Fix the Kubelet certificate short validity issue

The default validity period is set to just 30 minutes, which is just too short. This patch increases the validity period to 10 years, to be the same as the default validity period of the admin certificate. Signed-off-by: Lev Veyde <[email protected]>
lveyde · Jan 13, 2019 · 41772d0 · 41772d0
1 parent 6880b3e
commit 41772d0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/asset/tls/kubeletcertkey.go b/pkg/asset/tls/kubeletcertkey.go
@@ -32,7 +32,7 @@ func (a *KubeletCertKey) Generate(dependencies asset.Parents) error {
 		Subject:      pkix.Name{CommonName: "system:serviceaccount:openshift-machine-config-operator:node-bootstrapper", Organization: []string{"system:serviceaccounts:openshift-machine-config-operator"}},
 		KeyUsages:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
-		Validity:     ValidityThirtyMinutes,
+		Validity:     ValidityTenYears,
 	}
 
 	return a.CertKey.Generate(cfg, kubeCA, "kubelet", DoNotAppendParent)