You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`operator.args.startupLogFilter`| Log filtering settings for startup logs |``"INFO,mz_orchestratord=TRACE"``|
147
+
|`operator.args.webhookCertReloadInterval`| How often orchestratord reloads its webhook TLS certificate from disk and, when the CA changes, refreshes the conversion webhook's CA bundle. Must be shorter than the certificate's lifetime. Accepts a humantime duration (e.g. "1h", "30m"). Leave null to use the binary default. |``nil``|
148
+
|`operator.certificate.caDuration`| Lifetime of the root CA that signs the webhook serving certificate, when `source` is "cert-manager". The serving certificate is signed by this CA, so the CA outlives individual serving-certificate rotations. |``"87600h"``|
149
+
|`operator.certificate.caRenewBefore`| How long before the root CA expires to renew it. Must be less than `caDuration`. |``"8760h"``|
147
150
|`operator.certificate.secretName`| Name of a secret in the operator's namespace containing ca.crt, tls.crt, and tls.key entries. Only used if `source` is "secret". |``nil``|
148
151
|`operator.certificate.source`| Where to obtain the certificate for orchestratord. Valid values are 'cert-manager' and 'secret'. |``"cert-manager"``|
149
152
|`operator.cloudProvider.providers.aws.accountID`| When using AWS, accountID is required |``""``|
0 commit comments