Skip to content

Fix the Kubelet certificate short validity issue #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lveyde wants to merge 1 commit into from
Closed

Fix the Kubelet certificate short validity issue #1061

lveyde wants to merge 1 commit into from

Conversation

@lveyde
Copy link
Contributor

@lveyde lveyde commented Jan 13, 2019

The default validity period is set to just 30 minutes, which is
just too short.

This patch increases the validity period to 10 years, to be the
same as the default validity period of the admin certificate.

Signed-off-by: Lev Veyde lveyde@redhat.com

@lveyde
Fix the Kubelet certificate short validity issue
41772d0 
The default validity period is set to just 30 minutes, which is
just too short.

This patch increases the validity period to 10 years, to be the
same as the default validity period of the admin certificate.

Signed-off-by: Lev Veyde <lveyde@redhat.com>
@openshift-ci-robot openshift-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 13, 2019
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 13, 2019

@lveyde: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 13, 2019
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 13, 2019

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lveyde
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: steveej

If they are not already assigned, you can assign the PR to them by writing /assign @steveej in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jan 13, 2019
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 13, 2019

Hi @lveyde. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking
Copy link
Member

wking commented Jan 13, 2019

The default validity period is set to just 30 minutes, which is just too short.

It's a day since #1044. If you feel that is still insufficient, please comment in #650 with your reasoning, but we're unlikely to grant CSR-authorized certs to the kubelet for ten years (as mentioned in #1044).

/close

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 13, 2019

@wking: Closed this PR.

Details

In response to this:

The default validity period is set to just 30 minutes, which is just too short.

It's a day since #1044. If you feel that is still insufficient, please comment in #650 with your reasoning, but we're unlikely to grant CSR-authorized certs to the kubelet for ten years (as mentioned in #1044).

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhinavdahiya abhinavdahiya Awaiting requested review from abhinavdahiya

@flaper87 flaper87 Awaiting requested review from flaper87

Assignees

No one assigned

Labels

needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lveyde @openshift-ci-robot @wking