Description of problem: etcdcertsignercontroller defines signing period of 10 years[1]. But this is a regression as we defined these certs for 3 years in the past[2]. [1] https://github.com/openshift/cluster-etcd-operator/blob/master/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go#L36 [2]https://github.com/openshift/installer/blob/release-4.3/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template#L295 Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: certs are signed for 10 years. Expected results: certs are signed for the documented duration of 3 years. Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409