mmlb
commented
2 years ago @mactaggart this change lgtm but we need you to signoff on the commit as per https://github.com/tinkerbell/sandbox/blob/main/CONTRIBUTING.md#dco-sign-off can you fix that up?
Closed mactaggart closed 2 years ago
mmlb
commented
2 years ago @mactaggart this change lgtm but we need you to signoff on the commit as per https://github.com/tinkerbell/sandbox/blob/main/CONTRIBUTING.md#dco-sign-off can you fix that up?
mactaggart
commented
2 years ago @mmlb ok; fixed
Description
Updates cfssl configs to backdate generated certificates
Why is this needed
In some cases, a machine being provisioned may not be in time sync with the provisioner. In these cases, linuxkit is unable to download the tink-worker image from the registry because the registry's certificate is in the future. (not yet valid) Setting a backdate of anything over 24hrs will account for differences in timezone between target machine and provisioner.
Fixes: #
How Has This Been Tested?
These configuration were used to successfully provision multiple bare metal servers.
How are existing users impacted? What migration steps/scripts do we need?
This should not impact existing users or require mitigation steps.
Checklist:
I have: