From ae37a6ecbb960e1fa407e09184253f75e6ce79c5 Mon Sep 17 00:00:00 2001 From: irbekrm Date: Wed, 26 Jan 2022 16:48:34 +0000 Subject: [PATCH] Adds a note about denied CertificateRequests Signed-off-by: irbekrm --- design/20220118.certificate-issuance-exponential-backoff.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/design/20220118.certificate-issuance-exponential-backoff.md b/design/20220118.certificate-issuance-exponential-backoff.md index 4efa01852..6f5562390 100644 --- a/design/20220118.certificate-issuance-exponential-backoff.md +++ b/design/20220118.certificate-issuance-exponential-backoff.md @@ -211,6 +211,8 @@ To ensure that `Certificate`s whose issuance is currently failing don't get rene - In case of exponential backoff being applied, controller logs will be sufficient for users trying to debug this and understand when the next issuance will be attempted +- Applying exponential backoff in cases where issuance fails due to a denied `CertificateRequest` should not be treated differently to other failures (so exponential backoff should be applied). Currently they are treated the same and retried after 1 hour, so this is consistent with the existing behaviour + ## Feature Gate The current assumption is that exponential backoff would _not_ be placed behind a feature gate, however this should be considered.