allow setting certValidityDuration

[eatwithforks]

having certs valid for 10 years seems sketchy and we want to test the rotation works by setting it to 5 minutes.

[ritazh]

There was no particular reasons for why 10 years. I think we discussed this in the past where it can be made configurable.

[maxsmythe]

From the G8r community meeting notes:

Changes required (in order)

• Document the generation and rotation algorithms
• Support keeping the old public key in the VWH config when rotating to also support the new public key
  • necessary to avoid downtime due to key rotation
• Use 1 secret per webhook pod to store the public/private key pair
  • necessary to avoid updating the key pair for all webhook pods at the same time
• Add validity duration flags and validity check lookahead time flags so users can control validity duration and the expected time at which certs will be rotated
• Consider changing the default validity period after getting feedback from everyone on the risk/reward tradeoffs of different periods
• TODO file issues for the above and continue to discuss