diff --git a/pkg/kubelet/certificate/certificate_manager_test.go b/pkg/kubelet/certificate/certificate_manager_test.go
index ca493d810a8..f6c5c913be5 100644
--- a/pkg/kubelet/certificate/certificate_manager_test.go
+++ b/pkg/kubelet/certificate/certificate_manager_test.go
@@ -202,21 +202,22 @@ func TestSetRotationDeadline(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		for i := 0; i < 1000; i++ {
-			t.Run(tc.name, func(t *testing.T) {
-				m := manager{
-					cert: &tls.Certificate{
-						Leaf: &x509.Certificate{
-							NotBefore: tc.notBefore,
-							NotAfter:  tc.notAfter,
-						},
+		t.Run(tc.name, func(t *testing.T) {
+			m := manager{
+				cert: &tls.Certificate{
+					Leaf: &x509.Certificate{
+						NotBefore: tc.notBefore,
+						NotAfter:  tc.notAfter,
 					},
-					template: &x509.CertificateRequest{},
-					usages:   []certificates.KeyUsage{},
-				}
+				},
+				template: &x509.CertificateRequest{},
+				usages:   []certificates.KeyUsage{},
+			}
+			lowerBound := tc.notBefore.Add(time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.7))
+			upperBound := tc.notBefore.Add(time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.9))
+			for i := 0; i < 1000; i++ {
+				// setRotationDeadline includes jitter, so this needs to run many times for validation.
 				m.setRotationDeadline()
-				lowerBound := tc.notBefore.Add(time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.7))
-				upperBound := tc.notBefore.Add(time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.9))
 				if m.rotationDeadline.Before(lowerBound) || m.rotationDeadline.After(upperBound) {
 					t.Errorf("For notBefore %v, notAfter %v, the rotationDeadline %v should be between %v and %v.",
 						tc.notBefore,
@@ -225,8 +226,8 @@ func TestSetRotationDeadline(t *testing.T) {
 						lowerBound,
 						upperBound)
 				}
-			})
-		}
+			}
+		})
 	}
 }