From 13eb81bf30411f3ef446b4b62c6a941f10aa8f34 Mon Sep 17 00:00:00 2001
From: Dario Tranchitella <dario@tranchitella.eu>
Date: Fri, 25 Oct 2024 19:22:21 +0200
Subject: [PATCH] docs: dynamic certificate expiration deadline

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---
 docs/content/guides/certs-lifecycle.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/content/guides/certs-lifecycle.md b/docs/content/guides/certs-lifecycle.md
index bcaf7169..5a72cb24 100644
--- a/docs/content/guides/certs-lifecycle.md
+++ b/docs/content/guides/certs-lifecycle.md
@@ -94,7 +94,10 @@ k8s-126-576c775b5d-jmvlm   4/4     Running   0          50s
 The Kamaji operator will run a controller which processes all the Secrets to determine their expiration, both for the `kubeconfig`, as well as for the certificates.
 
 The controller, named `CertificateLifecycle`, will extract the certificates from the _Secret_ objects notifying the `TenantControlPlaneReconciler` controller which will start a new certificate rotation.
-The rotation will occur the day before their expiration. 
+By default, the rotation will occur the day before their expiration.
+
+This rotation deadline can be dynamically configured using the Kamaji CLI flag `--certificate-expiration-deadline` using the Go _Duration_ syntax:
+e.g.: set the value `7d` to trigger the renewal a week before the effective expiration date.
 
 > Nota Bene:
 >