From 1cf4bd208575f03e5df5955e2d472710c07913b3 Mon Sep 17 00:00:00 2001
From: David Sullivan <david.sullivan@windriver.com>
Date: Mon, 29 Jul 2019 22:45:51 -0400
Subject: [PATCH] Set kubelet certificate rotation to 1 month

Use the experimental-cluster-signing-duration parameter to set the
kubelet certificate to expire after 1 month. Kubelet certificate
rotation is enabled by default.

Closes-Bug: 1834685
Change-Id: Ie5b91a86c1a1b536e51719dad99be0cc89d65722
Signed-off-by: David Sullivan <david.sullivan@windriver.com>
---
 puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb b/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb
index 38c5f270ff..a965f1342c 100644
--- a/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb
+++ b/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb
@@ -23,6 +23,7 @@ controllerManager:
     node-monitor-period: "2s"
     node-monitor-grace-period: "20s"
     pod-eviction-timeout: "30s"
+    experimental-cluster-signing-duration: "730h"
 etcd:
   external:
     endpoints: