91c8f747f4
This change updates our certificate code to use the same 5 minute backdate that is used by the Kubernetes controller manager. This helps to account for clock skews between the API servers and the kubelets that are running the pinniped pods. While this backdating reflects a large percentage of the lifetime of our short lived certificates (100% for the 5 minute client certificates), even a 10 minute irrevocable client certificate is within our limits. When we move to the CSR based short lived certificates, they will always have at least a 15 minute lifetime (5 minute backdating plus 10 minute minimum valid duration). Signed-off-by: Monis Khan <mok@vmware.com> |
||
|---|---|---|
| .. | ||
| dynamiccertauthority | ||
| testdata | ||
| certauthority_test.go | ||
| certauthority.go | ||