Set etcd cert validity to 2 hours

openshift · Mar 7, 2024 · dc14ba9 · dc14ba9
1 parent 2f6e1de
commit dc14ba9
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/pkg/tlshelpers/tlshelpers.go b/pkg/tlshelpers/tlshelpers.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"crypto/x509"
 	"fmt"
+	"time"
+
 	"github.com/openshift/cluster-etcd-operator/pkg/dnshelpers"
 	"github.com/openshift/cluster-etcd-operator/pkg/operator/operatorclient"
 	"github.com/openshift/library-go/pkg/operator/certrotation"
@@ -14,18 +16,17 @@ import (
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	corev1listers "k8s.io/client-go/listers/core/v1"
-	"time"
 
 	"github.com/openshift/library-go/pkg/crypto"
 	"go.etcd.io/etcd/client/pkg/v3/tlsutil"
 	"k8s.io/klog/v2"
 )
 
 const (
-	etcdCertValidity          = 3 * 365 * 24 * time.Hour
-	etcdCertValidityRefresh   = 2.5 * 365 * 24 * time.Hour
-	etcdCaCertValidity        = 5 * 365 * 24 * time.Hour
-	etcdCaCertValidityRefresh = 4.5 * 365 * 24 * time.Hour
+	etcdCertValidity          = 2 * time.Hour
+	etcdCertValidityRefresh   = 70 * time.Minute
+	etcdCaCertValidity        = 3 * time.Hour
+	etcdCaCertValidityRefresh = 100 * time.Minute
 
 	EtcdJiraComponentName                  = "etcd"
 	EtcdSignerCertSecretName               = "etcd-signer"