github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2025-06-25 22:51:40 +00:00
Code Issues Projects Releases Wiki Activity

Make CA valid 1 hour in the past

Browse Source 
When running kubeadm / installing k8s early during boot,
the CA certificate can be generated before time is synchronised
and time is jumped backward.
Make notBefore 1 hour in the past to accept small clock jump.

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

Kubernetes-commit: e1735b9863777ff11ac35434e047c38dcce4b4f3
This commit is contained in:
Etienne Champetier 2023-06-13 01:04:28 -04:00 committed by Kubernetes Publisher
parent 92512ee2b8
commit d606148375
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
util/cert/cert.go
View File

@ -71,7 +71,7 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
Organization: cfg.Organization,
},
DNSNames: []string{cfg.CommonName},
NotBefore: now.UTC(),
NotBefore: now.Add(-time.Hour).UTC(), // valid an hour earlier to avoid flakes
NotAfter: now.Add(duration365d * 10).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,