CA certificate is too short using Vault to manage SSL certs

[mhonorio]

Is your feature request related to a problem? Please describe.
No.

Describe the solution you'd like
When using Vault to manage TLS certificate, after one month vault-agent starts to fail with vault cannot satisfy request, as TTL would result in notAfter because by default max-ttl is only one month, no matter if we put 8760h here: https://github.com/rabbitmq/cluster-operator/blob/main/docs/examples/vault-tls/setup.sh#L12

My suggestion is to include the following line after enabling pki secrets:

vault_exec "vault secrets tune -default-lease-ttl=8760h -max-lease-ttl=8760h pki/"

Describe alternatives you've considered
Even one year is short for me for CA certificates. In my production RabbitMQ clusters I've set 87600h which is 10 years.

[DanielePalaia]

Hi @mhonorio Thank you very much for your suggestion on this. Keep in mind that the examples we provide in the documentation folder are just intended to show how the RabbitMQ operator works and can be integrated with Vault and other systems and not to provide best practices on how Vault manage leases and other functionalities. We decided anyway to mention it in the README of the example to avoid confusion: #1157