1.Alignment of Loki Certificate Rotation with OpenShift Cluster Alerts.

2.Loki certificates must be rotated automatically before they reach the cluster alert threshold of 30 days to expiration (for certificates with total duration ≥ 90 days). This ensures that alerts only trigger if automatic rotation fails. Observations suggest Loki may have a built-in rotation mechanism (~25 days before expiry), which should be verified and, if needed, configured to match the cluster-wide threshold.

3. business requirements -

Prevent False-Positive Alerts:  Ensure Loki certificate expiration alerts only fire if automatic rotation fails, avoiding unnecessary operational overhead.
Consistency Across the Cluster: Align Loki’s certificate rotation with the cluster-wide standard (certificates ≥90 days duration, alert at <30 days remaining) for predictable behavior.
Reduce Operational Risk: Automatic rotation before the alert threshold minimizes the risk of expired certificates causing service disruptions.
Visibility and Monitoring: Confirm or adjust Loki’s built-in rotation mechanism to provide accurate and actionable alerting for the operations team.