address review comments

2021-09-24 11:47:10 -07:00 · 2021-09-24 11:47:10 -07:00 · 4307e834df
parent 18d89d565c
commit 4307e834df
6 changed files with 8 additions and 6 deletions
--- a/cmd/minikube/cmd/start_flags.go
+++ b/cmd/minikube/cmd/start_flags.go
@ -170,7 +170,7 @@ func initMinikubeFlags() {
 	startCmd.Flags().StringVarP(&outputFormat, "output", "o", "text", "Format to print stdout in. Options include: [text,json]")
 	startCmd.Flags().StringP(trace, "", "", "Send trace events. Options include: [gcp]")
 	startCmd.Flags().Int(extraDisks, 0, "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit and kvm2 drivers)")
-	startCmd.Flags().Duration(certExpiration, time.Hour*24*365, "Duration until minikube certificate expiration, defaults to one year.")
+	startCmd.Flags().Duration(certExpiration, constants.DefaultCertExpiration, "Duration until minikube certificate expiration, defaults to three years (26280h).")
 }

 // initKubernetesFlags inits the commandline flags for Kubernetes related options
@ -584,7 +584,7 @@ func upgradeExistingConfig(cmd *cobra.Command, cc *config.ClusterConfig) {
 	}

 	if cc.CertExpiration == 0 {
-		cc.CertExpiration = pkgutil.DefaultCertExpiration
+		cc.CertExpiration = constants.DefaultCertExpiration
 	}

 }
--- a/pkg/minikube/bootstrapper/certs.go
+++ b/pkg/minikube/bootstrapper/certs.go
@ -493,6 +493,7 @@ func canRead(path string) bool {
 }

 // isValid checks a cert/key path and makes sure it's still valid
+// if a cert is expired or otherwise invalid, it will be deleted
 func isValid(certPath, keyPath string) bool {
 	if !canRead(keyPath) {
 		return false
--- a/pkg/minikube/bootstrapper/certs_test.go
+++ b/pkg/minikube/bootstrapper/certs_test.go
@ -33,7 +33,7 @@ func TestSetupCerts(t *testing.T) {
 	defer tests.RemoveTempDir(tempDir)

 	k8s := config.ClusterConfig{
-		CertExpiration: util.DefaultCertExpiration,
+		CertExpiration: constants.DefaultCertExpiration,
 		KubernetesConfig: config.KubernetesConfig{
 			APIServerName: constants.APIServerName,
 			DNSDomain:     constants.ClusterDNSDomain,
--- a/pkg/minikube/constants/constants.go
+++ b/pkg/minikube/constants/constants.go
@ -116,6 +116,9 @@ const (
 	TimeFormat = time.RFC1123
 	// MaxResources is the value that can be passed into the memory and cpus flags to specify to use maximum resources
 	MaxResources = "max"
+
+	// DefaultCertExpiration is the amount of time in the future a certificate will expire in by default, which is 3 years
+	DefaultCertExpiration = time.Hour * 24 * 365 * 3
 )

 var (
--- a/pkg/util/crypto.go
+++ b/pkg/util/crypto.go
@ -35,8 +35,6 @@ import (
 	"k8s.io/minikube/pkg/util/lock"
 )

-const DefaultCertExpiration = time.Hour * 24 * 365
-
 // GenerateCACert generates a CA certificate and RSA key for a common name
 func GenerateCACert(certPath, keyPath string, name string) error {
 	priv, err := rsa.GenerateKey(rand.Reader, 2048)
--- a/pkg/util/crypto_test.go
+++ b/pkg/util/crypto_test.go
@ -140,7 +140,7 @@ func TestGenerateSignedCert(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			err := GenerateSignedCert(
 				certPath, keyPath, "minikube", ips, alternateDNS, test.signerCertPath,
-				test.signerKeyPath, DefaultCertExpiration,
+				test.signerKeyPath, constants.DefaultCertExpiration,
 			)
 			if err != nil && !test.err {
 				t.Errorf("GenerateSignedCert() error = %v", err)