Merge pull request #577 from marun/4.2-automated-rotation

Bug 1774156: 4.2 cherry-picks in support of automated service ca rotation

Author: openshift-merge-robot

servicecertsigner/v1alpha1/types.go

@@ -22,6 +22,16 @@ type ServiceServingCertSignerConfig struct {
 
 	// signer holds the signing information used to automatically sign serving certificates.
 	Signer configv1.CertInfo `json:"signer"`
+
+	// IntermediateCertFile is the name of a file containing a
+	// PEM-encoded certificate. Only required if the initial CA has
+	// been rotated. The certificate should consist of the public key
+	// of the current CA signed by the private key of the previous
+	// CA. When included with a serving cert generated by the current
+	// CA, this certificate should allow clients with a stale CA bundle
+	// to trust the serving cert.
+	// +optional
+	IntermediateCertFile string `json:"intermediateCertFile"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object