From ca222ecf92b769fd67f3f7c4bf267d986115593d Mon Sep 17 00:00:00 2001
From: kevinliu24 <kevin.liu@vesoft.com>
Date: Tue, 11 Jun 2024 15:29:28 +0800
Subject: [PATCH] Fix default certificate validity

---
 .../templates/controller-manager-deployment.yaml              | 2 +-
 cmd/certificate-generator/app/certificate-generator.go        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/nebula-operator/templates/controller-manager-deployment.yaml b/charts/nebula-operator/templates/controller-manager-deployment.yaml
index 6ef55521..3eb51568 100644
--- a/charts/nebula-operator/templates/controller-manager-deployment.yaml
+++ b/charts/nebula-operator/templates/controller-manager-deployment.yaml
@@ -45,7 +45,7 @@ spec:
             - --webhook-server-name={{ template "admission-webhook.name" . }}-validating
             - --webhook-names={{ template "controller-manager-admission-webhook.name" . }}-service,{{ template "autoscaler-admission-webhook.name" . }}-service
             - --certificate-dir=/tmp/k8s-webhook-server/serving-certs
-            - --certificate-validity=5
+            - --certificate-validity=1
             - --secret-namespace={{ template "nebula-operator.namespace" . }}
             - --secret-name={{ template "admission-webhook.name" . }}-secret
             - --kube-domain={{ default "cluster.local" .Values.kubernetesClusterDomain }}
diff --git a/cmd/certificate-generator/app/certificate-generator.go b/cmd/certificate-generator/app/certificate-generator.go
index cbb2880b..7a04d4bf 100644
--- a/cmd/certificate-generator/app/certificate-generator.go
+++ b/cmd/certificate-generator/app/certificate-generator.go
@@ -135,12 +135,12 @@ func Run(ctx context.Context, opts *options.Options) error {
 }
 
 func rotateCertificate(clientset *kubernetes.Clientset, opts *options.Options) error {
-	//opts.CertValidity = opts.CertValidity * 24 * 60
+	opts.CertValidity = opts.CertValidity * 24 * 60
 
 	klog.Infof("Starting cert rotation cron job for webhook [%v/%v]", opts.WebhookNamespace, opts.WebhookServerName)
 	c := cron.New()
 	// rotate cert 1 hour before expiration date
-	c.AddFunc(fmt.Sprintf("@every %vm", opts.CertValidity-1), func() {
+	c.AddFunc(fmt.Sprintf("@every %vm", opts.CertValidity-60), func() {
 		err := doCertRotation(clientset, opts)
 		if err != nil {
 			klog.Errorf("Error rotating certificate for webhook [%v/%v]: %v", opts.WebhookNamespace, opts.WebhookServerName, err)