Support automatic certificate rotation for KES tls secrets

[cyvcloud]

Is your feature request related to a problem? Please describe.
We configure our k8s controller manager in a way to only create short lived certificates (using --cluster-signing-duration=96h0m0s). Additionally we use the Minio operator to deploy Minio tenants in combination with KES. We would like to use the auto certificate generation of the operator but this means that after 4 days we have to manually delete the KES tls secret for it to be regenerated by the operator. Otherwise trying to login to the console fails with an error message informing us that the KES service certificate has expired.

Describe the solution you'd like
The operator should rotate the KES certificate and restart the KES pods a certain amount of time before the KES tls certificates expire.

Describe alternatives you've considered
We are currently investigating the use of cert-manager to automate the creation of KES certificates.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

[cesnietor]

@pjuarezd is this already fixed?

[pjuarezd]

not sure, will research it