From 4c593b268a24c32adde0939286370d46f5975f86 Mon Sep 17 00:00:00 2001
From: Shihang Zhang <zshihang@google.com>
Date: Fri, 16 Oct 2020 17:57:46 -0700
Subject: [PATCH] default `service-account-extend-token-expiration` to true

---
 cmd/kube-apiserver/app/options/options_test.go | 3 ++-
 pkg/kubeapiserver/options/authentication.go    | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go
index a412f37e10f..f16c59ed8ee 100644
--- a/cmd/kube-apiserver/app/options/options_test.go
+++ b/cmd/kube-apiserver/app/options/options_test.go
@@ -273,7 +273,8 @@ func TestAddFlags(t *testing.T) {
 			},
 			RequestHeader: &apiserveroptions.RequestHeaderAuthenticationOptions{},
 			ServiceAccounts: &kubeoptions.ServiceAccountAuthenticationOptions{
-				Lookup: true,
+				Lookup:           true,
+				ExtendExpiration: true,
 			},
 			TokenFile:            &kubeoptions.TokenFileAuthenticationOptions{},
 			TokenSuccessCacheTTL: 10 * time.Second,
diff --git a/pkg/kubeapiserver/options/authentication.go b/pkg/kubeapiserver/options/authentication.go
index 910ae817493..72a1849fc7a 100644
--- a/pkg/kubeapiserver/options/authentication.go
+++ b/pkg/kubeapiserver/options/authentication.go
@@ -165,7 +165,7 @@ func (o *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticatio
 
 // WithServiceAccounts set default value for service account authentication
 func (o *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions {
-	o.ServiceAccounts = &ServiceAccountAuthenticationOptions{Lookup: true}
+	o.ServiceAccounts = &ServiceAccountAuthenticationOptions{Lookup: true, ExtendExpiration: true}
 	return o
 }