":"            if [[ \"${secretsRotated[@]}\" \u003d~ \"${secret}\" ]]"},{"line_number":48,"context_line":"            then"},{"line_number":49,"context_line":"                echo \"Restarting ${kind} ${resourceName}\""},{"line_number":50,"context_line":"                kubectl rollout restart -n ${namespace} ${kind} ${resourceName}"},{"line_number":51,"context_line":"                break"},{"line_number":52,"context_line":"            fi"},{"line_number":53,"context_line":"        done"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"        idx\u003d$((idx+3))"},{"line_number":56,"context_line":"    done"},{"line_number":57,"context_line":"done"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"exit 0"}],"source_content_type":"text/x-smarty","patch_set":11,"id":"a83205a3_a3cf284c","line":58,"range":{"start_line":34,"start_character":0,"end_line":58,"end_character":0},"in_reply_to":"70f908b8_2a9ca17f","updated":"2021-07-08 13:40:48.000000000","message":"In my opinion this is more of a nitpick than a code review issue","commit_id":"d292289a8726526b6bfd8faae464717e0ecb4f85"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"6753436370eda87fe4eabc725821c3f28eaad93d","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"set -e"},{"line_number":4,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":14,"id":"3140d241_7ba00ca8","line":1,"updated":"2021-08-02 19:32:06.000000000","message":"why not one script for both functions?","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"6753436370eda87fe4eabc725821c3f28eaad93d","unresolved":true,"context_lines":[{"line_number":23,"context_line":"for certificate in $(kubectl get certificates -n ${namespace} --no-headers | awk \u0027{ print $1 }\u0027)"},{"line_number":24,"context_line":"do"},{"line_number":25,"context_line":"    echo \"Deleting secret: ${certificate} to renew certificate\""},{"line_number":26,"context_line":"    kubectl delete secret -n ${namespace} ${certificate}"},{"line_number":27,"context_line":"    secretsRotated+\u003d(${certificate})"},{"line_number":28,"context_line":"done"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":14,"id":"da570e2f_af422811","line":26,"range":{"start_line":26,"start_character":42,"end_line":26,"end_character":56},"updated":"2021-08-02 19:32:06.000000000","message":"you cannot assume that the secret name matches the certificate name","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"},{"author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"change_message_id":"6753436370eda87fe4eabc725821c3f28eaad93d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"    secretsRotated+\u003d(${certificate})"},{"line_number":28,"context_line":"done"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"# Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":31,"context_line":"echo \"Sleeping to give time for Certificates to be renewed\""},{"line_number":32,"context_line":"sleep 30"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"# Restart the resources that mount these certificates."},{"line_number":35,"context_line":"{{ tuple . | include \"cert-rotation.pod_restart\" }}"}],"source_content_type":"text/x-smarty","patch_set":14,"id":"e5109e2a_2c9d7e43","line":32,"range":{"start_line":30,"start_character":0,"end_line":32,"end_character":8},"updated":"2021-08-02 19:32:06.000000000","message":"please check for the recreation of secrets rather than an arbitrary wait.","commit_id":"9f9ee37e0b394efd697246a4d533d79c050907fa"}],"cert-rotation/templates/bin/_rotate-certs.sh.tpl":[{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"e5b33ea2c6e8a3802a9a59ce84dfc57563f5b14b","unresolved":true,"context_lines":[{"line_number":74,"context_line":"    # Restart pods"},{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"ea45767e_e7714c05","line":77,"updated":"2021-04-27 18:02:10.000000000","message":"This looks awfully dangerous deleting all the pods in a loop. If the cycle time is long, the service is guaranteed to be taken down by this cron job. The rotation should be a \"rolling upgrade\" to avoid service disruption.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"f3dfacf5984b0136e180a35c271a598c63709228","unresolved":true,"context_lines":[{"line_number":74,"context_line":"    # Restart pods"},{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"deb4712c_4efc1e5f","line":77,"in_reply_to":"ea45767e_e7714c05","updated":"2021-04-27 18:16:02.000000000","message":"++, the old certificate should still be good, so a rolling restart would be better here IMO to avoid any disruptions.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":18256,"name":"Hemachandra Reddy","email":"hemachandra.reddy@att.com","username":"hr858f"},"change_message_id":"9b32cf7c2ad34d2b1222ca3f4323265259dbb69c","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"},{"line_number":81,"context_line":"    echo \"Certificate rotation not needed in ${namespace} namespace, expiry in more than ${minDaysToExpiry} days.\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"c91f27a6_b9021605","line":78,"range":{"start_line":78,"start_character":8,"end_line":78,"end_character":49},"updated":"2021-04-27 15:25:30.000000000","message":"How are secrets mounted? If they are not mounted as volume subpath, pods need not be deleted.\nAlso, deleting pods may cause data loss for applications. And, in some cases, pods may need to be deleted in order.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"2e5716cc13c494b635db2da1c22d0fb2151868e9","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"},{"line_number":81,"context_line":"    echo \"Certificate rotation not needed in ${namespace} namespace, expiry in more than ${minDaysToExpiry} days.\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"7d3006c9_84eef015","line":78,"range":{"start_line":78,"start_character":8,"end_line":78,"end_character":49},"in_reply_to":"17a21bcd_6eb91caf","updated":"2021-04-27 17:28:58.000000000","message":"They are mounted as subpaths inside the containers. So the pod needs to be restarted.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":18256,"name":"Hemachandra Reddy","email":"hemachandra.reddy@att.com","username":"hr858f"},"change_message_id":"3c9d6e4e2aa52939bbae0d68b05625c801d6845a","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"},{"line_number":81,"context_line":"    echo \"Certificate rotation not needed in ${namespace} namespace, expiry in more than ${minDaysToExpiry} days.\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"17a21bcd_6eb91caf","line":78,"range":{"start_line":78,"start_character":8,"end_line":78,"end_character":49},"in_reply_to":"449fa3f0_843457ee","updated":"2021-04-27 15:51:08.000000000","message":"If they are just mounted as volumes, K8S takes care of refreshing the secret inside the pod.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"0929d18b77bde8c982cff6e4fb012e1972ec2b5b","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    for pod in ${podToRestart[@]}"},{"line_number":76,"context_line":"    do"},{"line_number":77,"context_line":"        echo \"Deleting pod: ${pod}\""},{"line_number":78,"context_line":"        kubectl delete pod -n ${namespace} ${pod}"},{"line_number":79,"context_line":"    done"},{"line_number":80,"context_line":"else"},{"line_number":81,"context_line":"    echo \"Certificate rotation not needed in ${namespace} namespace, expiry in more than ${minDaysToExpiry} days.\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"449fa3f0_843457ee","line":78,"range":{"start_line":78,"start_character":8,"end_line":78,"end_character":49},"in_reply_to":"c91f27a6_b9021605","updated":"2021-04-27 15:45:51.000000000","message":"All the secrets are mounted as volumes.\n\nIdeally, deleting pods should be idempotent and sequence is not required. It is not redeployment, it is just restarting the pods. Its like the pods restarting on regular basis. Yes, when rotating the certificates, there may be disruption in service, but that is expected. Running of cron can be configured/disabled based on the deployment requirements.","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"1afe56820c4288e7a571e946dd7035dc7fc03daf","unresolved":true,"context_lines":[{"line_number":48,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":49,"context_line":"    do"},{"line_number":50,"context_line":"        echo \"Deleting secret: ${secret}\""},{"line_number":51,"context_line":"        kubectl delete secret -n ${namespace} ${secret}"},{"line_number":52,"context_line":"    done"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"    # Restart the resources that mount these certificates."},{"line_number":55,"context_line":"    for kind in statefulset deployment daemonset"}],"source_content_type":"text/x-smarty","patch_set":4,"id":"ffc0efa2_3e854987","line":52,"range":{"start_line":51,"start_character":0,"end_line":52,"end_character":8},"updated":"2021-04-30 17:38:59.000000000","message":"Shouldn\u0027t the cert-manager clear the secrets when the certificate is reissued when the certificate owns the secret ref?","commit_id":"d4b9ecdffb64be729c2985f76f034bea990cf99e"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"c9a951dc29451b31cfc12e2a67589d875a785c5d","unresolved":true,"context_lines":[{"line_number":48,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":49,"context_line":"    do"},{"line_number":50,"context_line":"        echo \"Deleting secret: ${secret}\""},{"line_number":51,"context_line":"        kubectl delete secret -n ${namespace} ${secret}"},{"line_number":52,"context_line":"    done"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"    # Restart the resources that mount these certificates."},{"line_number":55,"context_line":"    for kind in statefulset deployment daemonset"}],"source_content_type":"text/x-smarty","patch_set":4,"id":"e2070b0e_ff8c674b","line":52,"range":{"start_line":51,"start_character":0,"end_line":52,"end_character":8},"in_reply_to":"ffc0efa2_3e854987","updated":"2021-04-30 19:14:00.000000000","message":"We are deleting the secret here and not the certificate (CRD). The secret contain tls.crt, tls.key and ca.crt. Once this secrete is delete, certificate (CRD) will recreate the secret with renewed tls.crt expiry. Certificate (CRD) once deleted is not recreated automatically.","commit_id":"d4b9ecdffb64be729c2985f76f034bea990cf99e"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"3a01acb96dc53943a881230ccde5adb50438d314","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check the expiry of certificates and make a list of secrtes that needs to be restarted."},{"line_number":28,"context_line":"for certificate in $(kubectl get certificates -n ${namespace} --no-headers | awk \u0027{ print $1 }\u0027)"},{"line_number":29,"context_line":"do"},{"line_number":30,"context_line":"    secretsToRotate+\u003d(${certificate})"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"    expiry\u003d$(date -d\"$(kubectl get certificate -n ${namespace} ${certificate} -o json | jq -r \u0027.status[\"notAfter\"]\u0027)\" \u0027+%s\u0027)"},{"line_number":33,"context_line":"    if [ ${rotateBefore} -gt ${expiry} ]"}],"source_content_type":"text/x-smarty","patch_set":5,"id":"af1b96c8_60894611","line":30,"range":{"start_line":30,"start_character":0,"end_line":30,"end_character":37},"updated":"2021-05-07 22:22:27.000000000","message":"should we only add the certificate to secretsToRotate when the rotate condition is true?","commit_id":"b4900b38b4176f612aeb8be0bc61323cf3611ff8"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"04ccb927445d31b93d88e6afbc65b55b7359cacc","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check the expiry of certificates and make a list of secrtes that needs to be restarted."},{"line_number":28,"context_line":"for certificate in $(kubectl get certificates -n ${namespace} --no-headers | awk \u0027{ print $1 }\u0027)"},{"line_number":29,"context_line":"do"},{"line_number":30,"context_line":"    secretsToRotate+\u003d(${certificate})"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"    expiry\u003d$(date -d\"$(kubectl get certificate -n ${namespace} ${certificate} -o json | jq -r \u0027.status[\"notAfter\"]\u0027)\" \u0027+%s\u0027)"},{"line_number":33,"context_line":"    if [ ${rotateBefore} -gt ${expiry} ]"}],"source_content_type":"text/x-smarty","patch_set":5,"id":"27db17a7_513d33d1","line":30,"range":{"start_line":30,"start_character":0,"end_line":30,"end_character":37},"in_reply_to":"af1b96c8_60894611","updated":"2021-05-08 01:02:30.000000000","message":"No. The logic is we need to create a list of all certificates so we can rotate them even if one cert has expired.","commit_id":"b4900b38b4176f612aeb8be0bc61323cf3611ff8"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"3a01acb96dc53943a881230ccde5adb50438d314","unresolved":true,"context_lines":[{"line_number":46,"context_line":"then"},{"line_number":47,"context_line":"    echo \"Rotating certificates in ${namespace} namespace\""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"    # Rotate secrtes"},{"line_number":50,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":51,"context_line":"    do"},{"line_number":52,"context_line":"        echo \"Deleting secret: ${secret}\""}],"source_content_type":"text/x-smarty","patch_set":5,"id":"5eb7c74e_d831b52f","line":49,"range":{"start_line":49,"start_character":13,"end_line":49,"end_character":20},"updated":"2021-05-07 22:22:27.000000000","message":"typo","commit_id":"b4900b38b4176f612aeb8be0bc61323cf3611ff8"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"7d566060c1636f21cdc53e251ecfcd7921fed766","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"{{/*"},{"line_number":6,"context_line":"Licensed under the Apache License, Version 2.0 (the \"License\");"},{"line_number":7,"context_line":"you may not use this file except in compliance with the License."},{"line_number":8,"context_line":"You may obtain a copy of the License at"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"   http://www.apache.org/licenses/LICENSE-2.0"}],"source_content_type":"text/x-smarty","patch_set":6,"id":"84348552_48308231","line":7,"updated":"2021-05-11 14:14:58.000000000","message":"should all this logic consider renewBefore by the cert-manager? specifically this is rotating things in a different schedule from what the cert manager will rotate its own cert cert.\n\n   spec:\n     # Secret names are always required.\n     secretName: example-com-tls\n     duration: 2160h # 90d\n     renewBefore: 360h # 15d","commit_id":"3e595e0577d0fd5c291cb77d967091144206a3b8"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"526faa712bb228abe54b410b27744a96440f6645","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"{{/*"},{"line_number":6,"context_line":"Licensed under the Apache License, Version 2.0 (the \"License\");"},{"line_number":7,"context_line":"you may not use this file except in compliance with the License."},{"line_number":8,"context_line":"You may obtain a copy of the License at"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"   http://www.apache.org/licenses/LICENSE-2.0"}],"source_content_type":"text/x-smarty","patch_set":6,"id":"42b92f25_a039e451","line":7,"in_reply_to":"35327e78_30fcf81e","updated":"2021-05-11 16:35:53.000000000","message":".status.renewalTime is based on .spec.renewBefore in Certifcates. The default value is 15 days. cert-manager automatically renews certificate before expiry and updates the Certificate and Secret resources without restarting them.\n\nThe value of date corresponding to rotateBefore (in this script) has to be less than .status.renewalTime else this cron job will never rotate the certificates and restart the pods (for new certificates to take effect) because the certs would have automatically been rotated by the cert-manager and the comparison on line 33 will never be true.\n\nEven if we just go by .status.renewalTime or .spec.renewBefore (and not take rotateBefore as input as config) and let cert-manager automatically renew the certs, we still need to restart the pods so that the new certificates can take effect. For this, .status.lastTransitionTime of Certificate can be compared with the .status.lastScheduleTime of this cron job and if later is less, than restarts the pods. Here secrets do not need to be deleted to get renewed. But issue here if a pods restarts after the cert was renewed but before the cron was run, the pods will mount the new certs. In this case, there may be a mis-match of certs on this pods and on old pods and SSL handshake can fail. \n\nSo I think the safest bet would be to go with rotateBefore and have it set greater than .spec.renewBefore or 15 days when configuring.","commit_id":"3e595e0577d0fd5c291cb77d967091144206a3b8"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"f84ec13ceb75495aa37d4b3373f08d379bdc82f4","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"{{/*"},{"line_number":6,"context_line":"Licensed under the Apache License, Version 2.0 (the \"License\");"},{"line_number":7,"context_line":"you may not use this file except in compliance with the License."},{"line_number":8,"context_line":"You may obtain a copy of the License at"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"   http://www.apache.org/licenses/LICENSE-2.0"}],"source_content_type":"text/x-smarty","patch_set":6,"id":"35327e78_30fcf81e","line":7,"in_reply_to":"84348552_48308231","updated":"2021-05-11 14:46:13.000000000","message":"renewBefore field is set by default in all regular certificates but not in ingress certificates. So may not be a good idea on relying on this field.","commit_id":"3e595e0577d0fd5c291cb77d967091144206a3b8"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"0bb5212efbf6af748f97f87714ef3b0ea493c714","unresolved":true,"context_lines":[{"line_number":64,"context_line":"then"},{"line_number":65,"context_line":"    echo \"Rotating certificates in ${namespace} namespace\""},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"    # Rotate secrets"},{"line_number":68,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":69,"context_line":"    do"},{"line_number":70,"context_line":"        echo \"Deleting secret: ${secret}\""},{"line_number":71,"context_line":"        kubectl delete secret -n ${namespace} ${secret}"},{"line_number":72,"context_line":"    done"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    # Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":75,"context_line":"    echo \"Sleeping to give time for Certificates to be rotated.\""}],"source_content_type":"text/x-smarty","patch_set":7,"id":"05bfae46_1ce552a0","line":72,"range":{"start_line":67,"start_character":0,"end_line":72,"end_character":8},"updated":"2021-06-18 17:14:50.000000000","message":"Is the logic needed to differentiate whether certificates have been rotated by cert-manager, and not deleting the secrets for those? or the secrets need to be deleted regardless?","commit_id":"21290254a5f9370e8342553a172849a0b7f41ad5"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"50d52284e3aab7b4eaf7edd3cd839fec5c5e1d19","unresolved":true,"context_lines":[{"line_number":64,"context_line":"then"},{"line_number":65,"context_line":"    echo \"Rotating certificates in ${namespace} namespace\""},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"    # Rotate secrets"},{"line_number":68,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":69,"context_line":"    do"},{"line_number":70,"context_line":"        echo \"Deleting secret: ${secret}\""},{"line_number":71,"context_line":"        kubectl delete secret -n ${namespace} ${secret}"},{"line_number":72,"context_line":"    done"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    # Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":75,"context_line":"    echo \"Sleeping to give time for Certificates to be rotated.\""}],"source_content_type":"text/x-smarty","patch_set":7,"id":"0e4e55da_8e7b1819","line":72,"range":{"start_line":67,"start_character":0,"end_line":72,"end_character":8},"in_reply_to":"05bfae46_1ce552a0","updated":"2021-06-18 18:13:24.000000000","message":"That logic is in line 51-53 in which case only pods are rotated and not cert/secrets.","commit_id":"21290254a5f9370e8342553a172849a0b7f41ad5"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"7011976ab308203b247596064b6e2a37e708bdd9","unresolved":true,"context_lines":[{"line_number":64,"context_line":"then"},{"line_number":65,"context_line":"    echo \"Rotating certificates in ${namespace} namespace\""},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"    # Rotate secrets"},{"line_number":68,"context_line":"    for secret in ${secretsToRotate[@]}"},{"line_number":69,"context_line":"    do"},{"line_number":70,"context_line":"        echo \"Deleting secret: ${secret}\""},{"line_number":71,"context_line":"        kubectl delete secret -n ${namespace} ${secret}"},{"line_number":72,"context_line":"    done"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    # Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":75,"context_line":"    echo \"Sleeping to give time for Certificates to be rotated.\""}],"source_content_type":"text/x-smarty","patch_set":7,"id":"e9f20499_c05fa275","line":72,"range":{"start_line":67,"start_character":0,"end_line":72,"end_character":8},"in_reply_to":"0e4e55da_8e7b1819","updated":"2021-06-18 20:23:58.000000000","message":"secretsToRotate is being used for both cases. When rotateSecrets is true, is it guaranteed that secretToRotate will not have any cert/secrets which are added by logic in line 51-53? It\u0027s not clear these cases are mutually exclusive within the same loop on 37.","commit_id":"21290254a5f9370e8342553a172849a0b7f41ad5"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"cfee8089a4990e98a3848680f71bcc293b57f58c","unresolved":true,"context_lines":[{"line_number":39,"context_line":"    notAfter\u003d$(date -d\"${expiry[1]}\" \u0027+%s\u0027)"},{"line_number":40,"context_line":"    if [ ${rotateBefore} -gt ${notAfter} ]"},{"line_number":41,"context_line":"    then"},{"line_number":42,"context_line":"        # cert-manager has not yet rotated the certificates and it is past rotateBefore days."},{"line_number":43,"context_line":"        # Rotate the certificates/secrets and restart the pods."},{"line_number":44,"context_line":"        secretsToRotate+\u003d(${certificate})"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"        echo \"Deleting secret: ${certificate}\""}],"source_content_type":"text/x-smarty","patch_set":9,"id":"dba4e1b0_9b6a8636","line":43,"range":{"start_line":42,"start_character":27,"end_line":43,"end_character":63},"updated":"2021-06-21 23:00:16.000000000","message":"not an expert issue, but is it \"normal\" that the cert-manager would not have rotated the certs past is rotateBefore days?   Is this just kind of like a fail-safe?  Should we fully expect cert-manager to do its job mostly?","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"93501e6344db4fdcb7886236d4b4913e1fdf4f19","unresolved":true,"context_lines":[{"line_number":39,"context_line":"    notAfter\u003d$(date -d\"${expiry[1]}\" \u0027+%s\u0027)"},{"line_number":40,"context_line":"    if [ ${rotateBefore} -gt ${notAfter} ]"},{"line_number":41,"context_line":"    then"},{"line_number":42,"context_line":"        # cert-manager has not yet rotated the certificates and it is past rotateBefore days."},{"line_number":43,"context_line":"        # Rotate the certificates/secrets and restart the pods."},{"line_number":44,"context_line":"        secretsToRotate+\u003d(${certificate})"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"        echo \"Deleting secret: ${certificate}\""}],"source_content_type":"text/x-smarty","patch_set":9,"id":"9a1b3bbc_61a1c0f3","line":43,"range":{"start_line":42,"start_character":27,"end_line":43,"end_character":63},"in_reply_to":"dba4e1b0_9b6a8636","updated":"2021-06-22 12:41:16.000000000","message":"rotateBefore is number of days before the expiry that a user wants certificates to be rotated. Whenever the certificates are rotated, values of keys notAfter and notBefore in the certificate is updated. Once the certs are rotated due to if on line 40, notAfter would have changed so the cert-maanger will not rotate the certificate.","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"cfee8089a4990e98a3848680f71bcc293b57f58c","unresolved":true,"context_lines":[{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    elif [[ ${lastCronTimeSec} !\u003d 0 \u0026\u0026 ${notBefore} -gt ${lastCronTimeSec} ]]"},{"line_number":51,"context_line":"    then"},{"line_number":52,"context_line":"        # cert-manager has rotated the certifiactes, need to restart the pods"},{"line_number":53,"context_line":"        secretsToRotate+\u003d(${certificate})"},{"line_number":54,"context_line":"    fi"},{"line_number":55,"context_line":"done"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":9,"id":"e5ac3674_e69a34be","line":53,"range":{"start_line":52,"start_character":25,"end_line":53,"end_character":30},"updated":"2021-06-21 23:00:16.000000000","message":"is there a need to check if \"--enable-certificate-owner-ref\" is enabled?  would the script need to handle deleting of secrets otherwise?","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"93501e6344db4fdcb7886236d4b4913e1fdf4f19","unresolved":true,"context_lines":[{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    elif [[ ${lastCronTimeSec} !\u003d 0 \u0026\u0026 ${notBefore} -gt ${lastCronTimeSec} ]]"},{"line_number":51,"context_line":"    then"},{"line_number":52,"context_line":"        # cert-manager has rotated the certifiactes, need to restart the pods"},{"line_number":53,"context_line":"        secretsToRotate+\u003d(${certificate})"},{"line_number":54,"context_line":"    fi"},{"line_number":55,"context_line":"done"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":9,"id":"1c9c12e7_0f88abb5","line":53,"range":{"start_line":52,"start_character":25,"end_line":53,"end_character":30},"in_reply_to":"e5ac3674_e69a34be","updated":"2021-06-22 12:41:16.000000000","message":"From cert-manager documentation \"If you would prefer the Secret to be deleted automatically when the Certificate is deleted, you need to configure your installation to pass the --enable-certificate-owner-ref flag to the controller.\"\nCert-manager creates 2 resources certificate and secret. Certificate has all the information about the certificate and secret has CA, cert and key. When cert-manager rotates the certificates, it updates the cert in the secret and certificate is not deleted and hence the secret is not deleted. Note in line 47, we are deleting secret and not certificate. Once the secret is deleted cert-maanger creates a new secret with new cert automatically.","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"cfee8089a4990e98a3848680f71bcc293b57f58c","unresolved":true,"context_lines":[{"line_number":59,"context_line":"    echo \"No certificate rotation needed in ${namespace} namespace.\""},{"line_number":60,"context_line":"    exit 0"},{"line_number":61,"context_line":"else"},{"line_number":62,"context_line":"    if ${secretRotated}"},{"line_number":63,"context_line":"    then"},{"line_number":64,"context_line":"        # Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":65,"context_line":"        echo \"Sleeping to give time for Certificates to be rotated.\""},{"line_number":66,"context_line":"        sleep 30"},{"line_number":67,"context_line":"    fi"},{"line_number":68,"context_line":"    # Restart the resources that mount these certificates."},{"line_number":69,"context_line":"    for kind in statefulset deployment daemonset"},{"line_number":70,"context_line":"    do"}],"source_content_type":"text/x-smarty","patch_set":9,"id":"3c40bb1f_0ae5da44","line":67,"range":{"start_line":62,"start_character":7,"end_line":67,"end_character":6},"updated":"2021-06-21 23:00:16.000000000","message":"vs just go ahead and sleep 30s just in case?  is there any harm?","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"93501e6344db4fdcb7886236d4b4913e1fdf4f19","unresolved":true,"context_lines":[{"line_number":59,"context_line":"    echo \"No certificate rotation needed in ${namespace} namespace.\""},{"line_number":60,"context_line":"    exit 0"},{"line_number":61,"context_line":"else"},{"line_number":62,"context_line":"    if ${secretRotated}"},{"line_number":63,"context_line":"    then"},{"line_number":64,"context_line":"        # Sleep for 30 seconds to make sure all the secrets have been re-created"},{"line_number":65,"context_line":"        echo \"Sleeping to give time for Certificates to be rotated.\""},{"line_number":66,"context_line":"        sleep 30"},{"line_number":67,"context_line":"    fi"},{"line_number":68,"context_line":"    # Restart the resources that mount these certificates."},{"line_number":69,"context_line":"    for kind in statefulset deployment daemonset"},{"line_number":70,"context_line":"    do"}],"source_content_type":"text/x-smarty","patch_set":9,"id":"566ad49c_f1a53c4f","line":67,"range":{"start_line":62,"start_character":7,"end_line":67,"end_character":6},"in_reply_to":"3c40bb1f_0ae5da44","updated":"2021-06-22 12:41:16.000000000","message":"Yes we can, but what\u0027s the point of sleeping if the secrets were never deleted, so what are we really sleeping for?","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"6060fd498f5b80acc1910b259c4748c509a58a69","unresolved":true,"context_lines":[{"line_number":23,"context_line":"minDaysToExpiry\u003d{{ .Values.jobs.rotate.max_days_to_expiry }}"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"rotateBefore\u003d$(($(date +%s) + (86400*$minDaysToExpiry)))"},{"line_number":26,"context_line":"secretsRotated\u003d()"},{"line_number":27,"context_line":"deleteAllSecrets\u003dfalse"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"# Return Code, initialized to success"},{"line_number":30,"context_line":"rc\u003d0"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"8b17a0a8_c6ebd2a0","line":27,"range":{"start_line":26,"start_character":0,"end_line":27,"end_character":22},"updated":"2021-08-04 14:12:52.000000000","message":"Consider avoid using global vars if feasible i.e. deleteAllSecrets could be passed as parm true/false to the function, list could be returned by function....","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"47bad1a3a19575e0c6d9b48c7a568490735bd124","unresolved":true,"context_lines":[{"line_number":23,"context_line":"minDaysToExpiry\u003d{{ .Values.jobs.rotate.max_days_to_expiry }}"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"rotateBefore\u003d$(($(date +%s) + (86400*$minDaysToExpiry)))"},{"line_number":26,"context_line":"secretsRotated\u003d()"},{"line_number":27,"context_line":"deleteAllSecrets\u003dfalse"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"# Return Code, initialized to success"},{"line_number":30,"context_line":"rc\u003d0"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"3b4c3754_87d6f036","line":27,"range":{"start_line":26,"start_character":0,"end_line":27,"end_character":22},"in_reply_to":"21d667c3_7d93aec2","updated":"2021-08-04 17:21:07.000000000","message":"Correction, In bash script data structures can not be returned, hence the global are defined.","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"3299d73f275bf2a276ad46f664a61c445b690f0f","unresolved":true,"context_lines":[{"line_number":23,"context_line":"minDaysToExpiry\u003d{{ .Values.jobs.rotate.max_days_to_expiry }}"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"rotateBefore\u003d$(($(date +%s) + (86400*$minDaysToExpiry)))"},{"line_number":26,"context_line":"secretsRotated\u003d()"},{"line_number":27,"context_line":"deleteAllSecrets\u003dfalse"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"# Return Code, initialized to success"},{"line_number":30,"context_line":"rc\u003d0"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"21d667c3_7d93aec2","line":27,"range":{"start_line":26,"start_character":0,"end_line":27,"end_character":22},"in_reply_to":"8b17a0a8_c6ebd2a0","updated":"2021-08-04 16:15:46.000000000","message":"In bash script you can not pass the data structures as function parameters hence the global are defined.","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"6060fd498f5b80acc1910b259c4748c509a58a69","unresolved":true,"context_lines":[{"line_number":59,"context_line":"        for cert in ${certRotated[@]}"},{"line_number":60,"context_line":"        do"},{"line_number":61,"context_line":"            counter\u003d0"},{"line_number":62,"context_line":"            while [ \"$(kubectl get cert -n ${namespace} ${cert} -o json | jq -r \u0027.status.conditions[].status\u0027)\" !\u003d \"True\" ]"},{"line_number":63,"context_line":"            do"},{"line_number":64,"context_line":"                # Wait for secret to become ready. Wait for 300 seconds maximum. Sleep for 10 seconds"},{"line_number":65,"context_line":"                if [ ${counter} -ge 30 ]"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"949aa2af_d21f1283","line":62,"range":{"start_line":62,"start_character":35,"end_line":62,"end_character":40},"updated":"2021-08-04 14:12:52.000000000","message":"NIP: be consistent whether to use shortname to retrieve the resources.","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"6060fd498f5b80acc1910b259c4748c509a58a69","unresolved":true,"context_lines":[{"line_number":64,"context_line":"                # Wait for secret to become ready. Wait for 300 seconds maximum. Sleep for 10 seconds"},{"line_number":65,"context_line":"                if [ ${counter} -ge 30 ]"},{"line_number":66,"context_line":"                then"},{"line_number":67,"context_line":"                    echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":68,"context_line":"                    # Set return code to error and continue so that the certificates that are"},{"line_number":69,"context_line":"                    # rotated successfully are deployed."},{"line_number":70,"context_line":"                    rc\u003d1"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"945cf84c_72a025e2","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":92},"updated":"2021-08-04 14:12:52.000000000","message":"If the execution continues, perhaps flagging it as WARNING, instead or ERROR.","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"3299d73f275bf2a276ad46f664a61c445b690f0f","unresolved":true,"context_lines":[{"line_number":64,"context_line":"                # Wait for secret to become ready. Wait for 300 seconds maximum. Sleep for 10 seconds"},{"line_number":65,"context_line":"                if [ ${counter} -ge 30 ]"},{"line_number":66,"context_line":"                then"},{"line_number":67,"context_line":"                    echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":68,"context_line":"                    # Set return code to error and continue so that the certificates that are"},{"line_number":69,"context_line":"                    # rotated successfully are deployed."},{"line_number":70,"context_line":"                    rc\u003d1"}],"source_content_type":"text/x-smarty","patch_set":17,"id":"07a967f5_7ecfc9b6","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":92},"in_reply_to":"945cf84c_72a025e2","updated":"2021-08-04 16:15:46.000000000","message":"I want it as error because this is an error for the cert that is not rotated and may be in a bad state. It is for the other secrets that were successfully rotated the process needs to continue.","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"6060fd498f5b80acc1910b259c4748c509a58a69","unresolved":true,"context_lines":[{"line_number":158,"context_line":"    # Rotate cronjob invoked this script."},{"line_number":159,"context_line":"    # 1. If the expiry date of certificates is within the max_days_to_expiry days"},{"line_number":160,"context_line":"    #    the rotate the certificates and restart the pods"},{"line_number":161,"context_line":"    # 2. Else if the certificates were rotated by cert-maanger, then restar"},{"line_number":162,"context_line":"    #    the pods."},{"line_number":163,"context_line":"    rotate_and_get_certs_list"},{"line_number":164,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":17,"id":"3255a689_ae005b93","line":161,"range":{"start_line":161,"start_character":50,"end_line":161,"end_character":75},"updated":"2021-08-04 14:12:52.000000000","message":"typo","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"3299d73f275bf2a276ad46f664a61c445b690f0f","unresolved":true,"context_lines":[{"line_number":158,"context_line":"    # Rotate cronjob invoked this script."},{"line_number":159,"context_line":"    # 1. If the expiry date of certificates is within the max_days_to_expiry days"},{"line_number":160,"context_line":"    #    the rotate the certificates and restart the pods"},{"line_number":161,"context_line":"    # 2. Else if the certificates were rotated by cert-maanger, then restar"},{"line_number":162,"context_line":"    #    the pods."},{"line_number":163,"context_line":"    rotate_and_get_certs_list"},{"line_number":164,"context_line":""}],"source_content_type":"text/x-smarty","patch_set":17,"id":"9dff8eca_f98d44f3","line":161,"range":{"start_line":161,"start_character":50,"end_line":161,"end_character":75},"in_reply_to":"3255a689_ae005b93","updated":"2021-08-04 16:15:46.000000000","message":"Noted and will be updated in next PS","commit_id":"4bfe83ed73be59ea12a45b63cfa0576afe116909"}],"cert-rotation/templates/cron-job-cert-rotate.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"82ba0994dbcbb5855d86eb69091c147cabe75649","unresolved":true,"context_lines":[{"line_number":88,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 12 }}"},{"line_number":89,"context_line":"        spec:"},{"line_number":90,"context_line":"          serviceAccountName: {{ $serviceAccountName }}"},{"line_number":91,"context_line":"{{ dict \"envAll\" $envAll \"application\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_pod_security_context\" | indent 10 }}"},{"line_number":92,"context_line":"          restartPolicy: OnFailure"},{"line_number":93,"context_line":"          nodeSelector:"},{"line_number":94,"context_line":"            {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"ef43345d_133ef312","line":91,"range":{"start_line":91,"start_character":40,"end_line":91,"end_character":51},"updated":"2021-08-05 14:06:58.000000000","message":"should be \"cert_rotate\", needs to match this:\n\n    pod:\n      security_context:\n        cert_rotate:","commit_id":"6984f2e7bca18e8587f7f04da2cb92a1594e2fd4"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"92be62086ce601f15f9488e4bd14cc0252cd891c","unresolved":false,"context_lines":[{"line_number":88,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 12 }}"},{"line_number":89,"context_line":"        spec:"},{"line_number":90,"context_line":"          serviceAccountName: {{ $serviceAccountName }}"},{"line_number":91,"context_line":"{{ dict \"envAll\" $envAll \"application\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_pod_security_context\" | indent 10 }}"},{"line_number":92,"context_line":"          restartPolicy: OnFailure"},{"line_number":93,"context_line":"          nodeSelector:"},{"line_number":94,"context_line":"            {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"64ca7f00_72add496","line":91,"range":{"start_line":91,"start_character":40,"end_line":91,"end_character":51},"in_reply_to":"ef43345d_133ef312","updated":"2021-08-05 14:29:55.000000000","message":"Done","commit_id":"6984f2e7bca18e8587f7f04da2cb92a1594e2fd4"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"15c36f77d9624f0e1b46e4684106b7937f71781f","unresolved":true,"context_lines":[{"line_number":69,"context_line":"    {{ tuple $envAll | include \"helm-toolkit.snippets.release_uuid\" }}"},{"line_number":70,"context_line":"  labels:"},{"line_number":71,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate-cron\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":72,"context_line":"spec:"},{"line_number":73,"context_line":"  schedule: {{ .Values.jobs.rotate.cron | quote }}"},{"line_number":74,"context_line":"  successfulJobsHistoryLimit: {{ .Values.jobs.rotate.history.success }}"},{"line_number":75,"context_line":"  failedJobsHistoryLimit: {{ .Values.jobs.rotate.history.failed }}"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"67cffc1f_acda8a0c","line":72,"range":{"start_line":72,"start_character":0,"end_line":72,"end_character":1},"updated":"2021-08-05 15:08:50.000000000","message":"can we add a toggle here to optionally suspend the job?\n\n    spec:\n      suspend: {{ .Values.job.rotate.suspend }}","commit_id":"8b8b21d17cc533d29966bb6257b14f357344789e"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"09b2d42968a8ab6d415e5475dac6a960f91a50e8","unresolved":false,"context_lines":[{"line_number":69,"context_line":"    {{ tuple $envAll | include \"helm-toolkit.snippets.release_uuid\" }}"},{"line_number":70,"context_line":"  labels:"},{"line_number":71,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate-cron\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":72,"context_line":"spec:"},{"line_number":73,"context_line":"  schedule: {{ .Values.jobs.rotate.cron | quote }}"},{"line_number":74,"context_line":"  successfulJobsHistoryLimit: {{ .Values.jobs.rotate.history.success }}"},{"line_number":75,"context_line":"  failedJobsHistoryLimit: {{ .Values.jobs.rotate.history.failed }}"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"0cf329cd_2150b560","line":72,"range":{"start_line":72,"start_character":0,"end_line":72,"end_character":1},"in_reply_to":"67cffc1f_acda8a0c","updated":"2021-08-05 16:15:22.000000000","message":"Done","commit_id":"8b8b21d17cc533d29966bb6257b14f357344789e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"617b01f9482040b5b4dce5903313da3bded6cb50","unresolved":true,"context_lines":[{"line_number":70,"context_line":"  labels:"},{"line_number":71,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate-cron\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":72,"context_line":"spec:"},{"line_number":73,"context_line":"  suspend: {{ .Values.job.rotate.suspend }}"},{"line_number":74,"context_line":"  schedule: {{ .Values.jobs.rotate.cron | quote }}"},{"line_number":75,"context_line":"  successfulJobsHistoryLimit: {{ .Values.jobs.rotate.history.success }}"},{"line_number":76,"context_line":"  failedJobsHistoryLimit: {{ .Values.jobs.rotate.history.failed }}"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"1eb1ba83_bdf118d8","line":73,"range":{"start_line":73,"start_character":22,"end_line":73,"end_character":25},"updated":"2021-08-05 17:29:49.000000000","message":"sorry, typo in my suggestion. should be \"jobs\"","commit_id":"9c0b464e4ce6561695faf8a85171953b19e31f73"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"73e540e0e36966b76cd5f0ab8c2bb878c66f85f3","unresolved":false,"context_lines":[{"line_number":70,"context_line":"  labels:"},{"line_number":71,"context_line":"{{ tuple $envAll \"cert-manager\" \"cert-rotate-cron\" | include \"helm-toolkit.snippets.kubernetes_metadata_labels\" | indent 4 }}"},{"line_number":72,"context_line":"spec:"},{"line_number":73,"context_line":"  suspend: {{ .Values.job.rotate.suspend }}"},{"line_number":74,"context_line":"  schedule: {{ .Values.jobs.rotate.cron | quote }}"},{"line_number":75,"context_line":"  successfulJobsHistoryLimit: {{ .Values.jobs.rotate.history.success }}"},{"line_number":76,"context_line":"  failedJobsHistoryLimit: {{ .Values.jobs.rotate.history.failed }}"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"d51a90a8_d6ca15a0","line":73,"range":{"start_line":73,"start_character":22,"end_line":73,"end_character":25},"in_reply_to":"1eb1ba83_bdf118d8","updated":"2021-08-05 17:46:43.000000000","message":"Done","commit_id":"9c0b464e4ce6561695faf8a85171953b19e31f73"}],"cert-rotation/templates/job-cert-rotate.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"82ba0994dbcbb5855d86eb69091c147cabe75649","unresolved":true,"context_lines":[{"line_number":76,"context_line":"{{ tuple $envAll | include \"helm-toolkit.snippets.release_uuid\" | indent 8 }}"},{"line_number":77,"context_line":"    spec:"},{"line_number":78,"context_line":"      serviceAccountName: {{ $serviceAccountName }}"},{"line_number":79,"context_line":"{{ dict \"envAll\" $envAll \"application\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_pod_security_context\" | indent 6 }}"},{"line_number":80,"context_line":"      restartPolicy: OnFailure"},{"line_number":81,"context_line":"      nodeSelector:"},{"line_number":82,"context_line":"        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"f464ac3c_e1f42096","line":79,"range":{"start_line":79,"start_character":40,"end_line":79,"end_character":51},"updated":"2021-08-05 14:06:58.000000000","message":"should be \"cert_rotate\", needs to match this:\n\n    pod:\n      security_context:\n        cert_rotate:","commit_id":"6984f2e7bca18e8587f7f04da2cb92a1594e2fd4"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"92be62086ce601f15f9488e4bd14cc0252cd891c","unresolved":false,"context_lines":[{"line_number":76,"context_line":"{{ tuple $envAll | include \"helm-toolkit.snippets.release_uuid\" | indent 8 }}"},{"line_number":77,"context_line":"    spec:"},{"line_number":78,"context_line":"      serviceAccountName: {{ $serviceAccountName }}"},{"line_number":79,"context_line":"{{ dict \"envAll\" $envAll \"application\" \"cert-rotate\" | include \"helm-toolkit.snippets.kubernetes_pod_security_context\" | indent 6 }}"},{"line_number":80,"context_line":"      restartPolicy: OnFailure"},{"line_number":81,"context_line":"      nodeSelector:"},{"line_number":82,"context_line":"        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"74e886a5_e50c8527","line":79,"range":{"start_line":79,"start_character":40,"end_line":79,"end_character":51},"in_reply_to":"f464ac3c_e1f42096","updated":"2021-08-05 14:29:55.000000000","message":"Done","commit_id":"6984f2e7bca18e8587f7f04da2cb92a1594e2fd4"}],"cert-rotation/values.yaml":[{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"3560485a1943b742c297a081aec6b3efaab8b8e6","unresolved":true,"context_lines":[{"line_number":23,"context_line":"    node_selector_value: enabled"},{"line_number":24,"context_line":"jobs:"},{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"386f47a1_fa769745","line":27,"range":{"start_line":26,"start_character":0,"end_line":27,"end_character":21},"updated":"2021-06-21 21:31:50.000000000","message":"I am not sure about having this run monthly by default. I am curious if people will make sure to override this, otherwise they may notice all their infrastructure fall apart at 2am when the month ticks over and someone will get a late night phone call.","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"93501e6344db4fdcb7886236d4b4913e1fdf4f19","unresolved":true,"context_lines":[{"line_number":23,"context_line":"    node_selector_value: enabled"},{"line_number":24,"context_line":"jobs:"},{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"ad00a849_be414b84","line":27,"range":{"start_line":26,"start_character":0,"end_line":27,"end_character":21},"in_reply_to":"386f47a1_fa769745","updated":"2021-06-22 12:41:16.000000000","message":"But default value of max_days_to_expiry: 60 which means if the cron job run within 60days of expiry (which it will as by default run every 30 days), the certificates will be rotated. So the certificates will not expire.","commit_id":"ff72c3ad2bc1d6e10ba5c77f097b617572bddc08"},{"author":{"_account_id":33519,"name":"Tin Lam","email":"tinlam@outlook.com","username":"tlam"},"change_message_id":"42b17ca8f3edb20146dac868558f1d5ecc9e74cf","unresolved":true,"context_lines":[{"line_number":21,"context_line":"  job:"},{"line_number":22,"context_line":"    node_selector_key: openstack-control-plane"},{"line_number":23,"context_line":"    node_selector_value: enabled"},{"line_number":24,"context_line":"jobs:"},{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"},{"line_number":31,"context_line":"      failed: 1"},{"line_number":32,"context_line":"    # Number of day before expiry should certs be rotated."},{"line_number":33,"context_line":"    max_days_to_expiry: 15"},{"line_number":34,"context_line":"pod:"},{"line_number":35,"context_line":"  security_context:"},{"line_number":36,"context_line":"    cert_rotate:"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"c42f176c_47c3d4d1","line":33,"range":{"start_line":24,"start_character":0,"end_line":33,"end_character":26},"updated":"2021-07-12 14:40:52.000000000","message":"Can you explain what happens if a certificate expires on the 17th of a month? On the first of month - it is \u003e max_days_to_expiry so it is not rotated, but it won\u0027t be rotated until next month and the certs are not valid between 17th and the start of the month. Is that an accurate assessment with this default setting?","commit_id":"d292289a8726526b6bfd8faae464717e0ecb4f85"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"5916c87c8503f41ce2859f30f47e9650a8dbf901","unresolved":true,"context_lines":[{"line_number":21,"context_line":"  job:"},{"line_number":22,"context_line":"    node_selector_key: openstack-control-plane"},{"line_number":23,"context_line":"    node_selector_value: enabled"},{"line_number":24,"context_line":"jobs:"},{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"},{"line_number":31,"context_line":"      failed: 1"},{"line_number":32,"context_line":"    # Number of day before expiry should certs be rotated."},{"line_number":33,"context_line":"    max_days_to_expiry: 15"},{"line_number":34,"context_line":"pod:"},{"line_number":35,"context_line":"  security_context:"},{"line_number":36,"context_line":"    cert_rotate:"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"e8b24ee7_127f8caf","line":33,"range":{"start_line":24,"start_character":0,"end_line":33,"end_character":26},"in_reply_to":"c42f176c_47c3d4d1","updated":"2021-07-27 19:01:51.000000000","message":"Yes. So when the certs expires on 17th, the cert-manager will automatically rotate the certs, but the pods would have not restarted hence new certificates would have not come into affect. So yes in this time, the certs that are mounted on the pods would have expired. max_days_to_expiry should be 60 as I originally had or 45. \nWhen the cron-job run next on the 1st of the month, it identifies certs have been rotated and will restart the pods.","commit_id":"d292289a8726526b6bfd8faae464717e0ecb4f85"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"15c36f77d9624f0e1b46e4684106b7937f71781f","unresolved":true,"context_lines":[{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"},{"line_number":31,"context_line":"      failed: 1"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"2cd96358_5c7a14cd","line":28,"updated":"2021-08-05 15:08:50.000000000","message":"consider adding something like this .. it might be nice to create the job as a \"template\" and later run `kubectl create job --from cronjob/cert-rotate`\n\n    jobs:\n      rotate:\n        suspend: false","commit_id":"8b8b21d17cc533d29966bb6257b14f357344789e"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"09b2d42968a8ab6d415e5475dac6a960f91a50e8","unresolved":false,"context_lines":[{"line_number":25,"context_line":"  rotate:"},{"line_number":26,"context_line":"    # Run at 1:00AM on 1st of each month"},{"line_number":27,"context_line":"    cron: \"0 1 1 * *\""},{"line_number":28,"context_line":"    starting_deadline: 600"},{"line_number":29,"context_line":"    history:"},{"line_number":30,"context_line":"      success: 3"},{"line_number":31,"context_line":"      failed: 1"}],"source_content_type":"text/x-yaml","patch_set":19,"id":"c5da91ed_ef2d1de0","line":28,"in_reply_to":"2cd96358_5c7a14cd","updated":"2021-08-05 16:15:22.000000000","message":"Done","commit_id":"8b8b21d17cc533d29966bb6257b14f357344789e"}],"releasenotes/notes/cert-rotation.yaml":[{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"f3dfacf5984b0136e180a35c271a598c63709228","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"falco:"},{"line_number":3,"context_line":"  - 0.1.0 Initial Chart"},{"line_number":4,"context_line":"..."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"0d4b60a4_276b299f","line":2,"range":{"start_line":2,"start_character":0,"end_line":2,"end_character":5},"updated":"2021-04-27 18:16:02.000000000","message":"need to update the name here","commit_id":"d97347cbe17d7d897c5b3e4069b430ca58e24031"}]}