-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: increase validity of client cert used for boostrapping masters to 1 day #1044
tls: increase validity of client cert used for boostrapping masters to 1 day #1044
Conversation
…o 1 day The 30 minutes validity was necessary as before openshift#879 the client certificate provided cluster admin rights. But after openshift#879 the client certificate only has access to CSR endpoint. Therefore, we can safely increase the validity to something longer.
/approve |
Reasonable feedback window has passed ;). /lgtm |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, crawford, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
7 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
The 30 minutes validity was necessary as before #879 the client certificate provided
cluster admin rights. But after #879 the client certificate only has access to CSR endpoint.
Therefore, we can safely increase the validity to something longer.
/cc @crawford
Fixes #650.