Updates cfssl configs to backdate generated certificates
Why is this needed
In some cases, a machine being provisioned may not be in time sync with the provisioner. In these cases, linuxkit is unable to download the tink-worker image from the registry because the registry's certificate is in the future. (not yet valid) Setting a backdate of anything over 24hrs will account for differences in timezone between target machine and provisioner.
Fixes: #
How Has This Been Tested?
These configuration were used to successfully provision multiple bare metal servers.
How are existing users impacted? What migration steps/scripts do we need?
This should not impact existing users or require mitigation steps.
Checklist:
I have:
[ ] updated the documentation and/or roadmap (if required)
Description
Updates cfssl configs to backdate generated certificates
Why is this needed
In some cases, a machine being provisioned may not be in time sync with the provisioner. In these cases, linuxkit is unable to download the tink-worker image from the registry because the registry's certificate is in the future. (not yet valid) Setting a backdate of anything over 24hrs will account for differences in timezone between target machine and provisioner.
Fixes: #
How Has This Been Tested?
These configuration were used to successfully provision multiple bare metal servers.
How are existing users impacted? What migration steps/scripts do we need?
This should not impact existing users or require mitigation steps.
Checklist:
I have: