New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: increase validity of client cert used for boostrapping masters to 1 day #1044

Merged

openshift-merge-robot merged 1 commit into openshift:master from abhinavdahiya:bump_bootstrap_kubeconfig

Jan 12, 2019

Contributor

abhinavdahiya commented Jan 10, 2019 •

edited by wking

Loading

The 30 minutes validity was necessary as before #879 the client certificate provided
cluster admin rights. But after #879 the client certificate only has access to CSR endpoint.

Therefore, we can safely increase the validity to something longer.

Fixes #650.


          tls: increase validity of client cert used for boostrapping masters t…

d6b850c

…o 1 day

The 30 minutes validity was necessary as before openshift#879 the client certificate provided
cluster admin rights. But after openshift#879 the client certificate only has access to CSR endpoint.

Therefore, we can safely increase the validity to something longer.

openshift-ci-robot requested a review from crawford

January 10, 2019 18:41

openshift-ci-robot added size/XS approved labels

Member

wking commented Jan 10, 2019

/approve

abhinavdahiya added this to the Freeze milestone

Member

wking commented Jan 10, 2019

Reasonable feedback window has passed ;).

/lgtm

openshift-ci-robot assigned wking

openshift-ci-robot added the lgtm label

Contributor

crawford commented Jan 10, 2019

/lgtm

openshift-ci-robot assigned crawford

Contributor

openshift-ci-robot commented Jan 10, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, crawford, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [abhinavdahiya,crawford,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Contributor

openshift-bot commented Jan 10, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

7 similar comments

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor

openshift-bot commented Jan 11, 2019

/retest

Please review the full test history for this PR and help us cut down flakes.

Contributor Author

abhinavdahiya commented Jan 11, 2019

/retest

openshift-merge-robot merged commit 761e172 into openshift:master

wking mentioned this pull request

Fix the Kubelet certificate short validity issue #1061

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment