diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go index ca08701447..ba87db888e 100644 --- a/cmd/minikube/cmd/start_flags.go +++ b/cmd/minikube/cmd/start_flags.go @@ -170,7 +170,7 @@ func initMinikubeFlags() { startCmd.Flags().StringVarP(&outputFormat, "output", "o", "text", "Format to print stdout in. Options include: [text,json]") startCmd.Flags().StringP(trace, "", "", "Send trace events. Options include: [gcp]") startCmd.Flags().Int(extraDisks, 0, "Number of extra disks created and attached to the minikube VM (currently only implemented for hyperkit and kvm2 drivers)") - startCmd.Flags().Duration(certExpiration, time.Hour*24*365, "Duration until minikube certificate expiration, defaults to one year.") + startCmd.Flags().Duration(certExpiration, constants.DefaultCertExpiration, "Duration until minikube certificate expiration, defaults to three years (26280h).") } // initKubernetesFlags inits the commandline flags for Kubernetes related options @@ -584,7 +584,7 @@ func upgradeExistingConfig(cmd *cobra.Command, cc *config.ClusterConfig) { } if cc.CertExpiration == 0 { - cc.CertExpiration = pkgutil.DefaultCertExpiration + cc.CertExpiration = constants.DefaultCertExpiration } } diff --git a/pkg/minikube/bootstrapper/certs.go b/pkg/minikube/bootstrapper/certs.go index b72d51be9d..ff843bea5b 100644 --- a/pkg/minikube/bootstrapper/certs.go +++ b/pkg/minikube/bootstrapper/certs.go @@ -493,6 +493,7 @@ func canRead(path string) bool { } // isValid checks a cert/key path and makes sure it's still valid +// if a cert is expired or otherwise invalid, it will be deleted func isValid(certPath, keyPath string) bool { if !canRead(keyPath) { return false diff --git a/pkg/minikube/bootstrapper/certs_test.go b/pkg/minikube/bootstrapper/certs_test.go index c23935cecf..b0c4e255d1 100644 --- a/pkg/minikube/bootstrapper/certs_test.go +++ b/pkg/minikube/bootstrapper/certs_test.go @@ -33,7 +33,7 @@ func TestSetupCerts(t *testing.T) { defer tests.RemoveTempDir(tempDir) k8s := config.ClusterConfig{ - CertExpiration: util.DefaultCertExpiration, + CertExpiration: constants.DefaultCertExpiration, KubernetesConfig: config.KubernetesConfig{ APIServerName: constants.APIServerName, DNSDomain: constants.ClusterDNSDomain, diff --git a/pkg/minikube/constants/constants.go b/pkg/minikube/constants/constants.go index 162f9027fc..791c41558a 100644 --- a/pkg/minikube/constants/constants.go +++ b/pkg/minikube/constants/constants.go @@ -116,6 +116,9 @@ const ( TimeFormat = time.RFC1123 // MaxResources is the value that can be passed into the memory and cpus flags to specify to use maximum resources MaxResources = "max" + + // DefaultCertExpiration is the amount of time in the future a certificate will expire in by default, which is 3 years + DefaultCertExpiration = time.Hour * 24 * 365 * 3 ) var ( diff --git a/pkg/util/crypto.go b/pkg/util/crypto.go index 067b9800c9..5222957390 100644 --- a/pkg/util/crypto.go +++ b/pkg/util/crypto.go @@ -35,8 +35,6 @@ import ( "k8s.io/minikube/pkg/util/lock" ) -const DefaultCertExpiration = time.Hour * 24 * 365 - // GenerateCACert generates a CA certificate and RSA key for a common name func GenerateCACert(certPath, keyPath string, name string) error { priv, err := rsa.GenerateKey(rand.Reader, 2048) diff --git a/pkg/util/crypto_test.go b/pkg/util/crypto_test.go index cac5c1db86..b6db864368 100644 --- a/pkg/util/crypto_test.go +++ b/pkg/util/crypto_test.go @@ -140,7 +140,7 @@ func TestGenerateSignedCert(t *testing.T) { t.Run(test.description, func(t *testing.T) { err := GenerateSignedCert( certPath, keyPath, "minikube", ips, alternateDNS, test.signerCertPath, - test.signerKeyPath, DefaultCertExpiration, + test.signerKeyPath, constants.DefaultCertExpiration, ) if err != nil && !test.err { t.Errorf("GenerateSignedCert() error = %v", err)