mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-09 07:33:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use duration and renewBefore to control API cert rotation

Browse Source 
These configuration knobs are much more human-understandable than the
previous percentage-based threshold flag.

We now allow users to set the lifetime of the serving cert via a ConfigMap.
Previously this was hardcoded to 1 year.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
2020-08-20 15:17:18 -04:00
parent 3929fa672e
commit 39c299a32d
14 changed files with 190 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/integration/api_serving_certs_test.go
View File

@@ -58,7 +58,7 @@ func TestAPIServingCertificateAutoCreationAndRotation(t *testing.T) {
return err
}
secret.Data["caCertificate"], err = createExpiredCertificate()
secret.Data["tlsCertificateChain"], err = createExpiredCertificate()
if err != nil {
return err
}