ContainerImage.Pinniped/internal/controller
Monis Khan 91c8f747f4
certauthority: tolerate larger clock skew between API server and pinniped
This change updates our certificate code to use the same 5 minute
backdate that is used by the Kubernetes controller manager.  This
helps to account for clock skews between the API servers and the
kubelets that are running the pinniped pods.  While this backdating
reflects a large percentage of the lifetime of our short lived
certificates (100% for the 5 minute client certificates), even a 10
minute irrevocable client certificate is within our limits.  When
we move to the CSR based short lived certificates, they will always
have at least a 15 minute lifetime (5 minute backdating plus 10 minute
minimum valid duration).

Signed-off-by: Monis Khan <mok@vmware.com>
2021-09-21 09:32:24 -04:00
..
apicerts Add leader election middleware 2021-08-20 12:18:25 -04:00
authenticator jwtcachefiller: update to use CAContentProvider 2021-08-09 19:16:25 -04:00
conditionsutil Split package upstreamwatchers into four packages 2021-05-12 14:00:39 -07:00
impersonatorconfig certauthority: tolerate larger clock skew between API server and pinniped 2021-09-21 09:32:24 -04:00
issuerconfig When merging CredentialIssuer updates, don't overwrite LastUpdated. 2021-05-27 17:09:12 -05:00
kubecertagent kubecertagent: fix flakey tests 2021-09-16 14:48:04 -04:00
supervisorconfig Remove unused functions 2021-09-08 10:34:42 -07:00
supervisorstorage Add leader election middleware 2021-08-20 12:18:25 -04:00
controller_test.go Clean this test up a trivial amount using require.Implementsf(). 2020-12-17 08:38:16 -06:00
utils.go Upstream Watcher Controller Syncs less often by adjusting its filters 2020-12-18 15:41:18 -08:00