From 41772d0c33f8be7f557a9462fcb2bf8634eec83c Mon Sep 17 00:00:00 2001
From: Lev Veyde <lveyde@redhat.com>
Date: Sun, 13 Jan 2019 13:29:30 +0200
Subject: [PATCH] Fix the Kubelet certificate short validity issue

The default validity period is set to just 30 minutes, which is
just too short.

This patch increases the validity period to 10 years, to be the
same as the default validity period of the admin certificate.

Signed-off-by: Lev Veyde <lveyde@redhat.com>
---
 pkg/asset/tls/kubeletcertkey.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/asset/tls/kubeletcertkey.go b/pkg/asset/tls/kubeletcertkey.go
index 7da2c4cd28e..298292b3d78 100644
--- a/pkg/asset/tls/kubeletcertkey.go
+++ b/pkg/asset/tls/kubeletcertkey.go
@@ -32,7 +32,7 @@ func (a *KubeletCertKey) Generate(dependencies asset.Parents) error {
 		Subject:      pkix.Name{CommonName: "system:serviceaccount:openshift-machine-config-operator:node-bootstrapper", Organization: []string{"system:serviceaccounts:openshift-machine-config-operator"}},
 		KeyUsages:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
-		Validity:     ValidityThirtyMinutes,
+		Validity:     ValidityTenYears,
 	}
 
 	return a.CertKey.Generate(cfg, kubeCA, "kubelet", DoNotAppendParent)