justinsb
commented
4 years ago This is now reliably testing etcd-manager testing, merging so we can get it under kops testing.
/approve /lgtm
Closed justinsb closed 4 years ago
justinsb
commented
4 years ago This is now reliably testing etcd-manager testing, merging so we can get it under kops testing.
/approve /lgtm
We raise the minimum required time to 20 years, effectively ensuring that we won't reuse certificates.
We also now issue them for 2 years, to allow for the longer time horizons of LTS kubernetes support.
Both these values can be customized through env vars, the defaults correspond to these env vars:
ETCD_MANAGER_CERT_DURATION=2y ETCD_MANAGER_CERT_MIN_TIME_LEFT=20y