1. Proposed title of this feature request

Change the validity period of Service CA Certificate more than 26 months for EUS Term

2. What is the nature and description of the request?

Currently the design of OpenShift Service CA Certificate is valid for 26 months is the stale definition for original 9 months lifecycle, it supposes the customer will update the cluster and reboot the nodes in one year. However in the latest OpenShift lifecycle policy, it is too short for the EU'S Term 1 (lifecycle 24 months) and EUS Term 2 users (lifecycle 36 months). It means the customer must restart the nodes, recreate or delete the pods of the user workloads.

[Source code definition]

https://github.com/openshift/service-ca-operator/blob/release-4.18/pkg/operator/rotate.go#L19-L42

 
[KB] Do I need to restart OpenShift component Pods to reload service-ca certificates regularly
https://access.redhat.com/solutions/7075458

3. Why does the customer need this? (List the business requirements here)

The customer chose the OpenShift EUS versions for purchasing premium subscription EUS Term 1 and paid for EUS Term 2. However due the service-ca certificate valid period is too short that it still needs to recreate or delete the pods of the workloads for keeping the applications working without any unwanted suppend.

4. List any affected packages or components.

service-ca operator