Certificate Signing Request and Renewals

[Omar Aloraini]

In KEP 1513 The proposal reads:

"We intend to provision initial and renewed certificates in Kubernetes"

Was certificate renewal discussed previously? It seems like useful addition for the API. Something like .spec.renewable boolean.

I'm writing a controller and I was under the assumption that I can modify .status.certificate but I got an error, and I checked the KEP and it's not allowed in the design.